< Home

snmp-agent community

Function

The snmp-agent community command configures the SNMPv1 or SNMPv2c read-write community name.

The undo snmp-agent community command is used to delete the configuration of the community name.

By default, the community name is not configured.

Format

snmp-agent community { read | write } { community-name | cipher community-name } [ mib-view view-name | acl { acl-number | acl-name } | alias alias-name ] *

snmp-agent community { read | write } [ cipher ] community-name [ mib-view view-name ] acl-ipv4 { acl-number | acl-name } [ acl-ipv6 { acl-number | acl-name } ] [ alias alias-name ]

snmp-agent community { read | write } [ cipher ] community-name [ mib-view view-name ] acl-ipv6 { acl-number | acl-name } [ alias alias-name ]

undo snmp-agent community community-name

undo snmp-agent community { read | write } [ cipher ] community-name

Parameters

Parameter

Description

Value

read

Indicates that the community with a specified name has the read-only rights in the specified view.

-

write

Indicates that the community with a specified name has the read-write rights in the specified view.

-

community-name

Specifies the name of a community.

The community name is displayed in cipher text in the configuration file.

The value is a string of 8 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

cipher community-name

Specifies the community name in plain text or in cipher text.

The community name is displayed in cipher text in the configuration file.
The value is a string of 8 to 32, 44, 56, 80 or 88 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.
  • When the community name is a string of 8 to 31 characters, the string is processed as plain text by default and will be encrypted.
  • When the community name is a string of 32, 44, 56, 80 or 88 characters, the string is processed as cipher text by default, and the system will determine whether the string can be parsed.

mib-view view-name

Specifies a MIB view that the community name can access.

It is a string of 1 to 32 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

acl

Specifies an ACL that takes effect on both IPv4 and IPv6 networks.

-

acl-ipv4

Specifies an ACL that takes effect on only IPv4 network.

-

acl-ipv6

Specifies an ACL that takes effect on only IPv6 network.

-

acl-number

Specifies the number of an ACL.

The value is an integer ranging from 2000 to 3999.

acl-name

Specifies the name of a basic or an advanced Named ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter.

alias alias-name

Specifies the alias name for a community.

The alias names of communities are stored in plain text in the configuration file.

The value is a string of 1 to 32 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The snmp-agent community command is used on SNMPv1 and SNMPv2c networks. The community is a combination of the NMS and SNMP agent and is identified by a community name. The community name functions as a password for authentication during device communication in a community. Devices can communicate if the community name of the NMS and that of the SNMP agent are the same. The snmp-agent community command configures a community name on a device so that the NMS can communicate with the device. Parameters of the snmp-agent community command set the access permission, ACL, and accessible MIB views of a community name.

When running the snmp-agent community command, you can select parameters based on the networking requirements.

  • To grant the NMS read-only permission in the specified view, configure read.

  • To grant the NMS read-write permission in the specified view, configure write.

  • To allow specified NMSs using this community name have the rights of ViewDefault, omit mib-view view-name.

  • To allow all NMSs using this community name to manage specified objects on a managed device, omit acl acl-number.

  • To allow specified NMSs using this community name to manage specified objects on a managed device, configure mib-view and acl.
  • The community name will be saved in encrypted format in the configuration file. To facilitate identification of community names, specify the alias alias-name parameter to set the alias names for the communities. The alias names are stored in plain text in the configuration file.

When both community name and ACL are configured, the NMS verifies the community name before accessing the device, and then checks the ACL rules. If the community name does not exist, the packet is discarded and a log indicating that the community name is wrong is printed. The ACL rule is not checked. That is, the ACL rule is checked only when the community name exists.

Precautions

  • The device checks the complexity of community names in simple text rather than in ciphertext. The device has the following requirements for community name complexity:

    • The minimum length of a community name is determined by the set password min-length command. By default, a password contains 8 characters.

    • The community name includes at least two kinds of characters: uppercase letters, lowercase letters, numbers, and special characters (excluding ?).

    If a community name fails the complexity check, the community name cannot be configured. To disable the complexity check for a community name, run the snmp-agent community complexity-check disable command, and then the length of community names in simple text ranges from 1 to 32. However, if a community name is simple and does not meet complexity requirements, it is prone to be attacked and cracked by unauthorized users, which affects device security. Therefore, enabling complexity check of community names is recommended.

  • Only one type of permission can be configured for a community. If a community has both the read-only and read-write permission configured, the permission configured later takes effect.
  • If you specify the parameter mib-view or acl when running the snmp-agent community command, configure the MIB view and ACL rule. If the default MIB view is deleted, the NMS using this community name cannot communicate with managed devices. To continue to use this community name, specify an existing MIB view.
  • The community name is saved in cipher text in the configuration file. To delete a community name, run the undo snmp-agent community community name in plain text or undo snmp-agent community community name in plain text command. To view a community name in cipher text, run the display snmp-agent community command.
  • When a user with a level lower than the level configured using this command queries the password configured using the display this command, the password is displayed as asterisks (******).
  • To specify the same ACL on both IPv4 and IPv6 networks, you can only run the snmp-agent community { read | write } { community-name | cipher community-name } acl { acl-number | acl-name } command.
  • If the snmp-agent community command is run more than once to specify an ACL for the same SNMP community, the latest configuration overrides the previous one.

Example

# Set the name of a community to comaccess1 and configure the read-only rights for the community.

<HUAWEI> system-view
[HUAWEI] snmp-agent community read comaccess1

# Set the name of a community to comaccess2 and configure the read-write rights for the community.

<HUAWEI> system-view
[HUAWEI] snmp-agent community write comaccess2
Parent Topic: SNMP Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >