1. ACLI Reference Guide
  2. ACLI Configuration Elements N-Z
  3. snmp-group-entry

snmp-group-entry

The snmp-group-entry element is used by an SNMPv3 agent to create a group of users that belong to a particular security model who can read, write, and add SNMP objects and receive trap notifications.

Note:

This element must be configured in order for an SNMPv3 agent to work.

Parameters

name
Use this required parameter to enter the SNMPv3 group name.
  • Default: none
  • Values: <group-name-string> that is 1 to 24 characters.
mp-model
Use this required parameter to enter the message processing model
  • Default: v3
  • Values: v2 | v3
security-level
Use this required parameter to enter the security level of the SNMP group.
  • Default: authPriv
  • Values:
    • noAuthNoPriv—This value specifies that the user group is authenticated by a string match of the user name and requires no authorization and no privacy similar to SNMPv1 and SNMPv2. This value is specified with the sec-model parameter and its v1v2 value and can only be used with the community-string parameter not specified.
    • authNoPriv—This value specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols without privacy.

      Note:

      If the sec-model parameter is specified to the v1v2 value, the community-string parameter (not configured) defines a coexistence configuration where SNMP version 1 and 2 messages with the community string from the hosts indicated by the user-list parameter and the corresponding snmp-user-entry and snmp-address-entry elements are accepted.
    • authPriv—This default value specifies that the user group is authenticated by using either the HMAC-SHA2-256 or HMAC-SHA2-512 authentication protocols and provided privacy by using AES128 authentication. This value is specified with the SNMP sec-model parameter and its v3 value.
community-string
Use this optional parameter to allow the co-existence of multiple SNMP message version types for this security group.
  • Value: <community-string> that is 1 to 24 characters.

    Note:

    If a community-string is configured, the sec-model parameter value can be only v1v2.
user-list
Use this required parameter to configure host names.
  • Value: <string> that is 1 to 24 characters and must match the name of the user-name parameter of the snmp-user-entry element.

    Note:

    This parameter is configured with the sec-model and sec-level parameters.

    If the user-list value does not match an existing user name, the snmp-group-entry element configuration is invalid when verifying your configuration.

read-view
Use this required parameter to specify a name for the SNMP group's read view for a collection of MIB subtrees.
  • Value: <group-read-view-string> that is 1 to 24 characters.
write-view
Use this required parameter to specify a name for the SNMP group's write view for a collection of MIB subtrees.
  • Value: <name-token> write view that is 1 to 24 characters.
notify-view
Use this required parameter to specify a name for the SNMP group's notification view for a collection of MIB subtrees.
  • Value: <group-notify-view-string> that is 1 to 24 characters.

Path

snmp-view-entry is an element under the system path. The full path from the topmost ACLI prompt is: configure terminal , and then system , and then snmp-group-entry.