ADC Telecommunications, Inc.
198 CHAPTER 9: SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)
Sample SNMP ConfigurationsThis section provides sample configurations for SNMPv1/v2c community
access control, SNMPv3 access control, and notification.
Sample SNMPv1/v2c Community Access Control
To configure SNMPv1/v2c community access control, you must:
1. Configure SNMP Access Views.
2. Configure SNMP Groups.
3. Configure SNMPv1, v2c Communities.
In this sample configuration, the administrator creates three communities
(and associated views and groups):
■A community called “monitor” that allows any host read-only access to
the entire MIB, except for sensitive SNMP configuration information. No
write access is allowed.
■A community called “admincon” that allows read-write access to the
entire MIB, but only from management hosts in a particular address range
(such as a management network operations center). In this case, the
address range is 100.100.0.0 through 100.100.255.255.
■A community called “justme” that allows the same access as the
“admincon” community, but from two individual hosts only.
To configure the “monitor” community, the administrator first issues the
following commands to configure two read-only views, each named
“nosnmpconfig:”
cli:192.168.208.3:root# snmp-server view nosnmpconfig 1.3.6.1 included
cli:192.168.208.3:root# snmp-server view nosnmpconfig snmpModules excluded
The administrator then creates two groups named “monitorgroup” that
associate the read-only view (nosnmpconfig) and the community “monitor,”
which is created afterward.
cli:192.168.208.3:root# snmp-server group monitorgroup v1 read nosnmpconfig
cli:192.168.208.3:root# snmp-server group monitorgroup v2 read nosnmpconfig
The administrator then creates the community “monitor,” which includes an
association to the group named “monitorgroup.”
cli:192.168.208.3:root# snmp-server community monitor monitorgroup