Configuring access options

The access command creates an association between a user group, a security model and the views that the user group can access. Access must be configured unless security is limited to the preconfigured access groups and views for SNMPv1 and SNMPv2. An access group is defined by a unique combination of the group name, security model and security level.

Use the following CLI syntax to configure access features.

CLI syntax:

config>system>security>snmp
access group group-name security-model security-model 
 security-level security-level [context context-name 
 [prefix-match]] [read view-name-1] [write view-name-2] 
[notify view-name-3]

The following displays an access configuration with the view configurations:

*A:cses-A13>config>system>security>snmp# info
----------------------------------------------
                view "testview" subtree "1"
                    mask ff
                exit
                view "testview" subtree "1.3.6.1.2"
                    mask ff type excluded
                exit
                access group "test" security-model usm security-level 
                auth-no-privacy read "testview" write "testview" notify "testview"
                community "uTdc9j48PBRkxn5DcSjchk" hash2 rwa version both
                community "Lla.RtAyRW2" hash2 r version v2c
                community "r0a159kIOfg" hash2 r version both
----------------------------------------------
*A:cses-A13>config>system>security>snmp#

Use the following CLI syntax to configure user group and authentication parameters.

CLI syntax:

config>system>security# user user-name
                access [ftp] [snmp] [console] 
                snmp 
                    authentication [none]|[hmac-md5-96 authentication-key | hmac-sha1-96 authentication-key | hmac-sha2-224 authentication-key | hmac-sha2-256 authentication-key | hmac-sha2-384 authentication-key | hmac-sha2-512 authentication-key] privacy [none] | [cbc-des privacy-key | cfb128-aes-128 privacy-key | cfb128-aes-192 privacy-key | cfb128-aes-256 privacy-key] 
                    group group-name

The following is an SNMP configuration example:

A:ALA-1>config>system>security# info
----------------------------------------------
user "testuser"
access snmp
snmp
authentication hash hmac-md5-96 e14672e71d3e96e7a1e19472527ee969 privacy none
group testgroup
exit
exit
...
----------------------------------------------
Note:

Use the tools perform system management-interface snmp generate-key command to generate authentication and privacy keys.

An offline tool can also be used to generate the authentication and privacy keys. In addition to the Nokia Network Services Platform (NSP), which includes the password2key tool, several third-party tools are also available for use. For example, snmpv3-hashgen in the Python SNMPv3-Hash-Generator package generates the correct keys.