access list, if nonzero, is used to validate the IP address. If the access list number is
zero, the IP address is accepted. A nonmatching community or an invalid IP address
causes an SNMP authentication error. Each entry in the community table identifies:
■ An SNMP community name
■ An SNMP view name
■ A user’s privilege level
■ Read-only (ro)
■ Read-write (rw)
■ Administrator (admin)
■ An IP access list name
Management Features
Management features of SNMPv3 allow you to specify who will receive notifications
and to define MIB views that users in different groups can access:
■ Notification—Message that informs you of a status change; the equivalent of a
trap in SNMPv1.
■ View—Definition of the management information that is available: read, write,
or notification. Predefined views are available for each group:
■ everything—Includes all MIBs associated with the router, except the
packetMirror MIB
■ user—Includes all MIBs associated with the router, except the packetMirror
MIB and standard and enterprise MIBs used to configure SNMP operation
■ nothing—Excludes all MIBs
■ mirrorAdmin—Includes the packetMirror MIB
■ User—An individual who requires access to the router. The router may provide
authentication and privacy for the user through SNMPv3. Each user is associated
with a group.
■ Group—A set of users with the same access privileges to the router. Three
predefined groups are available: admin, public, and private. Table 17 on page 152
shows the security levels and views associated with these groups.
Table 17: Relationship Among Groups, Security Levels, and Views
Notification/
Trap ViewWrite ViewRead ViewSecurity LevelGroup Name
everythingeverythingeverythingauthentication
and privacy
admin
mirrorAdminmirrorAdminmirrorAdminauthentication
and privacy
mirror
nothingnothingusernonepublic
152 ■ Overview
JUNOSe 11.1.x System Basics Configuration Guide
To Next Page
Loading...