From: Bruce Lee (ccie.sp.vn@gmail.com)
Date: Wed Nov 23 2005 - 23:41:47 GMT-3
Hi,
This is my config:
snmp-server group read v2c
snmp-server group write v2c write v1default
snmp-server user user1 read v2c
snmp-server user user2 write v2c
It's ok for user1 (read-only), but I can't use user2 as community-string for
write privilege.
Thanks.
-----Original Message-----
From: Big guy [mailto:jenseike@start.no]
Sent: Wednesday, November 23, 2005 5:58 PM
To: Bruce Lee; gladston@br.ibm.com; ccielab@groupstudy.com
Subject: SV: SNMP using GROUP and USER
Here is a working config...
snmp-server group v2group v2c access 1
snmp-server enable traps tty
snmp-server host 192.150.1.235 version 2c cisco
-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com]Pa vegne av
Bruce Lee
Sendt: 23. november 2005 10:59
Til: gladston@br.ibm.com; ccielab@groupstudy.com
Emne: RE: SNMP using GROUP and USER
Dear group,
I using SNMP with user/group v2c (not using community string), and it
doesn't work .
Any idea about it?
Thanks.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Friday, May 27, 2005 2:39 AM
To: ccielab@groupstudy.com
Subject: SNMP using GROUP and USER
Would you agree with this answer?
Task:
Configure the minimal commands to allow a remote management station to read
all mibs using group/user:
Answer:
Rack2CAT1(config)#snmp-server group GROUP v2
Rack2CAT1(config)#snmp-server user USER GROUP v2
Results of sh snmp and sh snmp group make me think these two commands are
enough. But I would like to confirm it with a snmp get (there is not one
Linux
on the lab rack I am using).
It would be nice if IOS had a hiden snmpwalk command.
Rack2CAT1(config)#snmp-server group GROUP v2
Rack2CAT1(config)#snmp-server user USER GROUP v2
Rack2CAT1(config)#do sh snmp
Chassis: CHK0705W0YD
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled
SNMP agent enabled
Rack2CAT1(config)#do sh ip so | i 161
17 0.0.0.0 0 142.20.47.7 161 0 0 1 0
Rack2CAT1(config)#
groupname: GROU{ security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
Specifying group/user with view read-only view:
Rack2CAT1(config)#snmp-server view VIEW-RO mib-2 included
Rack2CAT1(config)#snmp-server group GROUP-RO v2 read VIEW-RO
Rack2CAT1(config)#snmp-server user USER-RO GROUP-RO v2
Rack2CAT1(config)#do sh snmp
Chassis: CHK0705W0YD
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled
SNMP agent enabled
Rack2CAT1(config)#do sh snmp group
groupname: GROUP security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: GROUP-RO security model:v2c
readview :VIEW-RO writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
Specifying group/user with read-write view:
Rack2CAT1(config)#snmp-server view VIEW-RW lsystem.55 in
Rack2CAT1(config)#snm
Rack2CAT1(config)#snmp-ser
Rack2CAT1(config)#snmp-server gr
Rack2CAT1(config)#snmp-server group GROUP-RW ?
v1 group using the v1 security model
v2c group using the v2c security model
v3 group using the User Security Model (SNMPv3)
Rack2CAT1(config)#snmp-server group GROUP-RW v2 ?
access specify an access-list associated with this group
notify specify a notify view for the group
read specify a read view for the group
write specify a write view for the group
<cr>
Rack2CAT1(config)#snmp-server group GROUP-RW v2 wr
Rack2CAT1(config)#snmp-server group GROUP-RW v2 write ?
WORD write view name
Rack2CAT1(config)#snmp-server group GROUP-RW v2 write VIEW-RW ?
access specify an access-list associated with this group
notify specify a notify view for the group
<cr>
Rack2CAT1(config)#snmp-server group GROUP-RW v2 write VIEW-RW
Rack2CAT1(config)#snmp-ser
Rack2CAT1(config)#snmp-server user
Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW ?
remote Specify a remote SNMP entity to which the user belongs
v1 user using the v1 security model
v2c user using the v2c security model
v3 user using the v3 security model
Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW v2 ?
access specify an access-list associated with this group
<cr>
Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW v2
Rack2CAT1(config)#
Rack2CAT1(config)#do sh snmp gr
groupname: GROUP security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: GROUP-RO security model:v2c
readview :VIEW-RO writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: GROUP-RW security model:v2c
readview :v1default writeview: VIEW-RW
notifyview: <no notifyview specified>
row status: active
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:07 GMT-3