Snmp Create Access; Snmp Delete Access - Network Critical SmartNA-X User Manual

snmp create access

Use the snmp create access command to create a VACM Access Table group.
The VACM Access Table is used to store the access rights defined for groups. In determining if access is allowed, one
entry must be selected and the proper viewName from that entry must be used for further access checking.
There may be multiple access rights defined for a single group and the access right chosen from that set is determined
by which is the "most secure". This means the entry with the highest security model or with the longest context prefix
match is chosen (see the vacmAccessTable MIB description for the details of the algorithm). This table is indexed by a
groupName, contextPrefix, securityModel, and securityLevel. Each row in this table contains:
• Group name—the name of the group that this access right applies.
• Security model—the security model that must be used in order to gain access to this access right.
• Security level—the minimum security level that must be used in order to gain access to this access right. A security
level of noAuth is less than Auth and Auth is less than Priv.
• Read view name—the authorized MIB viewName used for read access. lf the value is the empty string then there is no
active view configured for read access.
• Write view name—the authorized MIB viewName used for write access. lf the value is the empty string then there is
no active view configured for write access.
• Notify view name—the authorized MIB viewName used for notify access. lf the value is the empty string then there is
no active view configured for notify access.
Syntax
snmp create access groupName { Any | USM | v1 | v2c } { noAuth | Auth | Priv } read-viewname write-
viewname notify-viewname
Parameters
• groupName Specify a group name that this access right applies.
• Any, USM, v1, v2c Specify the security model that must be used to get access rights. USM is the most secure,
with all SNMPv3 packets authenticated, encrypted, and decrypted. (SNMP)v1 and (SNMP)v2c are unsecured, with
authentication amounting to nothing more than a community string sent in clear text between manager and agent.
When a single group has multiple security models, you may set Any if all the security names/users in a group have
the same level of security, such as SNMP v1/v2 community strings and SNMPv3 users with no auth/priv (see the first
example below). Otherwise, you must use separate snmp create access commands for v3 users within the group that
have USM security.
• noAuth, Auth, Priv Specify the lowest security level necessary for having access to this access right.
• read-viewName Specify the viewName to which get requests are mapped. If no access is required, create a viewName
that excludes access to the OID root and specify it here.
• write-viewName Specify the viewName to which set requests are mapped. If no access is required, create a viewName
that excludes access to the OID root and specify it here.
notify-viewName Specify the viewName to which notify requests are mapped. If no access is required, create a
•
viewName that excludes access to the OID root and specify it here.
Example
Create group access rights with USM security and a minimum security level of Priv:
CONTROLLER>snmp create access groupName usm priv read-viewName write-viewName notify-viewName
CONTROLLER>apply

snmp delete access

Use the snmp delete access command to delete a group access right from the VACM Access Table group.
™ ©
SmartNA-X 1G/10G User Guide 1.4 2015 Network Critical Solutions Limited
SmartNA-X 1G/10G Modular | Command Line Reference | 157