4.8. SNMP Command Reference

— access group group-name security-model security-model security-level security-level [context context-name [prefix-match]] [read view-name-1] [write view-name-2] [notify view-name-3]

— no access group group-name [security-model security-model] [security-level security-level] [context context-name [prefix-match]] [read view-name-1] [write view-name-2] [notify view-name-3]

— attempts [count] [time minutes1] [lockout minutes2]

— no attempts

— community community-string [hash | hash2] access-permissions [version SNMP-version]

— no community community-string [hash | hash2]

— usm-community community-string [hash | hash2] group group-name

— no usm-community community-string [hash | hash2]

— view view-name subtree oid-value

— no view view-name [subtree oid-value]

— mask mask-value [type {included | excluded}]

— no mask

The following commands configure user-specific SNMP features. Refer to the Security Command Reference section for CLI syntax and command descriptions.

config

— system

— security

— [no] user user-name

— [no] snmp

— authentication {[none] | [[hash] {md5 key-1 | sha key-1} privacy {privacy-level | key-2}]

— group group-name

— [no] group

4.8.1.2. Show Commands

show

— snmp

— counters

— system

— information

— security

— access-group [group-name]

— communities

— user [user-id] [detail]

— view [view-name] [capabilities] [detail]

4.8.2.1. Configuration Commands

SNMP System Commands
SNMP Security Commands

4.8.2.1.1. SNMP System Commands

snmp

Syntax

snmp

Context

config>system

Description

This command enables the context to configure SNMP parameters.

engineID

Syntax

[no] engineID engine-id

Context

config>system>snmp

Description

This command sets the SNMP engine ID to uniquely identify the SNMPv3 node. By default, the engine ID is generated using information from the system backplane.

If the SNMP engine ID is changed in the config>system>snmp>engineID engine-id context, the current configuration must be saved and a reboot must be executed. If the configuration is not saved and the system is not rebooted, the previously configured SNMP communities and logger trap-destination notify communities will not be valid for the new engine ID.

Caution:

In conformance with IETF standard RFC 3414, User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3), hashing algorithms that generate SNMPv3 MD5 or SHA security digest keys use the engine ID. Changing the SNMP engine ID invalidates all SNMPv3 MD5 and SHA security digest keys and may render the node unmanageable. If the SNMP engine ID is changed, the SNMP hash keys must be reconfigured.

This command could be used, for example, when a chassis is replaced. Use the engine ID of the first system and configure it in the new system to preserve SNMPv3 security keys. This allows management stations to use their existing authentication keys for the new system.

Ensure that the engine IDs are not used on multiple systems. A management domain can only have one instance of each engine ID.

The no form of the command reverts to the default setting.

Default

the engine ID is system-generated

Parameters

engine-id—

an identifier from 10 to 64 hexadecimal digits (5 to 32 octet number), uniquely identifying this SNMPv3 node. This string is used to access this node from a remote host with SNMPv3.

general-port

Syntax

general-port port-number

no general-port

Context

config>system>snmp

Description

This command configures the port number used by this node to receive SNMP request messages and to send replies. SNMP notifications generated by the agent are sent from the port specified in the config>log>snmp-trap-group>trap-target command.

The no form of the command reverts to the default value.

Default

161

Parameters

port-number—

the port number used to send SNMP traffic other than traps

Values—

1 to 65535 (decimal)

packet-size

Syntax

packet-size bytes

no packet-size

Context

config>system>snmp

Description

This command configures the maximum SNMP packet size generated by this node. If the packet size exceeds the MTU size of the egress interface, the packet will be fragmented.

The no form of the command reverts to the default value.

Default

1500 bytes

Parameters

bytes—

the SNMP packet size in bytes

Values—

484 to 9216

shutdown

Syntax

[no] shutdown

Context

config>system>snmp

Description

This command administratively disables SNMP agent operations. System management can then only be performed using the CLI. Shutting down SNMP does not remove or change configuration parameters other than the administrative state. This command does not prevent the agent from sending SNMP notifications to any configured SNMP trap destinations. SNMP trap destinations are configured under the config>log>snmp-trap-group context.

