Wired Intelligent Edge

I'm looking for more information about the differences between the SNMPv3 user groups on Aruba switches.  When I type out "(config)# snmpv3 group ?" I get this output:

managerpriv Require privacy and authentication, can access all objects.
managerauth Require authentication, can access all objects.
operatorauth Requires authentication, limited access to objects.
operatornoauth No authentication required, limited access to objects.
commanagerrw Community with manager and unrestricted write access.
commanagerr Community with manager and restricted write access.
comoperatorrw Community with operator and unrestricted write access.
comoperatorr Community with operator and restricted write access.

Could someone expand on the descriptions above?  I've tried finding more information via Internet searches, but all I find is the info above.  In my organization for example, I'd like to setup a single user as "read-only."  Would "operatorauth" be the most secure way of accomplishing this?  Why doesn't that group use privacy as well?

Hello,
Did you enable SNMPV3 on your Switch? For what i see it's seems to be a right issue. Maybe this link can help you :
https://community.arubanetworks.com/blogs/esupport1/2018/06/22/how-to-configure-an-arubaos-switch-to-use-snmp-version-3

------------------------------
maxime FUHRMANN
------------------------------

Original Message:
Sent: Jan 22, 2021 05:46 PM
From: Shane Toumey
Subject: Differences in SNMPv3 user groups

I'm looking for more information about the differences between the SNMPv3 user groups on Aruba switches.  When I type out "(config)# snmpv3 group ?" I get this output:

managerpriv Require privacy and authentication, can access all objects.
managerauth Require authentication, can access all objects.
operatorauth Requires authentication, limited access to objects.
operatornoauth No authentication required, limited access to objects.
commanagerrw Community with manager and unrestricted write access.
commanagerr Community with manager and restricted write access.
comoperatorrw Community with operator and unrestricted write access.
comoperatorr Community with operator and restricted write access.

Could someone expand on the descriptions above?  I've tried finding more information via Internet searches, but all I find is the info above.  In my organization for example, I'd like to setup a single user as "read-only."  Would "operatorauth" be the most secure way of accomplishing this?  Why doesn't that group use privacy as well?

I spoke with an Aruba support rep regarding this and it sounds like the only way to get the messages encrypted in SNMPv3 is via the "managerpriv" group.  Unfortunately that seems to also give full read/write access to the switch.  It's kinda disappointing to find this out.

------------------------------
Shane Toumey
------------------------------

Original Message:
Sent: Jan 22, 2021 05:46 PM
From: Shane Toumey
Subject: Differences in SNMPv3 user groups

I'm looking for more information about the differences between the SNMPv3 user groups on Aruba switches.  When I type out "(config)# snmpv3 group ?" I get this output:

managerpriv Require privacy and authentication, can access all objects.
managerauth Require authentication, can access all objects.
operatorauth Requires authentication, limited access to objects.
operatornoauth No authentication required, limited access to objects.
commanagerrw Community with manager and unrestricted write access.
commanagerr Community with manager and restricted write access.
comoperatorrw Community with operator and unrestricted write access.
comoperatorr Community with operator and restricted write access.

Could someone expand on the descriptions above?  I've tried finding more information via Internet searches, but all I find is the info above.  In my organization for example, I'd like to setup a single user as "read-only."  Would "operatorauth" be the most secure way of accomplishing this?  Why doesn't that group use privacy as well?