Creating SNMP Groups

In SNMPv1 and SNMPv2, a community string is sent along with the SNMP frames. The community string acts as a password to gain access to an SNMP agent. However, neither the frames nor the community string are encrypted. So SNMPv1 and SNMPv2 are not secure.

In SNMPv3, the following security mechanisms can be configured.

Thus, in SNMPv3, there are three levels of security:

SNMPv3 provides a way to control what even authorized and authenticated users can see and perform, by associating each user with a group.

A group defines read/write privileges and a level of security. It becomes operational when it is associated with an SNMP user or community.

NOTE     To associate a non-default view with a group, first create the view in the Views page.

To create an SNMP group:

  1. Click SNMP > Groups. The Groups page opens.
  2. This page displays the existing SNMP groups.

  3. Click Add. The Add Group page opens.
  4. Enter the parameters.
    • Group Name--Enter a new group name.
    • Security Model--Select the SNMP version attached to the group, SNMPv1, v2, or v3.
    • Security Level--Define the security level attached to the group. If SNMPv1 or SNMPv2 are selected only No Authentication and No Privacy are available. If SNMPv3 is selected, choose one of the following:
      • No Authentication--Neither the Authentication nor the Privacy security levels are assigned to the group.
      • Authentication--Authenticates SNMP messages, and ensures the SNMP message origin is authenticated but does not encrypt them, meaning that they can be intercepted and read.
      • Privacy--Encrypts SNMP messages.
    • View--Define the access rights of the group and associate the group with a view. The options are:
      • Read--Management access is read-only for the selected view. Otherwise, a user or a community associated with this group is able to read all MIBs except those that control SNMP itself.
      • Write--Management access is write for the selected view. Otherwise, a user or a community associated with this group is able to write all MIBs except those that control SNMP itself.
      • Notify--Sends only traps with contents that is included in the SNMP view selected for notification. Otherwise, there is no restriction on the contents of the traps. This can only be selected for SNMP v3.
  5. Click Apply. The SNMP Group is defined, and the Running Configuration file is updated.