summaryrefslogtreecommitdiff
path: root/templates/service
diff options
context:
space:
mode:
authorJames Davidson <james.davidson@vyatta.com>2013-02-12 13:02:11 -0800
committerJames Davidson <james.davidson@vyatta.com>2013-02-12 13:02:11 -0800
commit1d917be739f1db7b1ff1d26a0238322d7fd475c5 (patch)
treeac3bdbdcd28f0bd0f9f16477a384e6ccd53970cd /templates/service
parent34f23c48bf38c6c88f3c74e958a084bf30380bd6 (diff)
downloadvyatta-cfg-system-1d917be739f1db7b1ff1d26a0238322d7fd475c5.tar.gz
vyatta-cfg-system-1d917be739f1db7b1ff1d26a0238322d7fd475c5.zip
Initial SNMPv3 support
Diffstat (limited to 'templates/service')
-rw-r--r--templates/service/snmp/node.def23
-rw-r--r--templates/service/snmp/v3/group/node.def5
-rw-r--r--templates/service/snmp/v3/group/node.tag/mode/node.def8
-rw-r--r--templates/service/snmp/v3/group/node.tag/view/node.def11
-rw-r--r--templates/service/snmp/v3/node.def30
-rw-r--r--templates/service/snmp/v3/trap-target/node.def12
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def3
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/auth/node.def4
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def3
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def8
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/port/node.def7
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def3
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/privacy/node.def4
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def3
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def8
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/protocol/node.def8
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/type/node.def8
-rw-r--r--templates/service/snmp/v3/trap-target/node.tag/user/node.def4
-rw-r--r--templates/service/snmp/v3/tsm/local-key/node.def10
-rw-r--r--templates/service/snmp/v3/tsm/node.def3
-rw-r--r--templates/service/snmp/v3/tsm/port/node.def7
-rw-r--r--templates/service/snmp/v3/user/node.def6
-rw-r--r--templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def2
-rw-r--r--templates/service/snmp/v3/user/node.tag/auth/node.def3
-rw-r--r--templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def5
-rw-r--r--templates/service/snmp/v3/user/node.tag/auth/type/node.def8
-rw-r--r--templates/service/snmp/v3/user/node.tag/group/node.def11
-rw-r--r--templates/service/snmp/v3/user/node.tag/mode/node.def8
-rw-r--r--templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def2
-rw-r--r--templates/service/snmp/v3/user/node.tag/privacy/node.def3
-rw-r--r--templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def5
-rw-r--r--templates/service/snmp/v3/user/node.tag/privacy/type/node.def8
-rw-r--r--templates/service/snmp/v3/user/node.tag/tsm-key/node.def10
-rw-r--r--templates/service/snmp/v3/view/node.def5
-rw-r--r--templates/service/snmp/v3/view/node.tag/oid/node.def4
-rw-r--r--templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def1
-rw-r--r--templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def4
37 files changed, 249 insertions, 8 deletions
diff --git a/templates/service/snmp/node.def b/templates/service/snmp/node.def
index 183cc5c3..8047121f 100644
--- a/templates/service/snmp/node.def
+++ b/templates/service/snmp/node.def
@@ -1,13 +1,20 @@
priority: 980
help: Simple Network Management Protocol (SNMP)
-commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" \
- ; "must configure a community or community6"
+commit:expression: $VAR(community/) != "" || $VAR(community6/) != "" || $VAR(v3/) != "" \
+ ; "must configure a community or community6 or v3"
delete: touch /tmp/snmp.$PPID
end:if [ -f "/tmp/snmp.$PPID" ]
- then sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp
- rm /tmp/snmp.$PPID
- sudo rm -f /etc/snmp/snmpd.conf
- else
- sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp
- fi
+ then
+ sudo /opt/vyatta/sbin/vyatta-snmp.pl --stop-snmp;
+ rm /tmp/snmp.$PPID;
+ sudo rm -f /etc/snmp/snmpd.conf;
+ else
+ sudo /opt/vyatta/sbin/vyatta-snmp.pl --update-snmp;
+ if [ -n "$VAR(v3/)" ]
+ then
+ sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --update-snmp;
+ else
+ sudo invoke-rc.d snmpd start > /dev/null 2>&1;
+ fi
+ fi
diff --git a/templates/service/snmp/v3/group/node.def b/templates/service/snmp/v3/group/node.def
new file mode 100644
index 00000000..bcfe6795
