SNMP ExampleΒΆ
The following example sets up SNMP access for a single community name which can
read anything under .1
(.iso
) in the OID tree, and does not write
access.
snmp community community-name tnsrmon source 10.2.4.0/24 security-name TNSRMonitor
snmp group group-name ROGroup security-name TNSRMonitor security-model v1
snmp group group-name ROGroup security-name TNSRMonitor security-model v2c
snmp view view-name systemview view-type included oid .1
snmp access group-name ROGroup prefix exact model any level noauth read systemview write none
Following through line by line:
First, map the SNMPv1/SNMPv2c community named tnsrmon
to the security name
TNSRMonitor
for clients connecting from 10.2.4.0/24
, which in this
example is a secure management network.
snmp community community-name tnsrmon source 10.2.4.0/24 security-name TNSRMonitor
Next, define a group named ROGroup
, and specify that if the TNSRMonitor
security name connects using SNMPv1, it is considered a member of this group.
snmp group group-name ROGroup security-name TNSRMonitor security-model v1
Add another entry to ROGroup
for TNSRMonitor
if it connects using
SNMPv2c
snmp group group-name ROGroup security-name TNSRMonitor security-model v2c
Now define a view named systemview
which includes the entire OID tree under
.1
. This could also have been specified by name, e.g. .iso
.
snmp view view-name systemview view-type included oid .1
Finally, tie all the entries together by granting access for ROGroup
to read
from systemview
when it connects using any security model, but do not
specify a write group so that it has no write access.
snmp access group-name ROGroup prefix exact model any level noauth read systemview write none
Note
Since SNMPv3 is not yet supported, the values for prefix
and level
must be set as shown. See SNMP Access Rules.