HPE FlexFabric 5930 Series Network Management And Monitoring Command Reference page 139
Hide thumbs
Also See for FlexFabric 5930 Series:
- Ip multicast configuration manual (391 pages) ,
- Command reference manual (62 pages)
Table of Contents
Advertisement
If no ACL is specified, or the specified ACL does not exist, all NMSs in the SNMP community can
access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP
community can access the SNMP agent.
Usage guidelines
This command is for SNMPv1 and SNMPv2c, and is supported only in non-FIPS mode.
To set and save a community name in plain text, do not specify the simple or cipher keyword.
You can create up to 10 SNMP communities by using the snmp-agent community command. To
create more SNMP communities, use the snmp-agent usm-user { v1 | v2c } command.
An SNMPv1 or SNMPv2c community comprises a set of NMSs and SNMP agents, and is identified
by a community name. An NMS and an SNMP agent must use the same community name to
authenticate to each other.
Typically, public is used as the read-only community name and private is used as the read and write
community name. To improve security, assign your SNMP communities a name other than public
and private.
You can use the following modes to control access to MIB objects for an SNMP community:
•
View-based Access Control Model—The VACM mode controls access to MIB objects by
assigning MIB views to SNMP communities.
•
Role based access control—The RBAC mode controls access to MIB objects by assigning
user roles to SNMP communities.
An SNMP community with a predefined user role network-admin or level-15 has read and
write access to all MIB objects.
An SNMP community with a predefined user role network-operator has read-only access to
all MIB objects.
An SNMP community with a user role specified by the role command accesses MIB objects
through the user role rules specified by the rule command.
For more information about user roles, see Fundamentals Configuration Guide.
If you create the same SNMP community with both modes multiple times, the most recent
configuration takes effect.
For an NMS to access an agent:
•
The RBAC mode requires the user role bound to the community name to have the same access
right to MIB objects as the NMS.
•
The VACM mode requires only the access right from the NMS to MIB objects.
The RBAC mode is more secure. As a best practice, use the RBAC mode to create an SNMP
community.
Examples
# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can
use the community name readaccess to read the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read simple readaccess
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at
1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view
ViewDefault.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-basic-2001] rule deny source any
130
Advertisement
Table of Contents
