Article ID: 5086
Matrix N-Series DFE
Configure for SNMPv3
The default SNMP configuration for the DFE includes a single community name - "public" - which grants read-write access to the whole MIB tree for both SNMPv1 and SNMPv2c.
for more about this, and about configuring SNMPv1.
about configuring SNMP views.
about configuring SNMPv3 informs/traps.
If you wish to create an SNMPv3 user, then here is a quick sample configuration to use as a template. This creates a group "SystemAdmin" which has read-only access to the whole MIB tree using authentication but not privacy (encryption), read-write access to the whole MIB (with trap capability) using both authentication and privacy, or read-only access when using neither authentication nor privacy.
# Set up access rules for group "SystemAdmin".
set snmp access SystemAdmin security-model usm authentication read All write All
set snmp access SystemAdmin security-model usm privacy read All write All notify All
set snmp access SystemAdmin security-model usm noauthentication read All
The above use of the parameter "usm" invokes the SNMPv3 User Model. The other possibilities are "v2c" for SNMPv2 and "v1" for SNMPv1.
The above use of the parameter "All" refers to the MIB view defined by the 'set snmp view viewname All subtree 1' command, present by default. This is case sensitive, and must exactly correspond to any view name which defines the portion of the MIBs that may be accessed. The predefined "All" view permits users to access MIB OID branch "1=iso" - effectively, the whole MIB tree.
Typically only a single access command is utilized per group, except when router context (see below) comes into play.
# Map user "MyUserName" into the "SystemAdmin" group.
set snmp group SystemAdmin user MyUserName security-model usm
# Create the user "MyUserName" who will utilize MD5 authentication.
set snmp user MyUserName authentication md5 myauthpass privacy myprivpass
On the DFE, the above configured rules give access to only the switching elements of the device (5232
). To give the same user access to all the router contexts, also add the following commands. Optionally, you can add granularity by referencing "router1" or "router2", instead of the more general term "router".
set snmp access SystemAdmin security-model usm authentication context router read All write All
set snmp access SystemAdmin security-model usm privacy context routerread All write All notify All
set snmp access SystemAdmin security-model usm noauthentication context router read All
See the Matrix DFE Configuration Guide
for more detail.