Group access levels

The switch supports eight predefined group access levels, shown in the following table. There are four levels for use by version 3 users and four are used for access by version 2c or version 1 management applications.

Predefined group access levels

Group name

Group access type

Group read view

Group write view

managerpriv

Ver3 Must have Authentication and Privacy

ManagerReadView

ManagerWriteView

managerauth

Ver3 Must have Authentication

ManagerReadView

ManagerWriteView

operatorauth

Ver3 Must have Authentication

OperatorReadView

DiscoveryView

operatornoauth

Ver3 No Authentication

OperatorReadView

DiscoveryView

commanagerrw

Ver2c or Ver1

ManagerReadView

ManagerWriteView

commanagerr

Ver2c or Ver1

ManagerReadView

DiscoveryView

comoperatorrw

Ver2c or Ver1

OperatorReadView

OperatorReadView

comoperatorr

Ver2c or Ver1

OperatorReadView

DiscoveryView

SNMPv3 Params and Group Configs Combinations

SNMPv3 Params

SNMPv3 group

Snmpv3 user config

noauth (no authentication and no privacy)

operatornoauth

snmpv3 user "user1"

auth (authentication and no privacy)

managerpriv, managerauth,operatorauth, operatornoauth

snmpv3 user "user1" auth md5 "45800d22ccb8b485ab52fe2d8b92ea85"

priv (authentication and privacy)

managerpriv, managerauth,operatorauth, operatornoauth

snmpv3 user "user1" auth md5 "45800d22ccb8b485ab52fe2d8b92ea85" priv des "45800d22ccb8b485ab52fe2d8b92ea85"

Each view allows you to view or modify a different set of MIBs:

  • Manager Read View – access to all managed objects
  • Manager Write View – access to all managed objects except the following:
    • vacmContextTable

    • vacmAccessTable

    • vacmViewTreeFamilyTable

  • OperatorReadView – no access to the following:
    • icfSecurityMIB

    • hpSwitchIpTftpMode

    • vacmContextTable

    • vacmAccessTable

    • vacmViewTreeFamilyTable

    • usmUserTable

    • snmpCommunityTable

  • Discovery View – Access limited to samplingProbe MIB.
NOTE:

All access groups and views are predefined on the switch. There is no method to modify or add groups or views to those that are predefined on the switch.