####
# First, map the community name "public" into a "security name"
# sec.name source community
com2sec notConfigUser
192.168.79.129 public
#定义community名称为 public,映射到安全名 notConfigUser。
####
# Second, map the security name into a group name:
# groupName securityModel securityName
group notConfigGroup
v1 notConfigUser
#定义安全用户名notConfigUser映射到notConfigGroup组。
group notConfigGroup v2c notConfigUser
####
# Third, create a view for us to let the group have rights
to:
#定义一个view,来决定notConfigUser可以操作的范围。
# Make at least snmpwalk -v 1 localhost -c public system fast again.
#定义可查看的snmp的范围。
# name incl/excl subtree
mask(optional)
view systemview included .1.3.6.1.2.1.1
view
systemview included .1.3.6.1.2.1.25.1.1
view all included .1
####
# Finally, grant the group read-only access to the systemview view.
#给notConfigGroup组所定义view名 all 以只读权限。
# group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact all none
none
#access notConfigGroup "" any noauth exact mib2 none
none
# -----------------------------------------------------------------------------
# Here is a commented out example configuration that allows less
#
restrictive access.
# YOU SHOULD CHANGE THE "COMMUNITY" TOKEN BELOW TO A NEW KEYWORD ONLY
#
KNOWN AT YOUR SITE. YOU *MUST* CHANGE THE NETWORK TOKEN BELOW TO
#
SOMETHING REFLECTING YOUR LOCAL NETWORK ADDRESS SPACE.
## sec.name source community
#com2sec local localhost
COMMUNITY
#com2sec mynetwork NETWORK/24 COMMUNITY
## group.name sec.model sec.name
#group MyRWGroup any local
#group MyROGroup any mynetwork
#
#group MyRWGroup any
otherv3user
#...
## incl/excl subtree mask
view all
included .1 80
## -or just the mib2 tree-
#view mib2 included .iso.org.dod.internet.mgmt.mib-2 fc
#view mib2
included .iso.org.dod.internet.mgmt.mib-2 fc
## context sec.model sec.level prefix read write notif
#access MyROGroup "" any noauth 0 all none none
#access MyRWGroup "" any noauth 0 all all all
原文:http://www.cnblogs.com/no314/p/3617366.html