SNMPv3 granular access control for traps and reads?

Answered Question

Is it possible to create a SNMPv3 user which can only be used for traps (SNMP GET requests will not be allowed from the same NMS)?


It seems that creating "notify group" also allows reads:


snmp-server group trapgroup v3 auth notify v1default


show snmp group


groupname: trapgroup security model:v3 auth

readview : v1default writeview: <no writeview specified>

notifyview: v1default

row status: active


Correct Answer by Joe Clarke about 8 years 9 months ago

Sure, just create a bogus read view. For example:


snmp-server view noread iso excluded

snmp-server group notifGroup v3 auth notify v1default read noread

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Thu, 10/02/2008 - 06:33
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Sure, just create a bogus read view. For example:


snmp-server view noread iso excluded

snmp-server group notifGroup v3 auth notify v1default read noread

Actions

This Discussion