Manualshelf

Specifications

ManualsBrandsExtreme Networks ManualsComputer equipmentExtremeWare XOS Command
51525354555657585960
58 ExtremeWare XOS 11.0 Concepts Guide
Managing the Switch
Groups. Groups are used to manage access for the MIB. You use groups to define the security model,
the security level, and the portion of the MIB that members of the group can read or write. To
underscore the access function of groups, groups are defined using the following command:
configure snmpv3 add access [[hex <hex_group_name>] | <group_name>] {sec-model [snmpv1
| snmpv2 | usm]} {sec-level [noauth | authnopriv | priv]} {read-view [[hex
<hex_read_view_name>] | <read_view_name>]} {write-view [[hex <hex_write_view_name>]] |
<write_view_name>]} {notify-view [[hex <hex_notify_view_name]] | <notify_view_name>]}
{volatile}
The security model and security level are discussed in “Security Models and Levels” on page 58. The
view names associated with a group define a subset of the MIB (subtree) that can be accessed by
members of the group. The read view defines the subtree that can be read, write view defines the
subtree that can be written to, and notify view defines the subtree that notifications can originate from.
MIB views are discussed in “SNMPv3 MIB Access Control” on page 59.
A number of default (permanent) groups are already defined. These groups are: admin, initial, v1v2c_ro,
v1v2c_rw. To display information about the access configuration of a group or all groups, use the
following command:
show snmpv3 access {[[hex <hex_group_name>] | <group_name>]}
Users are associated with groups using the following command:
configure snmpv3 add group [[hex <hex_group_name>] | <group_name>] user [[hex
<hex_user_name>] | <user_name>] {sec-model [snmpv1| snmpv2 | usm]} {volatile}
To show which users are associated with a group, use the following command:
show snmpv3 group {[[hex <hex_group_name>] | <group_name>] {user [[hex
<hex_user_name>] | <user_name>]}}
To delete a group, use the following command:
configure snmpv3 delete access [all-non-defaults | {[[hex <hex_group_name>] |
<group_name>] {sec-model [snmpv1 | snmpv2c | usm] sec-level [noauth | authnopriv |
priv]}}]
When you delete a group, you do not remove the association between the group and users of the group.
To delete the association between a user and a group, use the following command:
configure snmpv3 delete group {[[hex <hex_group_name>] | <group_name>]} user
[all-non-defaults | {[[hex <hex_user_name>] | <user_name>] {sec-model
[snmpv1|snmpv2c|usm]}}]
Security Models and Levels. For compatibility, SNMPv3 supports three security models:
SNMPv1—no security
SNMPv2c—community strings based security
SNMPv3—USM security
The default is USM. You can select the security model based on the network manager in your network.
The three security levels supported by USM are:
noAuthnoPriv—No authentication, no privacy. This is the case with existing SNMPv1/v2c agents.
AuthnoPriv—Authentication, no privacy. Messages are tested only for authentication.