Configuring Access Options

The access command creates an association between a user group, a security model, and the views that the user group can access. Access must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2c. An access group is defined by a unique combination of the group name, security model, and security level.

Use the following CLI syntax to configure access features:

CLI Syntax:
config>system>security>snmp
    access group group-name security-model security-model security-level security-level [context context-name [prefix-match]] [read view-name-1] [write view-name-2] [notify view-name-3]

The following example displays access command usage:

Example:
ALU-1>config>system>security>snmp# access group
testgroup security-model usm security-level auth-no-privacy read testview write testview notify testview

The following example displays the access configuration with the view configurations.

ALU-1>config>system>security>snmp# info
----------------------------------------------
    view ‟testview” subtree 1
                    mask ff
                exit
                view ‟testview” subtree 1.3.6.1.2
                    mask ff type excluded
                exit
                access group ‟testgroup” security-model usm security-level auth-no
-privacy read ‟testview” write ‟testview” notify ‟testview”
                community "public" r version both
----------------------------------------------

Use the following CLI syntax to configure user group and authentication parameters:

CLI Syntax:
config>system>security# user user-name
    access [ftp] [snmp] [console]
    snmp
        authentication none
        authentication authentication-protocol authentication-key [privacy none] [hash | hash2]
        authentication authentication-protocol authentication-key privacy privacy-protocol privacy-key [hash|hash2]
        no authentication
    group group-name

The following example displays user security command usage:

Example:
config>system>security# user testuser
config>system>security>user$ access snmp
config>system>security>user# snmp
config>system>security>user>snmp# authentication hash hmac-md5-96 e14672e71d3e96e7a1e19472527ee969 privacy none
config>system>security>user>snmp# group testgroup
config>system>security>user>snmp# exit
config>system>security>user# exit

The following example displays the user’s SNMP configuration.

ALU-1>config>system>security# info
----------------------------------------------
    user "testuser"
        access snmp
        snmp
            authentication hash hmac-md5-96  e14672e71d3e96e7a1e19472527ee969 
privacy none
            group testgroup
        exit
    exit
...
----------------------------------------------
ALU-1>config>system>security#
Parent topic: Configuring SNMP Components