--- /dev/null
+++ b/templates/service/snmp/v3/group/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: Specifies the group with name groupname
+commit:expression: $VAR(view/) != "" ; "must specify view"
+commit:expression: $VAR(mode/) != "" ; "must specify mode"
diff --git a/templates/service/snmp/v3/group/node.tag/mode/node.def b/templates/service/snmp/v3/group/node.tag/mode/node.def
new file mode 100644
index 00000000..a6d36de5
--- /dev/null
+++ b/templates/service/snmp/v3/group/node.tag/mode/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "ro"
+help: Defines the read/write access
+syntax:expression: $VAR(@) in "ro", "rw"
+allowed: echo ro rw
+
+val_help: ro;
+val_help: rw;
diff --git a/templates/service/snmp/v3/group/node.tag/view/node.def b/templates/service/snmp/v3/group/node.tag/view/node.def
new file mode 100644
index 00000000..af7d33c9
--- /dev/null
+++ b/templates/service/snmp/v3/group/node.tag/view/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Defines the name of view
+allowed: list=`cli-shell-api listNodes service snmp v3 view`
+ echo $list
+syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \
+ if [[ \"$VAR(/service/snmp/v3/view/@@)\" =~ $regex ]] ; \
+ then \
+ exit 0; \
+ else \
+ exit 1; \
+ fi" ; "You must create \"$VAR(@)\" view first"
diff --git a/templates/service/snmp/v3/node.def b/templates/service/snmp/v3/node.def
new file mode 100644
index 00000000..756a156f
--- /dev/null
+++ b/templates/service/snmp/v3/node.def
@@ -0,0 +1,30 @@
+help: Simple Network Management Protocol (SNMP) v3
+
+create: if [ ! -d "/config/snmp" ]; then sudo mkdir /config/snmp ; fi
+ if [ ! -d "/config/snmp/tls" ]; then
+ sudo mkdir /config/snmp/tls ;
+ if [ -d "/etc/snmp/tls" ] ; then
+ sudo mv /etc/snmp/tls/* /config/snmp/tls > /dev/null 2>&1;
+ sudo chmod -R 600 /config/snmp/tls;
+ sudo rmdir /etc/snmp/tls > /dev/null 2>&1;
+ sudo rm /etc/snmp/tls > /dev/null 2>&1;
+ fi
+ sudo ln -s /config/snmp/tls /etc/snmp/tls;
+ fi
+ lnk=`readlink /etc/snmp/tls`
+ if [ "$lnk" != "/config/snmp/tls" ]; then
+ sudo rm -f /etc/snmp/tls;
+ sudo ln -s /config/snmp/tls /etc/snmp/tls;
+ fi
+
+begin: if [ -d "/config/snmp/tls" ]; then
+ sudo chmod -R 600 /config/snmp/tls;
+ fi
+
+delete: touch /tmp/snmp-v3.$PPID
+
+end:if [ -f "/tmp/snmp-v3.$PPID" ]
+ then
+ sudo /opt/vyatta/sbin/vyatta-snmp-v3.pl --delete-snmp
+ rm /tmp/snmp-v3.$PPID
+ fi \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.def b/templates/service/snmp/v3/trap-target/node.def
new file mode 100644
index 00000000..d6203e9b
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.def
@@ -0,0 +1,12 @@
+tag:
+type: txt
+help: Defines SNMP target for inform or traps for IP
+syntax:expression: exec "/opt/vyatta/sbin/valid_address $VAR(@)/20"
+commit:expression: $VAR(type/) != ""; "must specify type"
+commit:expression: $VAR(auth/) != ""; "must specify auth"
+commit:expression: $VAR(protocol/) != ""; "must specify protocol"
+commit:expression: $VAR(user/) != ""; "must specify user"
+commit:expression: $VAR(port/) != ""; "must specify port"
+
+val_help: <x.x.x.x>; IP address of trap target
+val_help: <h:h:h:h:h:h:h:h>; IPv6 address of trap target \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def
new file mode 100644
index 00000000..2365b055
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/auth/encrypted-key/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the encrypted password for authentication
+syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits" \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/node.def
new file mode 100644
index 00000000..5c7df0ef
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/auth/node.def
@@ -0,0 +1,4 @@
+help: Defines the authentication
+commit:expression: $VAR(type/) != "" ; "must specify type"
+commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key"
+commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key" \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def
new file mode 100644
index 00000000..34563e73
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/auth/plaintext-key/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the clear text password for authentication
+syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters"
