Article ID: 5245
Products
DFE
Goals
Sample configuration
Solution
The default SNMP configuration for the DFE includes a single community name - "public" - which grants read-write access to the whole MIB tree for both SNMPv1 and SNMPv2c.
See
5116, about configuring for SNMPv1 and traps.
See
5086, about configuring for SNMPv3.
See
5610, about configuring SNMP views.
See
5232, for router MIB access.
For SNMPv1, here is what is already in place:
set snmp community public
set snmp group groupRW user public security-model v1
set snmp access groupRW security-model v1 read All write All notify All
set snmp view viewname All subtree 1
Note: Any use of the parameter 'All'
must be exactly as shown here (or, to be more precise, exactly as defined in the 'set snmp view' statement, determining which portion of the mib tree will be acccessible). Using any other variation (including, but not limited to, values such as 'all' or 'ALL') will generate no errors, but will
not work!
To add a new SNMPv1 community name with the same permissions, you would use the following command sequence. In this example, the new SNMPv1 community name is "newname":
set snmp community newname
set snmp group groupRW user newname security-model v1
To remove a community name , you would use the following command sequence. In this example, the SNMPv1 community name to be removed is "public":
clear snmp community public
The 'set snmp group groupRW user public security-model v1' statement may be left in place, in case it is desired to re-activate the "public" community name at some point; or it can be cleared as well.
As another example, here is how you would add an SNMPv1 community name for read-only access using the already-defined 'All' view of the entire mib:
set snmp community Ronly
set snmp group groupRO user Ronly security-model v1
set snmp access groupRO security-model v1 read All
See the
Matrix DFE Configuration Guide for more detail.