This command is automatically invoked in the event of a reboot when the processing of the configuration file fails to complete or when an SNMP persistent index file fails while the bof persist on command is enabled.

The no form of the command administratively enables SNMP.

Default

no shutdown

4.8.2.1.2. SNMP Security Commands

snmp

Syntax

snmp

Context

config>system>security

Description

This command enables the context to configure SNMPv1, SNMPv2c, and SNMPv3 parameters

access group

Syntax

[no] access group group-name security-model {snmpv1 | snmpv2c | usm} security-level {no-auth-no-privacy | auth-no-privacy | privacy} [context context-name [prefix-match {exact | prefix}]] [read view-name-1] [write view-name-2] [notify view-name-3]

Context

config>system>security>snmp

Description

This command creates an association between a user group, a security model, and the views that the user group can access. Access parameters must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2c. An access group is defined by a unique combination of the group name, security model, and security level.

Access must be configured unless security is limited to SNMPv1/SNMPv2c with community strings (see community).

Default access group configurations cannot be modified or deleted.

To remove the user group with associated security models and security levels, use the command no access group group-name.

To remove a security model and security level combination from a group, use the command no access group group-name security-model {snmpv1 | snmpv2c | usm} security-level {no-auth-no-privacy | auth-no-privacy | privacy}.

Default

n/a

Parameters

group-name—

specifies a unique group name up to 32 characters

security-model {snmpv1 | snmpv2c | usm}—

specifies the security model required to access the views configured in this node. A group can have multiple security models. For example, one view may only require SNMPv1/ SNMPv2c access while another view may require USM (SNMPv3) access rights.

security-level {no-auth-no-priv | auth-no-priv | privacy}—

specifies the required authentication and privacy levels to access the views configured in this node

security-level no-auth-no-privacy—

specifies that no authentication and no privacy (encryption) is required. When configuring the user’s authentication, select the none option.

security-level auth-no-privacy—

specifies that authentication is required but privacy (encryption) is not required. When this option is configured, both the group and the user must be configured for authentication.

security-level privacy—

specifies that both authentication and privacy (encryption) is required. When this option is configured, both the group and the user must be configured for authentication. The user must also be configured for privacy.

context-name—

specifies a set of SNMP objects that are associated with the context-name. The context name is treated as either a full context name string or a context name prefix depending on the keyword specified (exact or prefix).

prefix-match—

specifies the context-name prefix-match keywords, exact or prefix

Default—

exact

read view-name-1—

specifies the keyword and variable of the view to read the MIB objects. This command must be configured for each view to which the group has read access.

Values—

up to 32 characters

write view-name-2—

specifies the keyword and variable of the view to configure the contents of the agent. This command must be configured for each view to which the group has write access.

Values—

up to 32 characters

notify view-name-3—

specifies the keyword and variable of the view to send a trap about MIB objects. This command must be configured for each view to which the group has notify access.

Values—

up to 32 characters

attempts

Syntax

attempts [count] [time minutes1] [lockout minutes2]

no attempts

Context

config>system>security>snmp

Description

This command configures a threshold value for the number of unsuccessful SNMP connection attempts allowed in a specified time frame. The command parameters are used to counter denial of service (DOS) attacks through SNMP.

If the threshold is exceeded, the host is locked out for the lockout time period.

If multiple attempts commands are entered, each command overwrites the previously entered command.

The no form of the command resets the parameters to the default values.

Default

attempts 20 time 5 lockout 10

Parameters

count—

the number of unsuccessful SNMP attempts allowed for the specified time

Values—

1 to 64

Default—

time minutes1—

the period of time, in minutes, that a specified number of unsuccessful attempts can be made before the host is locked out

Values—

0 to 60

Default—

lockout minutes2—

the lockout period, in minutes, during which the host is not allowed to log in. When the host exceeds the attempted count times in the specified time, then that host is locked out from any further login attempts for the configured time period.

Values—

0 to 1440

Default—

community

Syntax

community community-string [hash | hash2] access-permissions [version SNMP-version]

no community community-string [hash | hash2]

Context

config>system>security>snmp

Description

This command creates SNMP community strings for SNMPv1 and SNMPv2c access. This command is used in combination with the predefined access groups and views. To create custom access groups and views and associate them with SNMPv1 or SNMPv2c access, use the usm-community command.

