Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

161

162

163

164

165

166

167

168

169

170

ServerIron ADX Administration Guide 151

53-1002434-01

Using the user-based security mode

auth | noauth | priv

[access <standard-acl-id>] [read <viewstring> ] [ write <viewstring>] [notify <viewname>]

NOTE

This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and

group views are created internally using community strings. (See “Establishing SNMP community

strings” on page 147.) When a community string is created, two groups are created, based on the

community string name. One group is for SNMP version 1 packets, while the other is for SNMP

version 2 packets.

The group <groupname> parameter defines the name of the SNMP group to be created.

The v1, v2c, or v3 parameter indicates which version of SNMP is used. In most cases, you will be

using v3, since groups are automatically created in SNMP versions 1 and 2 from community

strings.

The auth | noauth parameter determines whether authentication is required for accessing the

supported views. If auth is selected, then only authenticated packets are allowed to access the

view specified for the user group. Selecting noauth means that no authentication is required to

access the specified view. Selecting priv means that an authentication password is required from

the users.

The auth | noauth | priv parameter is available when you select v3, not v1 or v2.

The access <standard-acl-id> parameter is optional. It allows incoming SNMP packets to be filtered

based on the standard ACL attached to the group.

The read <viewstring> | write <viewstring> parameter is optional. It indicates that users who

belong to this group have either read or write access to the MIB.

The notify <viewname> parameter is optional. It allows trap notifications to be encrypted and sent

to target hosts.

The <viewstring> variable is the name of the view to which the SNMP group members have access.

If no view is specified, then the group has no access to the MIB.

The value of <viewstring> is defined by using the snmp-server view command. The SNMP agent

comes with the "all" view, the default view that provides access to the entire MIB; however, it must

be specified when creating the group. The "all" view also lets SNMP version 3 be backwards

compatibility with SNMP version 1 and version 2.

NOTE

If you plan to use a view other than the "all" view, that view must have been configured before you

create the user group. See “Defining SNMP Views” on page 41-8, for details on the include | exclude

parameters.

Defining an SNMP user account

The snmp-server user command does the following.

• Creates an SNMP user.

• Defines the group to which the user will be associated.

• Defines the type of authentication to be used for SNMP access by this user.

Here is an example of how to create the account: