Defining SNMP Communities
Access rights in SNMPv1 and SNMPv2 are managed by defining communities in the Communities page. The community name is a type of shared password between the SNMP management station and the device. It is used to authenticate the SNMP management station.
Communities are only defined in SNMPv1 and v2 because SNMP v3 works with users instead of communities. The users belong to groups that have access rights assigned to them.
The Communities page associates communities with access rights, either directly (Basic mode) or through groups (Advanced mode):
- Basic Mode--The access rights of a community are configured with Read Only, Read Write, or SNMP Admin. In addition, you can restrict the access to the community to only certain MIB objects, by selecting a view to be associated with the community. Views are defined in the SNMP Views page
- Advanced Mode--The access rights to a community is defined by a group which is configured with a specific security model. The access rights in a group are defined by the Read, Write, and Notify access to the associated views. Groups are defined in the Groups page.
To define SNMP communities:
- Click SNMP > Communities. The Communities page opens.
This page displays the Basic and Advanced tables.
- Click Add. The Add SNMP Community page opens.
This page enables network managers to define and configure new SNMP communities.
- SNMP Management Station--Click User Defined to enter the management station IP address that can access the SNMP community. Click All to indicate that any IP device can access the SNMP community.
- IP Version--Select either IPv4 or IPv6.
- IPv6 Address Type--Select the supported IPv6 address type if IPv6 is used. The options are:
- Link Local--The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration.
- Global--The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks.
- Link Local Interface--If the IPv6 address type is Link Local, select whether it is received through a VLAN or ISATAP.
- IP Address--Enter the SNMP management station IP address.
- Community String--Enter the community name (password) used to authenticate the management station to the device.
- Basic--Select this mode for a selected community. In this mode, there is no connection to any group. You can only choose the community access level (Read Only, Read Write, or SNMP Admin) and, optionally, further qualify it for a specific view. By default, it applies to the entire MIB. If this is selected, enter the following fields:
- Access Mode--Select the access rights of the community. The options are:
Read Only--Management access is restricted to read-only. Changes cannot be made to the community.
Read Write--Management access is read-write. Changes can be made to the device configuration, but not to the community.
SNMP Admin--User has access to all device configuration options, as well as permissions to modify the community. SNMP Admin is equivalent to Read Write for all MIBs except for the SNMP MIBs. SNMP Admin is required for access to the SNMP MIBs.
- View Name--Select an SNMP view (a collection of MIB subtrees to which access is granted).
- Advanced--Select this mode for a selected community.
- Click Apply. The SNMP Community is defined, and the Running Configuration is updated.