Defining an snmp group – Brocade TurboIron 24X Series Configuration Guide User Manual

168

Brocade TurboIron 24X Series Configuration Guide

53-100305301

Establishing SNMP community strings

•

Octets 1 through 4 represent the agent's SNMP management private enterprise number as
assigned by the Internet Assigned Numbers Authority (IANA). The most significant bit of Octet 1
is "1". For example, “000007c7” is the ID for Brocade Communications, Inc. in hexadecimal.
With Octet 1 always equal to "1", the first four octets in the default engine ID is always
“800007c7” (which is 1991 in decimal).

•

Octet 5 is always 03 in hexadecimal and indicates that the next set of values represent a MAC
address.

•

Octets 6 through 11 form the MAC address of the lowest port in the management module.

NOTE

Engine ID must be a unique number among the various SNMP engines in the management domain.
Using the default engine ID ensures the uniqueness of the numbers.

Defining an SNMP group

SNMP groups map SNMP users to SNMP views. For each SNMP group, you can configure a read
view, a write view, or both. Users who are mapped to a group will use its views for access control.

To configure an SNMP user group, enter a command such as the following.

TurboIron(config)#snmp-server group admin v3 auth read all write all

Syntax: [no] snmp-server group v1 | v2 | v3 auth | noauth | priv [access

] [read | write ]

NOTE

This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and
group views are created internally using community strings. (refer to

“Establishing SNMP

community strings”

on page 164.) When a community string is created, two groups are created,

based on the community string name. One group is for SNMP version 1 packets, while the other is
for SNMP version 2 packets.

The group parameter defines the name of the SNMP group to be created.

The v1, v2, or v3 parameter indicates which version of SNMP is used. In most cases, you will be
using v3, since groups are automatically created in SNMP versions 1 and 2 from community
strings.

The auth | noauth parameter determines whether or not authentication will be required to access
the supported views. If auth is selected, then only authenticated packets are allowed to access the
view specified for the user group. Selecting noauth means that no authentication is required to
access the specified view. Selecting priv means that an authentication password will be required
from the users.

The access parameter is optional. It allows incoming SNMP packets to be
filtered based on the standard ACL attached to the group.

The read | write parameter is optional. It indicates that users who
belong to this group have either read or write access to the MIB.

The variable is the name of the view to which the SNMP group members have access.
If no view is specified, then the group has no access to the MIB.