HPE FlexNetwork 5130 HI Series Network Management And Monitoring Command Reference page 181

set of accessible MIB objects. If you do not specify a view, the specified community can access the
MIB objects in the default MIB view ViewDefault.
user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63
characters.
acl: Specifies a basic or advanced IPv4 ACL for the community.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL
number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to
3999.
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string
of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the community.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL
number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to
3999.
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string
of 1 to 63 characters.
Usage guidelines
This command is not available in FIPS mode.
Only users with the network-admin or level-15 user role can execute this command. Users with other
user roles cannot execute this command even if these roles are granted access to commands of the
SNMP feature or this command.
An SNMP community is identified by a community name. It contains a set of NMSs and SNMP
agents. Devices in an SNMP community authenticate each other by using the community name. An
NMS and an SNMP agent can communicate only when they use the same community name.
Typically, public is used as the read-only community name and private is used as the read and write
community name. To enhance security, you can assign your SNMP communities a name other than
public and private.
The snmp-agent community command allows you to use either of the following modes to control
SNMP community access to MIB objects:
• View-based access control model—The VACM mode controls access to MIB objects by
assigning MIB views to SNMP communities.
• Role based access control—The RBAC mode controls access to MIB objects by assigning
user roles to SNMP communities.
The network-admin and level-15 user roles have the read and write access to all MIB
objects.
The network-operator user role have the read-only access to all MIB objects.
For more information about user roles, see Fundamentals Configuration Guide.
RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB
view basis. As a best practice to enhance MIB security, use RBAC mode.
You can create a maximum of 10 SNMP communities by using the snmp-agent community
command.
If you execute the command multiple times to specify the same community name but different other
settings each time, the most recent configuration takes effect.
To set and save a community name in plain text, do not specify the simple or cipher keyword.
The ACL is used to filter illegitimate NMSs.
• If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not
have any rules, all NMSs that use the community name can access the SNMP agent.
172