呵呵,废话不多说,直接用例子说明,假如我的snmpd.conf文件如下:
首先将v1和v2c community名字为public的映射到security name,
其实想到与给public 起了一个v3的名字;
#First, map the community name (COMMUNITY) into a security name
sec.name source community
com2sec my_sec default public
然后将security name映射到group中;在v3的情况下,v3的用户名就是security name;
Second, map the security names into group names:
sec.model sec.name
group my_grp v1 my_sec
group my_grp v2c my_sec
group my_usm_grp usm test # SNMPv3 username == sec.name
创建访问规则;
Third, create a view for us to let the groups have rights to:
incl/excl subtree mask
#名字叫做all的view,就代表.1以下的所有节点;
view all included .1
#名字叫做mini_view的view,只代表sysUpTime;
view mini_view excluded .1
view mini_view included sysUpTime.0
#名字叫做if_view的view,代表sysUpTime和ifTable;
view if_view excluded .1
view if_view included sysUpTime.0
view if_view included ifTable
最后给不同的group设置不同的访问节点;
Finally, grant the groups access to their views:
#sec.level {noauth|auth|priv}
context sec.model sec.level match read write notify
#group my_grp中的用户可以访问所有的节点
access my_grp “” any noauth exact all none none
#group my_usm_grp中的v3用户,如果是通过noauth过来的,只能访问sysUpTime节点;
access my_usm_grp “” usm noauth exact mini_view none none
#group my_usm_grp中的v3用户,如果是通过auth过来的,可以访问sysUpTime和ifTalbe节点;
access my_usm_grp “” usm auth exact if_view none none
#group my_usm_grp中的v3用户,如果是通过priv过来的,可以访问所有的节点;
access my_usm_grp “” usm priv exact all none none