When configured, community implies a security model for SNMPv1 and SNMPv2c only.

For SNMPv3 security, the snmp command must be configured.

The no form of the command removes a community string.

Default

n/a

Parameters

community-string—

configures the SNMPv1/SNMPv2c community string

hash1 | hash2 —

configures the hashing scheme for the community string

access-permissions—

defines the access permissions

Values—

r — grants only read access to objects in the MIB, except security objects
rw — grants read and write access to all objects in the MIB, except security objects
rwa — grants read and write access to all objects in the MIB, including security objects
mgmt — assigns a unique SNMP community string to the management router
vpls-mgmt — assigns a unique SNMP community string to the management virtual router

version—

specifies the SNMP version

Values—

v1 | v2c | both

usm-community

Syntax

usm-community community-string [hash | hash2] group group-name

no usm-community community-string [hash | hash2]

Context

config>system>security>snmp

Description

This command is used to associate a community string with an SNMPv3 access group and its view. The access granted with a community string is restricted to the scope of the configured group.

The 7705 SAR implementation of SNMP uses SNMPv3. In order to implement SNMPv1 and SNMPv2c configurations, several access groups are predefined. In order to implement SNMP with security features (version 3), security models, security levels, and USM communities must be explicitly configured. Optionally, additional views that specify more specific OIDs (MIB objects in the subtree) can be configured.

The no form of this command removes a community string.

Default

n/a

Parameters

community-string—

configures the SNMPv1/SNMPv2c community string to determine the SNMPv3 access permissions to be used

hash1 | hash2 —

configures the hashing scheme for the community string

group—

specifies the group that governs the access rights of this community string. This group must be configured first in the config>system>security>snmp>access group context.

group-name—

specifies the group name

view

Syntax

view view-name subtree oid-value

no view view-name [subtree oid-value]

Context

config>system>security>snmp

Description

This command configures a view. Views control the accessibility of a MIB object within the configured MIB view and subtree. Object identifiers (OIDs) uniquely identify MIB objects in the subtree. OIDs are organized hierarchically with specific values assigned by different organizations.

Once the subtree (OID) is identified, a mask can be created to select the portions of the subtree to be included or excluded for access using this particular view. See the mask command. The views configured with this command can subsequently be used in read, write, and notify commands that are used to assign specific access group permissions to created views and assigned to particular access groups.

Multiple subtrees can be added or removed from a view name to tailor a view to the requirements of the user access group.

The no view view-name command removes a view and all subtrees.

The no view view-name subtree oid-value command removes a sub-tree from the view name.

Default

no views are defined

Parameters

view-name—

the 1 to 32 character view name

Default—

n/a

oid-value—

the object identifier (OID) value for the view-name. This value, for example, 1.3.6.1.6.3.11.2.1, combined with the mask and include and exclude statements, configures the access available in the view.

It is possible to have a view with different subtrees with their own masks and include and exclude statements. This allows you to customize visibility and write capabilities for specific user requirements

mask

Syntax

mask mask-value [type {included | excluded}]

no mask

Context

config>system>security>snmp>view view-name

Description

The mask value and the mask type, along with the oid-value configured in the view command, determines the access of each sub-identifier of an object identifier (MIB subtree) in the view.

Each bit in the mask corresponds to a sub-identifier position; for example, the most significant bit for the first sub-identifier, the next most significant bit for the second sub-identifier, and so on. If the bit position on the sub-identifier is available, it can be included or excluded.

For example, the MIB subtree that represents MIB-II is 1.3.6.1.2.1. The mask that catches all MIB-II is 0xfc or 0b11111100.

Only a single mask may be configured per view and OID value combination. If more than one entry is configured, each subsequent entry overwrites the previous entry.

Per RFC 2575, View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP), each MIB view is defined by two sets of view subtrees, the included view subtrees, and the excluded view subtrees. Every view subtree, both the included and the excluded ones, are defined in this table. To determine if a particular object instance is in a particular MIB view, compare the object instance’s object identifier (OID) with each of the MIB view’s active entries in this table. If none match, then the object instance is not in the MIB view. If one or more match, then the object instance is included in, or excluded from, the MIB view according to the value of vacmViewTreeFamilyType in the entry whose value of vacmViewTreeFamilySubtree has the most sub-identifiers.

