HP MSR1003-8S Command Reference Manual page 190

You can create a maximum of 10 SNMP communities by using the snmp-agent community command. To
create more SNMP communities, use the snmp-agent usm-user { v1 | v2c } command.
An SNMPv1 or SNMPv2c community contains a set of NMSs and SNMP agents, and is identified by a
community name. An NMS and an SNMP agent must use the same community name to authenticate
each other.
Typically, public is used as the read-only community name and private is used as the read and write
community name. To improve security, assign your SNMP communities a name other than public and
private.
You can use the following modes to control access to MIB objects for an SNMP community:
View-based Access Control Model—The VACM mode controls access to MIB objects by assigning
•
MIB views to SNMP communities.
Role based access control—The RBAC mode controls access to MIB objects by assigning user roles
•
to SNMP communities.
An SNMP community with a predefined user role network-admin or level- 1 5 has the read and
write access to all MIB objects.
An SNMP community with a predefined user role network-operator has the read-only access to
all MIB objects.
An SNMP community with a user role specified by the role command accesses MIB objects
through the user role rules specified by the rule command.
For more information about user roles, see Fundamentals Configuration Guide.
If you create the same SNMP community with both modes multiple times, the most recent configuration
takes effect.
For an NMS to access an agent:
The RBAC mode requires the user role bound to the community name to have the same access right
•
to MIB objects as the NMS.
The VACM mode requires only the access right from the NMS to MIB objects.
•
HP recommends the RBAC mode because it is more secure.
Examples
# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use
the community name readaccess to read the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read simple readaccess
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can
use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-ipv4-basic-2001] rule deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent community write simple writeaccess acl 2001
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.2
can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
179