Wired Intelligent Edge

Hi there,

I recently got the request from a customer to add a SNMPv3 read-only user to all their network Switches.

This includes some 2915 Switches, Comware 5130 and some AOS-CX 6400 as well as 8320.

I managed to find the appropriate commands for the 2915 and Comware devices, but now I'm struggling with the AOS-CX components.

According to the config guide I can add a snmpv3 user like so:

snmpv3 user <name> auth sha auth-pass plaintext <auth-pass> priv aes priv-pass plaintext <priv-pass>

I feel like I am missing the step to restrict this new users permissions.
On Comware and  the 2915 I could achieve this with snmpv3 groups that only had access to the read-view.

Is there something comparable on CX?

------------------------------
~s
------------------------------

Hello, 

I had a similar question and I couldn't find the answer in the available releases.
ArubaOS-CX 10.09.0001 will be released in the next days/weeks. It looks it has a new option of the snmpv3 user command allowing you to configure access level.


switch-1(config)# snmpv3 user Mgr ?
access-level Configure SNMPv3 user access-level
auth Configure authentication protocol
context Configure Context name
<cr>
switch-1(config)# snmpv3 user Mgr access-level ?
ro Read-Only access for SNMPv3 user
rw Read-Write access for SNMPv3 user


------------------------------
Emil Gogushev
------------------------------

Original Message:
Sent: Nov 17, 2021 04:08 AM
From: Sören Imhof
Subject: ArubaOS-CX SNMPv3 read-only user

Hi there,

I recently got the request from a customer to add a SNMPv3 read-only user to all their network Switches.

This includes some 2915 Switches, Comware 5130 and some AOS-CX 6400 as well as 8320.

I managed to find the appropriate commands for the 2915 and Comware devices, but now I'm struggling with the AOS-CX components.

According to the config guide I can add a snmpv3 user like so:

snmpv3 user <name> auth sha auth-pass plaintext <auth-pass> priv aes priv-pass plaintext <priv-pass>

I feel like I am missing the step to restrict this new users permissions.
On Comware and  the 2915 I could achieve this with snmpv3 groups that only had access to the read-view.

Is there something comparable on CX?

------------------------------
~s
------------------------------