The no form of this command removes the mask from the configuration.

Default

no mask

Parameters

mask-value—

the mask value associated with the OID value determines whether the sub-identifiers are included or excluded from the view

The mask can be entered in either:

hexadecimal format (for example, 0xfc)

binary format (for example, 0b11111100)

Note:

If the number of bits in the bit mask is less than the number of sub-identifiers in the MIB subtree, then the mask is extended with ones until the mask length matches the number of sub-identifiers in the MIB subtree.

Default—

all 1s

type {included | excluded}—

specifies whether to include or exclude MIB subtree objects

included - all MIB subtree objects that are identified with a 1 in the mask are available in the view

excluded - all MIB subtree objects that are identified with a 1 in the mask are denied access in the view

Default—

included

4.8.2.2. Show Commands

Note:

The following command outputs are examples only; actual displays may differ depending on supported functionality and user configuration.

counters

Syntax

counters

Context

show>snmp

Description

This command displays SNMP counter information. SNMP counters will continue to increase even when SNMP is shut down. Some internal modules communicate using SNMP packets.

Output

The following output is an example of SNMP counters information, and Table 23 describes the fields.

Output Example

A:ALU-1# show snmp counters

==============================================================================

SNMP counters:

==============================================================================

in packets : 463

------------------------------------------------------------------------------

in gets : 93

in getnexts : 0

in sets : 370

out packets: 463

------------------------------------------------------------------------------

out get responses : 463

out traps : 0

variables requested: 33

variables set : 497

==============================================================================

A:ALU-1#

Table 23: Show SNMP Counters Output Fields

Label	Description
in packets	The total number of messages delivered to SNMP from the transport service
in gets	The number of SNMP get request PDUs accepted and processed by SNMP
in getnexts	The number of SNMP get next PDUs accepted and processed by SNMP
in sets	The number of SNMP set request PDUs accepted and processed by SNMP
out packets	The total number of SNMP messages passed from SNMP to the transport service
out get responses	The number of SNMP get response PDUs generated by SNMP
out traps	The number of SNMP Trap PDUs generated by SNMP
variables requested	The number of MIB objects requested by SNMP
variables set	The number of MIB objects set by SNMP as the result of receiving valid SNMP set request PDUs

information

Syntax

information

Context

show>system

Description

This command lists the SNMP configuration and statistics.

Output

The following output is an example of system information, and Table 24 describes the fields.

Output Example

A:ALU-1# show system information

===============================================================================

System Information

===============================================================================

System Name : ALU-1

System Type : 7705 SAR-8

System Version : B-0.0.I1204

System Contact :

System Location :

System Coordinates :

System Active Slot : A

System Up Time : 1 days, 02:12:57.84 (hr:min:sec)

SNMP Port : 161

SNMP Engine ID : 0000197f01119ff000000

SNMP Max Message Size : 1500

SNMP Admin State : Enabled

SNMP Oper State : Enabled

SNMP Index Boot Status : Not Persistent

SNMP Sync State : OK

Tel/Tel6/SSH/FTP Admin : Enabled/Disabled/Enabled/Disabled

Tel/Tel6/SSH/FTP Oper : Up/Down/Up/Down

BOF Source : cf3:

