Creating a new user group

Create a new user group to logically group users who require the same level of access. Create new access for a group in the View-based Access Control Model (VACM) table to provide access to managed objects.

Note

Note

There are several default groups (public and private) created that you can use. To see the list of default groups and their associated security names (secnames), enter show snmp-server group. If you use one of these groups, there is no need to create a new group.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Create a new user group:

    snmp-server group WORD <1-32> WORD<1-32> {auth-no-priv|auth-priv|no-auth-no-priv} [notify-view WORD<1-32>] [read-view WORD<1-32>] [write-view WORD<1-32>]

Example

This example uses the following variable names:
  • The new group name is lan6grp.

  • The context of the group is "", which represents the Global Router (VRF 0).

  • The security level is no-auth-no-priv.

  • The access view name is v1v2only for all three views: notify-view, read-view, and write-view.

Switch:1>enable

Switch:1#configure terminal

Create a new user group:

Switch:1(config)#snmp-server group lan6grp "" no-auth-no-priv notify-view v1v2only read-view v1v2only write-view v1v2only

Variable Definitions

The following table defines parameters for the snmp-server group command.

Variable

Value

auth-no-priv

Assigns the minimum level of security required to gain the access rights allowed by this conceptual row. If the auth-no-priv parameter is included, it creates one entry for SNMPv3 access.

auth-priv

Assigns the minimum level of security required to gain the access rights allowed by this conceptual row. If the auth-priv parameter is included, it creates one entry for SNMPv3 access.

group WORD<1-32> WORD<1-32>

The first WORD<1–32> specifies the group name for data access. The range is 1–32 characters. Use the no operator to remove this configuration.

The second WORD<1–32> specifies the context name. The range is 1–32 characters. If you use a particular group name value but with different context names, you create multiple entries for different contexts for the same group. You can omit the context name and use the default. If the context name value ends in the wildcard character (*), the resulting entries match a context name that begins with that context. For example, a context name value of foo* matches contexts starting with foo, such as foo6 and foofofum. Use the no operator to remove this configuration.

no-auth-no-priv

Assigns the minimum level of security required to gain the access rights allowed by this conceptual row. If the no-auth-no-priv parameter is included, it creates 3 entries, one for SNMPv1 access, one for SNMPv2c access, and one for SNMPv3 access.

notify-view WORD<1-32>

Specifies the view name in the range of 0–32 characters.

read-view WORD<1-32>

Specifies the view name in the range of 0–32 characters.

write-view WORD<1-32>

Specifies the view name in the range of 0–32 characters.