No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
snmp-agent group

snmp-agent group

Function

The snmp-agent group command creates an SNMP group by mapping SNMP users to SNMP views.

The undo snmp-agent group command deletes a specified SNMP user group.

By default, no SNMP group is configured.

Format

snmp-agent group v3 group-name { authentication | noauth | privacy } [ read-view read-view | write-view write-view | notify-view notify-view | acl acl-number ] *

undo snmp-agent group v3 group-name { authentication | noauth | privacy }

Parameters

Parameter Description Value
v3 Indicates that the SNMP group uses the security mode in SNMPv3. -
group-name Specifies the name of an SNMP group. It is a string of 1 to 32 case-sensitive characters without spaces.
authentication | noauth | privacy
Indicates the security level of the SNMP group.
  • authentication: indicates that SNMP messages are authenticated but not encrypted.
  • noauth: indicates that SNMP messages are neither authenticated nor encrypted.
  • privacy: indicates that SNMP messages are authenticated and encrypted.

To ensure security, it is recommended that you set the security level of the SNMP group to privacy.

read-view read-view Specifies a read-only view. It is a string of 1 to 32 case-sensitive characters without spaces. read-view specified by the snmp-agent mib-view command.
write-view write-view Specifies a read-write view. It is a string of 1 to 32 case-sensitive characters without spaces. write-view is specified by the snmp-agent mib-view command.
notify-view notify-view Specifies a notify view. It is a string of 1 to 32 case-sensitive characters without spaces. notify-view is specified by the snmp-agent mib-view command.
acl acl-number Specifies a basic ACL. The value is an integer that ranges from 2000 to 2999.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SNMPv1 and SNMPv2c have serious defects in terms of security. The security authentication mechanism used by SNMPv1 and SNMPv2c is based on the community name. In this mechanism, the community name is transmitted in plain text. You are not advised to use SNMPv1 and SNMPv2c on untrusted networks.

By adopting the user-based security model, SNMPv3 eradicates the security defects in SNMPv1 and SNMPv2c and provides two services, authentication and privacy. The SNMP group name and security name determine an SNMP group. SNMPv3 defines the following security levels:

  • noAuthNoPriv
  • AuthNoPriv
  • AuthPriv

The security authentication level noAuthPriv does not exist. This is because the generation of a key is based on the authentication information and product information.

The snmp-agent group command can be used to configure the following:

  • Authentication
  • Privacy
  • Access rights for users of SNMP group
  • Bind the SNMP group to a MIB view
Parameters are selected based on the following rules:
  • To enhance security, configure the parameter authentication or privacy.
    • If neither authentication nor privacy are configured, SNMP messages are not authenticated or encrypted. This applies to the environment that is secure and has a fixed administrator.

    • To authenticate SNMP messages without encryption, configure the parameter authentication. This mode is applicable to secure networks managed by many administrators who may frequently perform operations on the same device. Authentication allows only the administrators with permission to access the device.

    • To authenticate and encrypt SNMP messages, configure the parameter privacy. This mode is applicable to insecure networks managed by many administrators who may frequently perform operations on the same device. Authentication and encryption allow only specified administrators to access the device and encrypts data before the transmission. This prevents data from being tampered or leaked.

  • To grant the NMS read-only permission in the specified view, configure read-view. To grant the NMS read-write permission in the specified view, configure write-view.

    To filter unnecessary alarms, configure notify-view. After this parameter is configured, only alarms generated on MIB objects specified by notify-view are delivered to the NMS.

    By default, the read-only view of an SNMP group is the ViewDefault view, and the names of the read-write view and inform view are not specified.

  • To allow specified NMSs in the same SNMPv3 group to access the device, configure acl.

Configuration Impact

When you run the undo snmp-agent group command to delete an SNMP user group, you delete all SNMP users in the SNMP user group.

Precautions

To receive trap messages specified in notify-view, you need to ensure the target host for receiving SNMP traps is specified through the snmp-agent target-host trap-hostname command.

User access can be encrypted and authenticated, authenticated but not encrypted, or neither authenticated nor encrypted. If the access level of a user is lower than the security level of the specified group, the access fails. When the groups that a user can access have multiple security levels, the user can select the group with the highest security level among the groups that can be accessed, and access the view of the group.

Example

# Create an SNMPv3 group named Johngroup, authenticate and encrypt SNMP messages, and configure the view that the SNMPv3 group can read only to public.

<Huawei> system-view
[Huawei] snmp-agent group v3 Johngroup privacy read-view public

# Create an SNMPv3 group named Johngroup, authenticate and encrypt SNMP messages, and configure the view that the SNMPv3 group write-view to private.

<Huawei> system-view
[Huawei] snmp-agent group v3 Johngroup privacy write-view private
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 194887

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next