Image Source : primary

Config Source : primary

Last Booted Config File: ftp://172.xx.xxx.xxx/./deby-sim1/debby-sim1-config.cfg

Last Boot Cfg Version : THU MAR 11 16:58:20 2016 UTC

Last Boot Config Header: # TiMOS-B-0.0.I1042 both/i386 Nokia SAR 7705

reserved. All use subject to applicable license

agreements. # Built on Tue Mar 11 01:26:23 PST 2016 by

builder in /rel0.0/I1042/panos/main # Generated TUE

MAR 11 16:58:20 2016 UTC

Last Boot Index Version: N/A

Last Boot Index Header : # TiMOS-B-0.0.I1042 both/i386 Nokia SAR 7705

reserved. All use subject to applicable license

agreements. # Built on Tue Mar 11 01:26:23 PST 2016 by

builder in /rel0.0/I1042/panos/main # Generated TUE

MAR 11 16:58:20 2016 UTC

Last Saved Config : N/A

Time Last Saved : N/A

Changes Since Last Save: No

User Last Modified : admin

Time Last Modified : 2016/04/07 18:34:18

Max Cfg/BOF Backup Rev : 5

Cfg-OK Script : N/A

Cfg-OK Script Status : not used

Cfg-Fail Script : N/A

Cfg-Fail Script Status : not used

Microwave S/W Package : invalid

Management IP Addr : 192.168.xxx.xxx/20

Primary DNS Server : 192.168.xxx.xxx

Secondary DNS server : N/A

Teriary DNS server : N/A

DNS Domain : ca.alcatel.com

DNS Resolve Preference : ipv4-only

BOF Static Routes :

To Next Hop

128.xxx.xxx.0/23 192.168.xxx.xxx

172.xxx.xxx.0/22 192.168.xxx.xxx

ATM Location ID : 01:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00

ICMP Vendor Enhancement: Disabled

===============================================================================

A:ALU-1#

Table 24: Show System Information Output Fields

Label	Description
System Name	The name configured for the device
System Contact	The text string that identifies the contact name for the device
System Location	The text string that identifies the location of the device
System Coordinates	The text string that identifies the system coordinates for the device location. For example, “37.390 -122.0550" is read as latitude 37.390 north and longitude 122.0550 west.
System Up Time	The time since the last reboot
SNMP Port	The port that SNMP sends responses to management requests
SNMP Engine ID	The ID for either the local or remote SNMP engine to uniquely identify the SNMPv3 node
SNMP Max Message Size	The maximum size SNMP packet generated by this node
SNMP Admin State	Enabled: SNMP is administratively enabled
SNMP Admin State	Disabled: SNMP is administratively disabled
SNMP Oper State	Enabled: SNMP is operationally enabled
SNMP Oper State	Disabled: SNMP is operationally disabled
SNMP Index Boot Status	Persistent: Persistent indexes was enabled at the last system reboot
SNMP Index Boot Status	Disabled: Persistent indexes was disabled at the last system reboot
SNMP Sync State	The state when the synchronization of configuration files between the primary and secondary CSMs finish
Tel/Tel6/SSH/FTP Admin	The administrative state of the Telnet, Telnet IPv6, SSH, and FTP sessions
Tel/Tel6/SSH/FTP Oper	The operational state of the Telnet, Telnet IPv6, SSH, and FTP sessions
BOF Source	The boot location of the BOF
Image Source	primary: specifies whether the image was loaded from the primary location specified in the BOF
	secondary: specifies whether the image was loaded from the secondary location specified in the BOF
	tertiary: specifies whether the image was loaded from the tertiary location specified in the BOF
Config Source	primary: specifies whether the configuration was loaded from the primary location specified in the BOF
	secondary: specifies whether the configuration was loaded from the secondary location specified in the BOF
	tertiary: specifies whether the configuration was loaded from the tertiary location specified in the BOF
Last Booted Config File	The URL and filename of the configuration file used for the most recent boot
Last Boot Cfg Version	The version of the configuration file used for the most recent boot
Last Boot Config Header	The header information of the configuration file used for the most recent boot
Last Boot Index Version	The index version used in the most recent boot
Last Boot Index Header	The header information of the index used in the most recent boot
Last Saved Config	The filename of the last saved configuration
Time Last Saved	The time the configuration was most recently saved
Changes Since Last Save	Yes: the configuration has changed since the last save
Changes Since Last Save	No: the configuration has not changed since the last save
User Last Modified	The user name of the user who last modified the configuration file
Time Last Modified	The time of the last modification
Max Cfg/BOF Backup Rev	The maximum number of backup revisions maintained for a configuration file. This value also applies to the number of revisions maintained for the BOF file.
Cfg-OK Script	URL: the location and name of the CLI script file executed following successful completion of the boot-up configuration file execution
Cfg-OK Script	N/A: no CLI script file is executed
Cfg-OK Script Status	Successful/Failed: the results from the execution of the CLI script file specified in the Cfg-OK Script location
Cfg-OK Script Status	Not used: no CLI script file was executed
Cfg-Fail Script	URL: the location and name of the CLI script file executed following a failed boot-up configuration file execution
Cfg-Fail Script	Not used: no CLI script file was executed
Cfg-Fail Script Status	Successful/Failed: the results from the execution of the CLI script file specified in the Cfg-Fail Script location
Cfg-Fail Script Status	Not used: no CLI script file was executed
Microwave S/W Package	n/a
Management IP Addr	The management IP address and mask
Primary DNS Server	The IP address of the primary DNS server
Secondary DNS Server	The IP address of the secondary DNS server
Tertiary DNS Server	The IP address of the tertiary DNS server
DNS Domain	The DNS domain name of the node
DNS Resolve Preference	n/a
BOF Static Routes	To: the static route destination
	Next Hop: the next hop IP address used to reach the destination
	Metric: displays the priority of this static route versus other static routes
	None: no static routes are configured
ATM location ID	For ATM OAM loopbacks — the address of the network device referenced in the loopback request
ICMP Vendor Enhancement:	Enabled — inserts one-way timestamp in outbound SAA ICMP ping packets
ICMP Vendor Enhancement:	Disabled — one-way timestamping is not performed on outbound SAA ICMP ping packets

