group <group_name>
Identifies the group that has the privileges that will be assigned to the user.
For more details, see Group access levels on page 150.
user <user_name>
Identifies the user to be added to the access group. This must match the
user name added with the snmpv3 user command.
sec-model {<ver1 | ver2c |
ver3>
Defines which security model to use for the added user. An SNMPv3
access group should use only the ver3 security model.
Group access levels
The switch supports eight predefined group access levels, shown in the following table. There are four levels for
use by version 3 users and four are used for access by version 2c or version 1 management applications.
Table 17: Predefined group access levels
Group name Group access type Group read view Group write view
managerpriv Ver3 Must have
Authentication and Privacy
ManagerReadView ManagerWriteView
managerauth Ver3 Must have
Authentication
ManagerReadView ManagerWriteView
operatorauth Ver3 Must have
Authentication
OperatorReadView DiscoveryView
operatornoauth Ver3 No Authentication OperatorReadView DiscoveryView
commanagerrw Ver2c or Ver1 ManagerReadView ManagerWriteView
commanagerr Ver2c or Ver1 ManagerReadView DiscoveryView
comoperatorrw Ver2c or Ver1 OperatorReadView OperatorReadView
comoperatorr Ver2c or Ver1 OperatorReadView DiscoveryView
Each view allows you to view or modify a different set of MIBs:
• Manager Read View – access to all managed objects
• Manager Write View – access to all managed objects except the following:
◦ vacmContextTable
◦ vacmAccessTable
◦ vacmViewTreeFamilyTable
• OperatorReadView – no access to the following:
◦ icfSecurityMIB
◦ hpSwitchIpTftpMode
◦ vacmContextTable
150 Aruba 2530 Management and Configuration Guide for
ArubaOS-Switch 16.05
To Next Page
Loading...
