Configuring SNMP Access Groups

The SNMP Access Groups table lets you configure up to 30 SNMP access groups. Each group is defined by name, security model and level, and a set of views that specifies which types of MIB data (view tree) the access group can read or write. The access group uses the view-based access control model (VACM), which allows you to configure SNMP MIB tree access privileges granted to a group.

Each Access Group can have multiple access rights.

The SNMP Access Groups table is applicable only to the advanced SNMP mode. To enable the advanced mode, see Enabling the SNMP View-based Access Control Model

Once configured, you can assign Access Groups to the following tables:

SNMP Community Strings table (see Configuring SNMP Community Strings)
SNMPv3 Users table (see Configuring SNMPv3 Users)

The following procedure describes how to configure an SNMP Access Group through the Web interface. You can also configure it through ini file [VacmAccessGroups] or CLI (configure system > snmp settings > access-groups).

To configure SNMP access groups:
1. Open the SNMP Access Groups table (Setup menu > Administration tab > SNMP folder > SNMP Access Groups).
2. Click New; the following dialog box appears:

3. Configure an SNMP access group according to the parameters described in the table below.
4. Click Apply, and then reset the device with a save-to-flash for your settings to take effect.

SNMP Access Groups Table Parameter Descriptions

Parameter

Description

'Index'

[SNMPCommunityStrings_Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Group Name'

group-name

[VacmAccessGroups_GroupName]

Defines a descriptive name for the SNMP Access Group.

The valid value is a string of characters.

'Security Model'

security-model

[VacmAccessGroups_SecurityModel]

Defines the user's SNMP security model.

[1] SNMPv1
[2] SNMPv2 (default)
[3] SNMPv3

'Security Level'

security-level

[VacmAccessGroups_SecurityLevel]

Defines the user's security level.

[1] noAuthNoPriv = (Default) The SNMP connection requires neither authentication of users nor encryption of data. NoAuth means no cryptographic authentication. Credentials (username and password) are still used, but there is no cryptographic mechanism to verify the authenticity of the message. NoPriv means no privacy of the contents of the SNMP messages, meaning there is no encryption of the payload.
[2] authNoPriv = The SNMP connection requires authentication of users but not the encryption of data. Auth means there is cryptographic authentication (MD5 or SHA). NoPriv means no privacy of the contents of the SNMP messages.
[3] authPriv = The SNMP connection requires authentication of users and encryption of data. Auth means cryptographic authentication is employed. Priv means that the whole SNMP packet is encrypted.

Note: The authNoPriv and authPriv values are applicable only to SNMPv3 users.

'Read View Name'

read-view-name

[VacmAccessGroups_ReadViewName]

Assigns the user a specific SNMP MIB tree view authorizing read-only access, configured in the View Tree Family table (see Configuring SNMP View Tree Family).

By default, no value is defined.

'Write View Name'

write-view-name

[VacmAccessGroups_WriteViewName]

Assigns the user a specific SNMP MIB tree view authorizing read-write access, configured in the View Tree Family table (see Configuring SNMP View Tree Family).

By default, no value is defined.

'Notify View Name'

notify-view-name

[VacmAccessGroups_NotifyViewName]

Assigns the user a specific SNMP MIB tree view authorizing notify access, configured in the View Tree Family table (see Configuring SNMP View Tree Family).

By default, no value is defined.