diff --git a/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def
new file mode 100644
index 00000000..5a2ffc52
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/auth/type/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "md5"
+help: Defines the protocol using for authentication
+syntax:expression: $VAR(@) in "md5", "sha"
+allowed: echo md5 sha
+
+val_help: md5; Message Digest 5
+val_help: sha; Secure Hash Algorithm \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/port/node.def b/templates/service/snmp/v3/trap-target/node.tag/port/node.def
new file mode 100644
index 00000000..b38cd1e5
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/port/node.def
@@ -0,0 +1,7 @@
+type: u32
+default: 162
+help: Specifies the TCP/UDP port of a destination for SNMP traps/informs.
+
+val_help: u32:1-65535; Numeric IP port
+syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \
+ "Port number must be in range 1 to 65535"
diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def
new file mode 100644
index 00000000..4e762b9f
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/encrypted-key/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the encrypted key for privacy protocol
+syntax:expression: pattern $VAR(@) "^0x[0-9a-f]*$" ; "key must start from '0x' and contain hex digits" \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def
new file mode 100644
index 00000000..900cfc9d
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/node.def
@@ -0,0 +1,4 @@
+help: Defines the privacy
+commit:expression: $VAR(type/) != "" ; "must specify type"
+commit:expression: $VAR(encrypted-key/) != "" || $VAR(plaintext-key/) != "" ; "must specify encrypted-key or plaintext-key"
+commit:expression: !($VAR(encrypted-key/) != "" && $VAR(plaintext-key/) != "") ; "must specify only one of encrypted-key and plaintext-key"
diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def
new file mode 100644
index 00000000..a2442637
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/plaintext-key/node.def
@@ -0,0 +1,3 @@
+type: txt
+help: Defines the clear text key for privacy protocol
+syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters"
diff --git a/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def
new file mode 100644
index 00000000..bbfd5331
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/privacy/type/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "des"
+help: Defines the protocol for privacy
+syntax:expression: $VAR(@) in "des", "aes"
+allowed: echo des aes
+
+val_help: des; Data Encryption Standard
+val_help: aes; Advanced Encryption Standard \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def b/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def
new file mode 100644
index 00000000..ce96ca38
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/protocol/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "udp"
+help: Defines protocol for notification between TCP and UDP
+syntax:expression: $VAR(@) in "tcp", "udp"
+allowed: echo tcp udp
+
+val_help: tcp;
+val_help: udp; \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/type/node.def b/templates/service/snmp/v3/trap-target/node.tag/type/node.def
new file mode 100644
index 00000000..f678ae69
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/type/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "inform"
+help: Specifies the type of notification between inform and trap
+syntax:expression: $VAR(@) in "inform", "trap"
+allowed: echo inform trap
+
+val_help: inform;
+val_help: trap; \ No newline at end of file
diff --git a/templates/service/snmp/v3/trap-target/node.tag/user/node.def b/templates/service/snmp/v3/trap-target/node.tag/user/node.def
new file mode 100644
index 00000000..a0ed8cbf
--- /dev/null
+++ b/templates/service/snmp/v3/trap-target/node.tag/user/node.def
@@ -0,0 +1,4 @@
+type: txt
+help: Defines username for authentication
+allowed: list=`cli-shell-api listNodes service snmp v3 user`
+ echo $list
diff --git a/templates/service/snmp/v3/tsm/local-key/node.def b/templates/service/snmp/v3/tsm/local-key/node.def
new file mode 100644
index 00000000..d238d310
--- /dev/null
+++ b/templates/service/snmp/v3/tsm/local-key/node.def
@@ -0,0 +1,10 @@
+type: txt
+help: Defines the server certificate fingerprint or key-file name.
