DEFAULT_SECURITY entry

Field definitions

securityPosture

Indicates the default security posture to be configured for the SNMP agent, as defined by Appendix A of RFC 2575. Valid values are minimum-secure to indicate the SNMP agent is configured with the least secure default configurations; semi-secure to indicate the SNMP agent is configured with moderately secure default configurations; and no-access to indicate the SNMP agent is configured with no default configurations. The default value is no-access.

Following are the default security definitions based on the selected security posture:

no-access

No initial configurations are done.

semi-secure

If privacy is not requested, a default user is configured as if the following USM_USER entry had been specified:

USM_USER initial- HMAC-MD5 ### none - N permanent 

where ### indicates the key generated from the password specified on the DEFAULT_SECURITY entry.

If privacy is requested, a default user is configured as if the following USM_USER entry had been specified:

USM_USER initial - HMAC-MD5 ### DES ### N permanent

where ### indicates the key generated from the password specified on the DEFAULT_SECURITY entry.

A default group is configured as if the following VACM_GROUP entry had been specified:

VACM_GROUP initial USM initial readOnly

Three default access entries are configured as if the following VACM_ACCESS entries had been specified:

VACM_ACCESS initial - exact none USM restricted -       restricted readOnly
VACM_ACCESS initial - exact auth USM internet internet  internet   readOnly
VACM_ACCESS initial - exact priv USM internet internet  internet   readOnly

Two default MIB views are configured as if the following VACM_VIEW entries had been specified:

VACM_VIEW internet   internet     - included readOnly
VACM_VIEW restricted system       - included readOnly
VACM_VIEW restricted snmp         - included readOnly
VACM_VIEW restricted snmpEngine   - included readOnly
VACM_VIEW restricted snmpMPDStats - included readOnly
VACM_VIEW restricted usmStats     - included readOnly

minimum-secure

If privacy is not requested, a default user is configured as if the following USM_USER entry had been specified:

USM_USER initial - HMAC-MD5 ### none - N permanent

where ### indicates the key generated from the password specified on the DEFAULT_SECURITY entry.

If privacy is requested, a default user is configured as if the following USM_USER entry had been specified:

USM_USER initial - HMAC-MD5 ### DES ### N permanent

where ### indicates the key generated from the password specified on the DEFAULT_SECURITY entry.

A default group is configured as if the following VACM_GROUP entry had been specified:

VACM_GROUP initial USM initial readOnly

Three default access entries are configured as if the following VACM_ACCESS entries had been specified:

VACM_ACCESS initial - exact none USM restricted -      restricted readOnly
VACM_ACCESS initial - exact auth USM internet internet internet   readOnly
VACM_ACCESS initial - exact priv USM internet internet internet   readOnly 

Two default MIB views are configured as if the following VACM_VIEW entries had been specified:

VACM_VIEW internet   internet     - included readOnly
VACM_VIEW restricted internet     - included readOnly

password

Indicates the password to be used to generate authentication and privacy keys for user initial. If no-access is specified as the securityPosture, this keyword is ignored. Valid values are 8 - 255 characters string, or a dash (-) to indicate the default value (no password). The default is only accepted if securityPosture is no-access.

privacy

Indicates whether or not encryption is to be supported for messages on behalf of user 'initial'. Valid values are Yes to indicate that privacy is supported for user initial, No to indicate that privacy is not supported for user initial, or a dash (-) to indicate the default value of no. If no-access is selected as the security posture, this value is ignored.