SNMP ExampleΒΆ

The following example sets up SNMP access for a single community name which can read anything under .1 (.iso) in the OID tree, and does not write access.

snmp community community-name tnsrmon source 10.2.4.0/24 security-name TNSRMonitor
snmp group group-name ROGroup security-name TNSRMonitor security-model v1
snmp group group-name ROGroup security-name TNSRMonitor security-model v2c
snmp view view-name systemview view-type included oid .1
snmp access group-name ROGroup prefix exact model any level noauth read systemview write none

Following through line by line:

First, map the SNMPv1/SNMPv2c community named tnsrmon to the security name TNSRMonitor for clients connecting from 10.2.4.0/24, which in this example is a secure management network.

snmp community community-name tnsrmon source 10.2.4.0/24 security-name TNSRMonitor

Next, define a group named ROGroup, and specify that if the TNSRMonitor security name connects using SNMPv1, it is considered a member of this group.

snmp group group-name ROGroup security-name TNSRMonitor security-model v1

Add another entry to ROGroup for TNSRMonitor if it connects using SNMPv2c

snmp group group-name ROGroup security-name TNSRMonitor security-model v2c

Now define a view named systemview which includes the entire OID tree under .1. This could also have been specified by name, e.g. .iso.

snmp view view-name systemview view-type included oid .1

Finally, tie all the entries together by granting access for ROGroup to read from systemview when it connects using any security model, but do not specify a write group so that it has no write access.

snmp access group-name ROGroup prefix exact model any level noauth read systemview write none

Note

Since SNMPv3 is not yet supported, the values for prefix and level must be set as shown. See SNMP Access Rules.