198
C
9: S
HAPTER
IMPLE
Sample SNMP Configurations
Sample SNMPv1/v2c Community Access Control
cli:192.168.208.3:root# snmp-server view nosnmpconfig 1.3.6.1 included
cli:192.168.208.3:root# snmp-server view nosnmpconfig snmpModules excluded
cli:192.168.208.3:root# snmp-server group monitorgroup v1 read nosnmpconfig
cli:192.168.208.3:root# snmp-server group monitorgroup v2 read nosnmpconfig
cli:192.168.208.3:root# snmp-server community monitor monitorgroup
N
M
P
ETWORK
ANAGEMENT
ROTOCOL
This section provides sample configurations for SNMPv1/v2c community
access control, SNMPv3 access control, and notification.
To configure SNMPv1/v2c community access control, you must:
1. Configure SNMP Access Views.
2. Configure SNMP Groups.
3. Configure SNMPv1, v2c Communities.
In this sample configuration, the administrator creates three communities
(and associated views and groups):
A community called "monitor" that allows any host read-only access to
the entire MIB, except for sensitive SNMP configuration information. No
write access is allowed.
A community called "admincon" that allows read-write access to the
entire MIB, but only from management hosts in a particular address range
(such as a management network operations center). In this case, the
address range is 100.100.0.0 through 100.100.255.255.
A community called "justme" that allows the same access as the
"admincon" community, but from two individual hosts only.
To configure the "monitor" community, the administrator first issues the
following commands to configure two read-only views, each named
"nosnmpconfig:"
The administrator then creates two groups named "monitorgroup" that
associate the read-only view (nosnmpconfig) and the community "monitor,"
which is created afterward.
The administrator then creates the community "monitor," which includes an
association to the group named "monitorgroup."
(SNMP)
ADC Telecommunications, Inc.