+allowed: sudo ls /etc/snmp/tls/certs
+syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
+ exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ then \
+ exit 0; \
+ else \
+ exit 1; \
+ fi" ; "value can be finger print key or filename in /etc/snmp/tls/certs folder" \ No newline at end of file
diff --git a/templates/service/snmp/v3/tsm/node.def b/templates/service/snmp/v3/tsm/node.def
new file mode 100644
index 00000000..3d12f21d
--- /dev/null
+++ b/templates/service/snmp/v3/tsm/node.def
@@ -0,0 +1,3 @@
+help: Specifies that the snmpd uses encryption.
+commit:expression: $VAR(port/) != "" ; "must specify port"
+commit:expression: $VAR(local-key/) != "" ; "must specify local-key" \ No newline at end of file
diff --git a/templates/service/snmp/v3/tsm/port/node.def b/templates/service/snmp/v3/tsm/port/node.def
new file mode 100644
index 00000000..86fd6cca
--- /dev/null
+++ b/templates/service/snmp/v3/tsm/port/node.def
@@ -0,0 +1,7 @@
+type: u32
+default: 10161
+help: Defines the port for tsm.
+
+val_help: u32:1-65535; Numeric IP port
+syntax:expression: $VAR(@) > 0 && $VAR(@) <= 65535 ; \
+ "Port number must be in range 1 to 65535"
diff --git a/templates/service/snmp/v3/user/node.def b/templates/service/snmp/v3/user/node.def
new file mode 100644
index 00000000..e6a8bc87
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.def
@@ -0,0 +1,6 @@
+tag:
+type: txt
+help: Specifies the user with name username
+syntax:expression: pattern $VAR(@) "^[^-]*$" ; "characters '-' in name is not supported yet"
+commit:expression: $VAR(auth/) != "" || $VAR(tsm-key/) != ""; "must specify auth or tsm-key"
+commit:expression: $VAR(mode/) != ""; "must specify mode" \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def
new file mode 100644
index 00000000..3cf6bd31
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/auth/encrypted-key/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Defines the encrypted key for authentication protocol
diff --git a/templates/service/snmp/v3/user/node.tag/auth/node.def b/templates/service/snmp/v3/user/node.tag/auth/node.def
new file mode 100644
index 00000000..68959a8e
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/auth/node.def
@@ -0,0 +1,3 @@
+help: Specifies the auth
+commit:expression: $VAR(type/) != "" ; "must specify type"
+commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key" \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def
new file mode 100644
index 00000000..4f840d7c
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/auth/plaintext-key/node.def
@@ -0,0 +1,5 @@
+type: txt
+help: Defines the key in the clear text for authentication protocol
+syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters"
+
+update:expression: $VAR(../encrypted-key/@) = "" \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/auth/type/node.def b/templates/service/snmp/v3/user/node.tag/auth/type/node.def
new file mode 100644
index 00000000..5a2ffc52
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/auth/type/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "md5"
+help: Defines the protocol using for authentication
+syntax:expression: $VAR(@) in "md5", "sha"
+allowed: echo md5 sha
+
+val_help: md5; Message Digest 5
+val_help: sha; Secure Hash Algorithm \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/group/node.def b/templates/service/snmp/v3/user/node.tag/group/node.def
new file mode 100644
index 00000000..66543579
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/group/node.def
@@ -0,0 +1,11 @@
+type: txt
+help: Specifies group for user name
+allowed: list=`cli-shell-api listNodes service snmp v3 group`
+ echo $list
+syntax:expression:exec "regex=\"(^| )$VAR(@)( |$)\"; \
+ if [[ \"$VAR(/service/snmp/v3/group/@@)\" =~ $regex ]] ; \
+ then \
+ exit 0; \
+ else \
+ exit 1; \
+ fi" ; "You must create \"$VAR(@)\" group first"
diff --git a/templates/service/snmp/v3/user/node.tag/mode/node.def b/templates/service/snmp/v3/user/node.tag/mode/node.def
