snmp-agent community
Function
The snmp-agent community command configures an SNMPv1 or SNMPv2c community name.
The undo snmp-agent community command deletes an SNMPv1 or SNMPv2c community name.
By default, no SNMPv1 or SNMPv2c community name is configured.
Format
snmp-agent community { read | write } [ cipher ] community-name [ acl acl-number | mib-view view-name | alias alias-name ] *
snmp-agent community { read | write } [ cipher ] community-name [ mib-view view-name ] acl-ipv4 { acl-number } [ acl-ipv6 { acl-number } ] [ alias alias-name ]
snmp-agent community { read | write } [ cipher ] community-name [ mib-view view-name ] acl-ipv6 { acl-number } [ alias alias-name ]
undo snmp-agent community { read | write } [ cipher ] community-name
undo snmp-agent community community-name
Parameters
| Parameter | Description | Value |
|---|---|---|
read |
Indicates that a community name has the read-only permission in the specified view. |
- |
write |
Indicates that a community name has the read-write permission in the specified view. |
- |
cipher |
Configures a community name in ciphertext. You can enter a simple text or ciphertext community name, but the community name is displayed in ciphertext in the configuration file. If cipher is not configured, only community names in simple text can be entered. |
The value is a string of 1 to 32 simple text characters or 88 ciphertext characters, spaces not supported. A string of 32, 44, 56 or 80 ciphertext characters are also supported. |
community-name |
Configures a community name in simple text. The community name is displayed in ciphertext in the configuration file. |
NOTE:
If complexity check of community names is not enabled, the system does not check the complexity of community names when they are configured. However, if a community name is simple and does not meet complexity requirements, it is prone to be attacked and cracked by unauthorized users, which affects device security. Therefore, enabling complexity check of community names is recommended. |
acl acl-number |
Sets the ACL corresponding to the community name. NOTE:
If acl-ipv4 or acl-ipv6 is not specified, the ACL configured by the acl acl-number parameter takes effect on both IPv4 and IPv6 networks. |
The value is an integer ranging from 2000 to 3999. |
acl-ipv4 |
Indicates a basic or advanced IPv4 ACL. |
- |
acl-ipv6 |
Indicates a basic or advanced IPv6 ACL. |
- |
mib-view view-name |
Specifies a MIB view to which the community name can have access.
|
The value is a string of 1 to 32 characters. The value of view-name is specified in the snmp-agent mib-view command. |
alias alias-name |
Specifies a community alias. The community alias will be saved in simple text format in the configuration file. NOTE:
A community alias must be unique and differs from the community. Only one alias can be configured for a community. |
The value is a string of 1 to 32 case-sensitive characters, with spaces not supported. NOTE:
If double quotation marks are used at both ends of an entered character sting, you can enter spaces in the character string. |
Usage Guidelines
Usage Scenario
The snmp-agent community command is used on SNMPv1 and SNMPv2C networks. The community is a combination of the NMS and SNMP agent and is identified by a community name. The community name functions as a password for authentication during device communication in a community. Devices can communicate if the community name of the NMS and that of the SNMP agent are the same. The snmp-agent community command configures a community name on a device so that the NMS can communicate with the device. Parameters of the snmp-agent community command set the access permission, ACL, and accessible MIB views of a community name.
Precautions
- If receiving a packet with the community name field being null, the device directly discards the packet without filtering the packet based on the ACL rule. In addition, the log about the community name error is generated. ACL filtering is triggered only when the community name is not null.
- To ensure device security, do not set the community name to public or private.
By default, the complexity check is enabled for a community name. If a community name fails the complexity check, the community name cannot be configured. To disable the complexity check for a community name, run the snmp-agent complexity-check disable command.
If the name of a MIB view accessed by a community name is not specified, the community name can only access the ViewDefault MIB view by default. Therefore, if ViewDefault is deleted by mistake, the NMS cannot communicate with a device using the community name. If you still want to use the community name, you can use snmp-agent community command to set a MIB view which already exists as the accessible MIB view.
When a user with a level lower than the level configured using this command queries the password configured using the display this or display current-configuration command, the password is displayed as asterisks (******).
Example
# Configure the community name as comaccess128 and allow read-only access using this community name.
<sysname> system-view [sysname] snmp-agent community read comaccess128
# Configure the community name as huawei-1234 and allow read-write access.
<sysname> system-view [sysname] snmp-agent community write huawei-1234