Enabling the SNMP View-based Access Control Model
The device offers an advanced SNMP configuration mode called View-based Access Control Model (VACM) that enables fine-grained access control over SNMP MIB objects. This advanced mode allows you to configure customized read, write, and notification privileges for SNMPv2/v3 users and community strings, specifically targeting MIB objects (subtrees / OIDs). This feature enhances security and flexibility, by allowing precise control over which users have access to different parts of the MIB tree.
| ● | Once you enable advanced SNMP mode, it’s not recommended to return to basic SNMP mode. If you return to basic SNMP mode, all your advanced SNMP settings are deleted. |
| ● | When you enable the SNMP advanced mode, the following tables become available in the Web interface: |
| ✔ | SNMP Access Table appears (Setup menu > Administration tab > SNMP > SNMP Access Groups): Configures SNMP access groups, controlling write, read and notification privileges for specific SNMP users over MIB object information, as configured in the View Tree Family table (see below). |
| ✔ | View Tree Family Table appears (Setup menu > Administration tab > SNMP > View Tree Family): Configures SNMP Views, which sets read view and write view privileges for specified MIB subtrees (OIDs). |
| ➢ | To enable advanced SNMP mode: |
| 1. | Enable the SNMP advanced parameter: |
| ● | Ini file: [EnableSnmpAdvancedMode] = 1 |
| ● | CLI: configure system > snmp settings > enable-advanced-mode on |
| 2. | Restart the device for your settings to take effect. |