The following configuration example shows how to create a group that has read access to all the OIDs in the
system except the sysUpTime object (1.3.6.1.2.1.1.3), which has been excluded from the view applied to the
group, but write access only to the sysName object (1.3.6.1.2.1.1.5):
!
snmp-server view view_name1 1.3.6.1.2.1.1 included
snmp-server view view_name1 1.3.6.1.2.1.1.3 excluded
snmp-server view view_name2 1.3.6.1.2.1.1.5 included
snmp-server group group_name1 v3 auth read view_name1 write view_name2
!
Verifying Groups
This example shows how to verify the attributes of configured groups:
RP/0/RP0/CPU0:router#
show snmp group
groupname: group_name1
security model:usm
readview : view_name1
writeview: view_name2
notifyview: v1default
row status: nonVolatile
Creating and Verifying Users
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view view_name 1.3.6.1.2.1.1 included
snmp-server group group_name v3 noauth read view_name write view-name
!
This example shows how to create a noAuthNoPriv user with read and write view access to a system group:
config
snmp-server user noauthuser group_name v3
The user must belong to a noauth group before a noAuthNoPriv user can be created.
Note
This example shows how to verify the attributes that apply to the SNMP user:
RP/0/RP0/CPU0:router#
show snmp user
User name: noauthuser
Engine ID: localSnmpID
storage-type: nonvolatile active
Given the following SNMPv3 view and SNMPv3 group configuration:
!
snmp-server view SNMP_VIEW1 1.3.6.1.2.1.1 included
snmp-server group SNMP_GROUP1 v3 auth notify SNMP_VIEW1 read SNMP_VIEW1 write SNMP_VIEW1
!
This example shows how to create a user with authentication (including encryption), read, and write view
access to a system group:
config
snmp-server user userv3authpriv SNMP_GROUP1 v3 auth md5 password123 priv aes 128 password123
System Management Configuration Guide for Cisco NCS 5000 Series Routers, IOS XR Release 6.2.x
31
Implementing SNMP
Configuring SNMPv3: Examples