First, define a "view" thusly:
snmp-server view NOC interfaces included
You can exclude specific interfaces. For example, "26" represents "Gi0/0.500" interface and you want to exclude it entirely:
snnp-server view NOC ifEntry.*.26 excluded
Note the "*" which is a wildcard to exclude all elements for ifIndex 26. This of course can be more specific to limit exactly the elements you choose to hide. Or you can very specific and only allow access to certain interfaces only.
Next, configure a SNMP group:
snmp-server group NOC v3 auth read NOC
Finally configure the user:
snmp-server user noc NOC v3 auth md5 soeasytosee
Or you can take a step further and enable privacy with DES as follows:
snmp-server user noc NOC v3 auth md4 soeasytosee priv des hidemeplease
You can test with "snmpwalk"
snmpwalk -v3 -aMD5 -Asoeasytosee -unoc -lauthNopriv host.ip.address
When privacy is enabled:
snmpwalk -v3 -unoc -aMD5 -Asoeasytosee -xDES -Xhidemeplease -lauthpriv host.ip.address
No comments:
Post a Comment