SNMP Groups

In SNMPv1 and SNMPv2, a community string is sent along with the SNMP frames. The community string acts as a password to gain access to an SNMP agent. However, neither the frames nor the community string is encrypted. Therefore, SNMPv1 and SNMPv2 aren’t secure.

In SNMPv3, the following security mechanisms can be configured.

  • Authentication—The device checks that the SNMP user is an authorized system administrator. This is done for each frame.

  • Privacy—SNMP frames can carry encrypted data.

Thus, in SNMPv3, there are three levels of security:

  • No security (No authentication and no privacy)

  • Authentication (Authentication and no privacy)

  • Authentication and privacy

SNMPv3 provides a means of controlling the content each user can read or write and the notifications they receive. A group defines read/write privileges and a level of security. It becomes operational when it’s associated with an SNMP user or community.

Note

To associate a non-default view with a group, first create the view in the SNMP Views.

To create an SNMP group, complete the following steps:

Procedure

Step 1

Click SNMP > Groups.

This page contains the existing SNMP groups and their security levels.

Step 2

Click Add.

Step 3

Enter the parameters.

  • Group Name—Enter a new group name.

  • Security Model—Select the SNMP version attached to the group, SNMPv1, v2, or v3.

    Three types of views with various security levels can be defined. For each security level, select the views for Read, Write, and Notify by entering the following fields:

  • Enable—Select this field to enable the Security Level.

  • Security Level—Define the security level attached to the group. SNMPv1 and SNMPv2 support neither authentication nor privacy. If SNMPv3 is selected, choose one of the following:

    • No Authentication and No Privacy—Neither the Authentication nor the Privacy security levels are assigned to the group.

    • Authentication and No Privacy—Authenticates SNMP messages, and ensures that the SNMP message origin is authenticated but doesn’t encrypt them.

    • Authentication and Privacy—Authenticates SNMP messages, and encrypts them.

  • View—Select to associate a view with either read, write, and/or notify access privileges of the group limits the scope of the MIB tree to which the group has read, write, and notify access.

    • Read—Management access is read-only for the selected view. Otherwise, a user or a community associated with this group is able to read all MIBs except those that control SNMP itself.

    • Write—Management access is written for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself.

    • Notify—Limits the available content of the traps to those included in the selected view. Otherwise, there’s no restriction on the contents of the traps.

Step 4

Click Apply. The SNMP group is saved to the Running Configuration file.