43
Only users with the network-admin or level-15 user role can execute this command. Users with other
user roles cannot execute this command even if these roles are granted access to commands of the
SNMP feature or this command.
On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the
community name. On an SNMPv3 network, NMSs and agents authenticate each other by using the
username.
You can create an SNMPv1 or SNMPv2c community by using either of the following ways:
•
Execute the
snmp-agent
community
command.
•
Execute the
snmp-agent
usm-user
{
v1
|
v2c
}
and
snmp-agent
group
{
v1
|
v2c
}
commands to create an SNMPv1 or SNMPv2c user and the group that the user is assigned to.
The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c
username.
The
display
snmp-agent
community
command displays information only about communities
created and saved in plaintext form.
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the
NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following
restrictions apply if an ACL is used for creating the group or user:
•
If the specified ACL does not exist, or the specified ACL does not contain any rule, all NMSs can
access the device.
•
If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN
instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on
the public network.
•
If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the
device.
For more information about ACL, see
ACL and QoS Configuration Guide
.
Examples
# Add the user
userv2c
to the SNMPv2c group
readCom
so an NMS can use the protocol SNMPv2c
and the read-only community name
userv2c
to access the device.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom
# Add the user
userv2c
in the SNMPv2c group
readCom
so only the NMS at 1.1.1.1 can use the
protocol SNMPv2c and read-only community name
userv2c
to access the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-ipv4-basic-2001] rule deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
# Add the user
userv2c
in the SNMPv2c group
readCom
so only the NMS at 1.1.1.2 can use the
protocol SNMPv2c and read-only community name
userv2c
to access the device.
[Sysname] acl basic name testacl
[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0
[Sysname-acl-ipv4-basic-testacl] rule deny source any
[Sysname-acl-ipv4-basic-testacl] quit
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...