Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Here is the configuration relation diagram in SNMPv3.A user can be added to a group or not as you need.Once a user joined a group,one or more kinds of views (notfiy-view, write-view, read-view) must be configured.Besides, configurations on user change with the security-level of the group as below 3 diagrams. Note notify-view,write-view and read-view are optional but you have to choose at least one view.In the below diagram,view1,view2,view3 can be the same or different.

 Image Removed   Image Removed   Image Removed

Image AddedImage AddedImage Added


Configuring Basic Information

Contact and location information can be configured as below which is the same as SNMPv2.

 


Code Block
admin@XorPlus# set protocols snmp contact support@pica8.com
admin@XorPlus# set protocols snmp location beijing 
admin@XorPlus# commit
Commit OK.
Save done.

...

By default, trap messages are sent in the form of SNMPv2. But you can change it to SNMPv3 as below and designate NMS to which trap messages are sent. Note that in SNMPv3, security-name is user while in SNMPv2, security-name is community.

 

Code Block
admin@XorPlus# set protocols snmp trap-group version v3  
admin@XorPlus# set protocols snmp trap-group targets 10.10.51.42 security-name user1  
admin@XorPlus# commit
Commit OK.
Save done.

...

If you want to improve security, the user needs to be added to a group. Because in this way, you can configure a read-view, write-view or notify-view(you can choose only one kind or more as you need) which defines the authority of a NMS. Before configuring a read-view(write-view or notify-view), please set up a mib-view which is used as a view of the group. Here are the configurations. As for a mib-view, you can include or exclude some subtrees and can also configure mask for them.

 

Code Block
admin@XorPlus# set protocols snmp v3 usm-user user2 group group1  
admin@XorPlus# set protocols snmp v3 mib-view view1 subtree 1.3.6.1.2.1 type included 
admin@XorPlus# set protocols snmp v3 mib-view view1 subtree 1.3.6.1.2.1.6.13 type excluded  
admin@XorPlus# set protocols snmp v3 mib-view view1 subtree 1.3.6.1.2.1 mask fc  
admin@XorPlus# set protocols snmp v3 mib-view view1 subtree 1.3.6.1.2.1.6.13 mask ff 
admin@XorPlus# set protocols snmp v3 group group1 read-view view1  
admin@XorPlus# set protocols snmp v3 group group1 write-view view1  
admin@XorPlus# set protocols snmp v3 group group1 notify-view view1 
admin@XorPlus# commit
Commit OK.
Save done.

...

You can improve security better by configuring security-level for the group. And the default setting of security-level is NoAuthNoPriv. You can change it to AuthNoPriv or AuthPriv. But please remember to configure authentication-mode, authentication-key, privacy-mode, privacy-key  for the user. Configuration are as below.

 


Code Block
admin@XorPlus# set protocols snmp v3 group group1 security-level AuthPriv 
admin@XorPlus# set protocols snmp v3 usm-user user1 authentication-mode md5  
admin@XorPlus# set protocols snmp v3 usm-user user1 authentication-key authnkey
admin@XorPlus# set protocols snmp v3 usm-user user1 privacy-mode des  
admin@XorPlus# set protocols snmp v3 usm-user user1 privacy-key privykey
admin@XorPlus# commit
Commit OK.
Save done.

...