Managing Groups

Groups are used to manage access for the MIB. You use groups to define the security model, the security level, and the portion of the MIB that members of the group can read or write.

The security model and security level are discussed in Security Models and Levels. The view names associated with a group define a subset of the MIB (subtree) that can be accessed by members of the group. The read view defines the subtree that can be read, write view defines the subtree that can be written to, and notify view defines the subtree that notifications can originate from. MIB views are discussed in Setting SNMPv3 MIB Access Control.

A number of default groups are already defined. These groups are: admin, initial, v1v2c_ro, v1v2c_rw.

Enabling SNMPv3 default-group access activates the access to an SNMPv3 default group and the user- created SNMPv3-user part of default group.

Disabling SNMPv3 default-group access removes access to default-users and user-created users who are part of the default-group.

The user-created authenticated SNMPv3 users (who are part of a user-created group) are able to access the switch.

To underscore the access function of groups, groups are defined using the following command:
configure snmpv3 add access [[hex hex_group_name] | group_name] {sec-model [snmpv1 | snmpv2c | usm]} {sec-level [noauth | authnopriv | priv]} {read-view [[hex hex_read_view_name] | read_view_name]} {write-view [[hex hex_write_view_name]] | write_view_name]} {notify-view [[hex hex_notify_view_nam]] | notify_view_name]} {volatile}
To display information about the access configuration of a group or all groups, use the following command:
show snmpv3 access {[[hex hex_group_name] | group_name]}
To enable default-group, use the following command:
enable snmpv3 default-group
To disable a default-group, use the following command:
disable snmpv3 default-group
To associate users with groups, use the following command:
configure snmpv3 add group [[hex hex_group_name] | group_name] user [[hex hex_user_name] | user_name] {sec-model [snmpv1| snmpv2c | usm]} {volatile}
To show which users are associated with a group, use the following command:
show snmpv3 group {[[hex hex_group_name] | group_name] {user [[hex hex_user_name] | user_name]}}
To delete a group, use the following command:
configure snmpv3 delete access [all-non-defaults | {[[hex hex_group_name] | group_name] {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv | priv]}}]

When you delete a group, you do not remove the association between the group and users of the group.
To delete the association between a user and a group, use the following command:
configure snmpv3 delete group {[[hex hex_group_name] | group_name]} user [all-non-defaults | {[[hex hex_user_name] | user_name] {sec-model [snmpv1|snmpv2c|usm]}}]

Published March 2020prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback