Setup User Example

A specific example that you night find useful is: "What if I want to add a user "dave" that uses MD5 authentication, and who has read access to all objects under "mib-2" but not "interfaces"."

The first step is to make sure that when we’re done our "dave" is going to be able to send packets to this agent. As on the following screen capture make sure that the agent will either be able to accept packets from any host or if "Accept SNMP Packets from These Hosts" is selected then make sure the hosts that "dave" is likely to be using is listed with the hosts that it will accept packets from.

$image\ebx_-1911353034.gif$

The next step is to create the user with his security protocols. In this case, on the "Security/USM" page we enter a new row with the data "dave", "MD5" and "md5auth" before we click on the "Apply" button to enter the row.

$image\ebx_-288863655.gif$

Next we will establish and name the dave’s view of the MIB, specifically, to be able to read the objects on the "mib-2" (1.3.6.1.2.1) branch except for the "Interfaces" (1.3.6.1.2.1.2) branch. You will need to produce the three rows highlighted below. The name "mib-2 less interfaces" is arbitrary but is at least somewhat descriptive. Creating an additional view named "none" which excludes everything from the root is useful for the write and notify views which should not allow any access.

$image\ebx_-661503306.gif$

Next we will associate a security model and security name with a specific, yet to be defined group. By creating the highlighted row below you will be associating our user "dave" running SecurityModel "secModelUSM" with a specific group’s view of the MIB. Given a limited number of groups defined, creating a new group shouldn’t hurt.

$image\ebx_-974473989.gif$

Next we need to define the group "grpType2" which we used above. As illistrated below, you must create a row for our "grpType2" operating in security model "secModelUSM" with security level "authNoPriv". The data for the row has to specify the read, write and notify views for the group. The version of context matching doesn’t matter becaust we are using a null context which matches the same for either version.

$image\ebx_1061608298.gif$

As a last step confirm that there is an empty Context Name to correspond to the context fields we have left blank in a number of previous forms. If one doesn’t exist then create it.

$image\ebx_1855647479.gif$

You’re new user "dave" can now access this agent from an SNMPv3 management station application.