SNMP
7450 ESS System Mangement Guide Page 285
User-Based Security Model Community Strings
User-based security model (USM) community strings associates a community string with an
SNMPv3 access group and its view. The access granted with a community string is restricted
to the scope of the configured group.
Views
Views control the access to a managed object. The total MIB of a router can be viewed as a
hierarchical tree. When a view is created, either the entire tree or a portion of the tree can be
specified and made available to a user to manage the objects contained in the subtree. Object
identifiers (OIDs) uniquely identify managed objects. A view defines the type of operations
for the view such as read, write, or notify.
OIDs are organized in a hierarchical tree with specific values assigned to different
organizations. A view defines a subset of the agent’s managed objects controlled by the access
rules associated with that view.
The following system-provisioned views are available through the
config>system>security>snmp# view context, which are particularly useful when
configuring SNMPv1 and SNMPv2c:
• “iso” view—intended for administrative-type access to the entire supported object
tree (except Lawful Interception)
• “no-security” view—similar to “iso” view, but removes access to several security
areas of the object tree (such as SNMP communities, user and profile configuration,
SNMP engine ID, etc). The “no-security” view is generally recommended over the
“iso” view to reduce access to security objects.
• “li-view” view—provides access to a small set of Lawful Interception related objects
• “mgmt-view” view—provides access to IF-MIB and a few other basics
• “vprn-view” view—used to limit access to objects associated with a specific VPRN
(for example, the Per-VPRN Logs and SNMP Access feature)
The Alcatel-Lucent SNMP agent associates SNMPv1 and SNMPv2c community strings with
a SNMPv3 view.
Access Groups
Access groups associate a user group and a security model to the views the group can access.
An access group is defined by a unique combination of a group name, security model
To Next Page
Loading...