access-group

Syntax

access-group [group-name]

Context

show>system>security

Description

This command displays access group information.

Parameters

group-name—

the access group name

Output

The following output is an example of access group information, and Table 25 describes the fields.

Output Example

A:ALU-1# show system security access-group

===============================================================================

Access Groups

===============================================================================

group name security security read write notify

model level view view view

-------------------------------------------------------------------------------

snmp-ro snmpv1 none no-security no-security

snmp-ro snmpv2c none no-security no-security

snmp-rw snmpv1 none no-security no-security no-security

snmp-rw snmpv2c none no-security no-security no-security

snmp-rwa snmpv1 none iso iso iso

snmp-rwa snmpv2c none iso iso iso

snmp-trap snmpv1 none iso

snmp-trap snmpv2c none iso

-------------------------------------------------------------------------------

No. of Access Groups: 8

===============================================================================

A:ALU-1#

A:ALU-1# show system security access-group snmp-ro

===============================================================================

Access Groups

===============================================================================

group name security security read write notify

model level view view view

-------------------------------------------------------------------------------

snmp-ro snmpv1 none no-security no-security

-------------------------------------------------------------------------------

No. of Access Groups: 1

...

===============================================================================

A:ALU-1#

Table 25: Show System Access Group Fields

Label	Description
Group name	The access group name
Security model	The security model required to access the views configured in this node
Security level	The required authentication and privacy levels to access the views configured in this node
Read view	The view to read the MIB objects
Write view	The view to configure the contents of the agent
Notify view	The view to send a trap about MIB objects
No. of access groups	The total number of configured access groups

communities

Syntax

communities

Context

show>system>security

Description

This command lists SNMP communities and characteristics.

Output

The following output is an example of communities information, and Table 26 describes the fields.

Output Example

A:ALU-1# show system security communities

=============================================================================

Communities

=============================================================================

community access view version group name

-----------------------------------------------------------------------------

private rw iso v1 v2c snmp-rwa

cli-readonly r iso v2c cli-readonly

cli-readwrite rw iso v2c cli-readwrite

-----------------------------------------------------------------------------

No. of Communities: 3

=============================================================================

A:ALU-1#

Table 26: Show Communities Output Fields

Label	Description
Community	The community string name for SNMPv1 and SNMPv2c access only
Access	r: The community string allows read-only access to all objects in the MIB except security objects
	rw: The community string allows read-write access to all objects in the MIB except security objects
	rwa: The community string allows read-write access to all objects in the MIB including security objects
	mgmt: The unique SNMP community string assigned to the management router
View	The view name
Version	The SNMP version
Group Name	The access group name
No of Communities	The total number of configured community strings

user

Syntax

user [user-id] [detail]

Context

show>system>security

Description

This command displays user information.

