Solved: i wanted a way for the user

daviddo99 · ‎05-10-2017

I am trying to configure a snmp group that would allow snmpset command against the ifAdminStatus OID. If i configure a user on snmp group/role network-admin i can use the snmpset to up/down a interface. How would i create a custom role that only allow snmpset aganist ifAdminStatus OID?

Pari Thiagasundaram · ‎05-11-2017

You can automate that with EEM script.

View solution in original post

Pari Thiagasundaram · ‎05-10-2017

On good ole Cisco routers you can do the "snmp-server view" command and restrict all kinds of OID's. This aint gonna happen on the NX-OS.

So tell us the "why", you want to do the snmpset for ifAdminStatus. I am trying to think of other solutions if that may help

daviddo99 · ‎05-11-2017

i wanted a way for the user to down/up a interface using a script they can run.

Pari Thiagasundaram · ‎05-11-2017

You can automate that with EEM script.

Claudio Gonzalez Sequeira · ‎07-21-2017

Hi,

As we all know the SNMP view is not available in NX-OS, however if you want to create a group to specify a single OID you can configure a RBAC, see documentation below :

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_rbac.html#71793

Example:

role name Allow_OID

rule 1 permit read feature snmp
rule 2 permit write feature snmp
rule 3 deny read oid 1.3.6.1.2.1.2.2.1.7 (ifAdminStatus )

Then just assign an user to the new group created.

Hope it helps.

Claudio G

NX-OS SNMP Groups