SNMPv3 provides a fine-grained mechanism for defining which parts of the MIB can be accessed. This is referred to as the View-Based Access Control Model (VACM).
MIB views represent the basic building blocks of VACM. They are used to define a subset of the information in the MIB. Access to read, to write, and to generate notifications is based on the relationship between a MIB view and an access group. The users of the access group can then read, write, or receive notifications from the part of the MIB defined in the MIB view as configured in the access group.
A view name, a MIB subtree/mask, and an inclusion or exclusion define every MIB view. For example, there is a System group defined under the MIB-2 tree. The Object Identifier (OID) for MIB-2 is 22.214.171.124.2, and the System group is defined as MIB-2.1.1, or directly as 126.96.36.199.2.1.1.
When you create the MIB view, you can choose to include the MIB subtree/mask or to exclude the MIB subtree/mask.
In addition to the user-created MIB views, there are three default views: defaultUserView, defaultAdminView, and defaultNotifyView.
MIB views that are used by security groups cannot be deleted.
The mask can also be expressed in hex notation (used in the ExtremeXOS CLI):
which, in the CLI, is:
After the view has been created, you can repeatedly use the configure snmpv3 add mib-view command to include and/or exclude MIB subtree/mask combinations to precisely define the items you want to control access to.