Parameters

user-id—

the name of the user

detail —

displays all information associated with the specified use

Output

The following output is an example of user information, and Table 27 describes the fields.

Output Example

A:ALU-1# show system security user

===============================================================================

Users

===============================================================================

user id New User Permissions Password Login Failed Local

Pwd console ftp snmp Expires Attempts Logins Conf

-------------------------------------------------------------------------------

admin n y n n never 2 0 y

testuser n n n y never 0 0 y

-------------------------------------------------------------------------------

Number of users : 2

===============================================================================

A:ALU-1#

Table 27: Show User Output Fields

Label	Description
User ID	The name of a system user
Need New PWD	Yes: the user must change their password at the next login
Need New PWD	No: the user is not forced to change their password at the next login
User Permissions	Console: specifies whether the user is permitted console/Telnet access
	FTP: specifies whether the user is permitted FTP access
	SNMP: specifies whether the user is permitted SNMP access
Password expires	The date on which the current password expires
Attempted logins	The number of times the user has attempted to log in, irrespective of whether the login succeeded or failed
Failed logins	The number of unsuccessful login attempts
Local Conf.	Y: password authentication is based on the local password database
Local Conf.	N: password authentication is not based on the local password database

view

Syntax

view [view-name] [detail | capabilities]

Context

show>system>security

Description

This command lists one or all views and permissions in the MIB-OID tree.

Parameters

view-name—

the name of the view

detail —

displays all groups associated with the view

capabilities—

displays all views, including excluded MIB-OID trees from unsupported features

Output

The following output is an example of system security view information, and Table 28 describes the fields.

Output Example

A:ALU-1# show system security view

===============================================================================

Views

===============================================================================

view name oid tree mask permission

-------------------------------------------------------------------------------

iso 1 included

no-security 1 included

no-security 1.3.6.1.6.3 excluded

no-security 1.3.6.1.6.3.10.2.1 included

no-security 1.3.6.1.6.3.11.2.1 included

no-security 1.3.6.1.6.3.15.1.1 included

-------------------------------------------------------------------------------

No. of Views: 6

===============================================================================

A:ALU-1# show system security view no-security detail

===============================================================================

Views

===============================================================================

view name oid tree mask permission

-------------------------------------------------------------------------------

no-security 1 included

no-security 1.3.6.1.6.3 excluded

no-security 1.3.6.1.6.3.10.2.1 included

no-security 1.3.6.1.6.3.11.2.1 included

no-security 1.3.6.1.6.3.15.1.1 included

-------------------------------------------------------------------------------

No. of Views: 5

===============================================================================

=======================================

no-security used in

=======================================

group name

---------------------------------------

snmp-ro

snmp-rw

=======================================

A:ALU-1#

A:ATMIMA1>config# show system security view capabilities

===============================================================================

Views

===============================================================================

view name oid tree mask permission

-------------------------------------------------------------------------------

iso 1 included

iso 1.0.8802 no-support

iso 1.3.6.1.3.37 no-support

iso 1.3.6.1.3.92 no-support

iso 1.3.6.1.3.95 no-support

iso 1.3.6.1.2.1.14 no-support

iso 1.3.6.1.2.1.15 no-support

iso 1.3.6.1.2.1.23 no-support

iso 1.3.6.1.2.1.51 no-support

iso 1.3.6.1.2.1.68 no-support

iso 1.3.6.1.2.1.85 no-support

iso 1.3.6.1.2.1.100 no-support

iso 1.3.6.1.2.1.4.39 no-support

iso 1.3.6.1.2.1.5.20 no-support

===============================================================================

A:ALU-1#

Table 28: Show System Security View Output Fields

Label	Description
View name	The name of the view. Views control the accessibility of a MIB object within the configured MIB view and subtree.
OID tree	The Object Identifier (OID) value. OIDs uniquely identify MIB objects in the subtree.
Mask	The mask value and the mask type, along with the oid-value configured in the view command, determines the access of each sub-identifier of an object identifier (MIB subtree) in the view
Permission	Included: specifies to include MIB subtree objects
	Excluded: specifies to exclude MIB subtree objects
	No-support: specifies not to support MIB subtree objects
No. of Views	The total number of configured views
Group name	The access group name