Foundry NetIron M2404C and M2404F Metro Access Switches
Configuring SNMP (Rev. 03)
Simple Network Management Protocol
© 2008 Foundry Networks, Inc.
Page 17 of 48
device-name
(config)#
snmp-server user TOM group g_all_v1 v1
Example 2
The following example shows how to create a user named
TOM
that uses SNMP v3 with
authentication and privacy. The privacy password is
privPass
and the authentication password is
authPass
:
device-name
(config)#
snmp-server
user TOM group g_all_v3 v3 priv privPass
auth md5 authPass
Example 3
The following example shows how to remove a defined v3 user named
IVAN
from an associated
group
ACC
:
device-name
(config)#
no snmp-server user IVAN group ACC v3
Assigning an Access List to a User
The
snmp-server access-list
command, in Global Configuration mode, assigns an access list to the
specified user. The
no
form of this command, removes the access list assigned to the specified user.
The access list can permit or deny access to a user according to the access list rule. The access list
rules contain a
permit
or
deny
action and a source IP address. To define the named access list use
the
snmp-server
access-list
and
access-list
commands in Global Configuration mode. The defined
access lists can be viewed by the
show access-lists
and/or
show snmp access-list
commands in
Privileged (Enable) mode.
NOTE
SNMPv3 time synchronization may double the ‘authenticationFailure’
notifications. This can happen when applying user access lists on SNMPv3 users. In
this case the SNMP requests contain ‘engineBoots’ or ’engineTime’ equals to zero
(0) as time synchronization. The request cannot take place because of the access
list. Therefore, ‘notInTimeWindow’ occurs, which generates an additional
‘authenticationFailure’ notification.
Command Syntax
device-name
(config)#
snmp-server access-list USER-NAME ACL-NAME
device-name
(config)#
no snmp-server access-list USER-NAME
Argument Description
USER-NAME
The user name.
ACL-NAME
The access list name.
Example:
The following example shows how to create and assign an access list to a user named
IVAN
.
device-name
(config)#
access-list MyLyst permit 220.132.0.0/16
device-name
(config)#
snmp-server access-list IVAN MyLyst