28
Security model
Security model
keyword for the
group
Security key
settings for the
user
Remarks
Authentication without
privacy
authentication
Authentication key
If no authentication key is
configured, SNMP
communication will fail.
The encryption key (if
any) for the user does not
take effect.
No authentication, no
privacy
Neither
authentication
nor
privacy
None
The authentication and
encryption keys, if
configured, do not take
effect.
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the
NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following
restrictions apply if an ACL is used for creating the group or user:
•
If the specified ACL does not exist, or the specified ACL does not contain any rule, all NMSs can
access the device.
•
If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN
instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on
the public network.
•
If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the
device.
For more information about ACL, see
ACL and QoS Configuration Guide
.
Examples
# Create the SNMPv3 group
group1
.
<Sysname> system-view
[Sysname] snmp-agent group v3 group1
Related commands
display
snmp-agent
group
snmp-agent
mib-view
snmp-agent
usm-user
snmp-agent local-engineid
Use
snmp-agent local-engineid
to set an SNMP engine ID.
Use
undo snmp-agent local-engineid
to restore the default.
Syntax
snmp-agent
local-engineid
engineid
undo
snmp-agent
local-engineid
Default
The engine ID of a device is the combination of the company ID and the device ID.
Views
System view
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...