Filter
Top Products
PowerConnect B-Series FCX Configuration Guide 1371
53-1002266-01
Using the user-based security model
40
NOTE
This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and
group views are created internally using community strings. (refer to “Establishing SNMP
community strings” on page 1366.) When a community string is created, two groups are created,
based on the community string name. One group is for SNMP version 1 packets, while the other is
for SNMP version 2 packets.
The group <groupname> parameter defines the name of the SNMP group to be created.
The v1, v2, or v3 parameter indicates which version of SNMP is used. In most cases, you will be
using v3, since groups are automatically created in SNMP versions 1 and 2 from community
strings.
The auth | noauth parameter determines whether or not authentication will be required to access
the supported views. If auth is selected, then only authenticated packets are allowed to access the
view specified for the user group. Selecting noauth means that no authentication is required to
access the specified view. Selecting priv means that an authentication password will be required
from the users.
The access <standard-ACL-id> parameter is optional. It allows incoming SNMP packets to be
filtered based on the standard ACL attached to the group.
The read <viewstring> | write <viewstring> parameter is optional. It indicates that users who
belong to this group have either read or write access to the MIB.
The <viewstring> variable is the name of the view to which the SNMP group members have access.
If no view is specified, then the group has no access to the MIB.
The value of <viewstring> is defined using the snmp-server view command. The SNMP agent
comes with the "all" default view, which provides access to the entire MIB; however, it must be
specified when creating the group. The "all" view also allows SNMP version 3 to be backwards
compatibility with SNMP version 1 and version 2.
NOTE
If you will be using a view other than the "all" view, that view must be configured before creating the
user group.Refer to the section “SNMP v3 Configuration examples” on page 1379, especially for
details on the include | exclude parameters.
Defining an SNMP user account
The snmp-server user command does the following:
• Creates an SNMP user.
• Defines the group to which the user will be associated.
• Defines the type of authentication to be used for SNMP access by this user.
• Specifies one of the following encryption types used to encrypt the privacy password:
• Data Encryption Standard (DES) – A symmetric-key algorithm that uses a 56-bit key.
• Advanced Encryption Standard (AES) – The 128-bit encryption standard adopted by the
U.S. government. This standard is a symmetric cipher algorithm chosen by the National
Institute of Standards and Technology (NIST) as the replacement for DES.
Here is an example of how to create an SNMP User account.