new file mode 100644
index 00000000..9855f5fb
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/mode/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "ro"
+help: Specifies the mode for access rights of user, read only or write
+syntax:expression: $VAR(@) in "ro", "rw"
+allowed: echo ro rw
+
+val_help: ro;
+val_help: rw;
diff --git a/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def
new file mode 100644
index 00000000..8feef111
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/privacy/encrypted-key/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Defines the encrypted key for privacy protocol
diff --git a/templates/service/snmp/v3/user/node.tag/privacy/node.def b/templates/service/snmp/v3/user/node.tag/privacy/node.def
new file mode 100644
index 00000000..94bf850c
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/privacy/node.def
@@ -0,0 +1,3 @@
+help: Specifies the privacy
+commit:expression: $VAR(type/) != "" ; "must specify type"
+commit:expression: $VAR(plaintext-key/) != "" || $VAR(encrypted-key/) != "" ; "must specify plaintext-key or encrypted-key" \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def b/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def
new file mode 100644
index 00000000..5d706712
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/privacy/plaintext-key/node.def
@@ -0,0 +1,5 @@
+type: txt
+help: Defines the key in the clear text for protocol for privacy
+syntax:expression: pattern $VAR(@) "^.{8,}$" ; "key must contain 8 or more characters"
+
+update:expression: $VAR(../encrypted-key/@) = "" \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/privacy/type/node.def b/templates/service/snmp/v3/user/node.tag/privacy/type/node.def
new file mode 100644
index 00000000..bbfd5331
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/privacy/type/node.def
@@ -0,0 +1,8 @@
+type: txt
+default: "des"
+help: Defines the protocol for privacy
+syntax:expression: $VAR(@) in "des", "aes"
+allowed: echo des aes
+
+val_help: des; Data Encryption Standard
+val_help: aes; Advanced Encryption Standard \ No newline at end of file
diff --git a/templates/service/snmp/v3/user/node.tag/tsm-key/node.def b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
new file mode 100644
index 00000000..e9f55a5f
--- /dev/null
+++ b/templates/service/snmp/v3/user/node.tag/tsm-key/node.def
@@ -0,0 +1,10 @@
+type: txt
+help: Specifies finger print or file name of TSM certificate.
+allowed: sudo ls /etc/snmp/tls/certs
+syntax:expression: pattern $VAR(@) "^[0-9A-F]{2}(:[0-9A-F]{2}){19}$" ||
+ exec "if [ `sudo ls \"/etc/snmp/tls/certs/$VAR(@)\" 2> /dev/null` ]; \
+ then \
+ exit 0; \
+ else \
+ exit 1; \
+ fi" ; "value can be finger print key or filename in /etc/snmp/tls/certs folder" \ No newline at end of file
diff --git a/templates/service/snmp/v3/view/node.def b/templates/service/snmp/v3/view/node.def
new file mode 100644
index 00000000..a83c978b
--- /dev/null
+++ b/templates/service/snmp/v3/view/node.def
@@ -0,0 +1,5 @@
+tag:
+type: txt
+help: Specifies the view with name viewname
+
+commit:expression: $VAR(oid/) != ""; "must configure an oid" \ No newline at end of file
diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.def
new file mode 100644
index 00000000..beed3274
--- /dev/null
+++ b/templates/service/snmp/v3/view/node.tag/oid/node.def
@@ -0,0 +1,4 @@
+tag:
+type: txt
+help: Specifies the oid
+syntax:expression: pattern $VAR(@) "^[0-9]+(\.[0-9]+)*$" ; "oid must start from a number"
diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def
new file mode 100644
index 00000000..df3611cb
--- /dev/null
+++ b/templates/service/snmp/v3/view/node.tag/oid/node.tag/exclude/node.def
@@ -0,0 +1 @@
+help: Exclude is optional argument.
diff --git a/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def b/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def
new file mode 100644
index 00000000..bc500afe
--- /dev/null
+++ b/templates/service/snmp/v3/view/node.tag/oid/node.tag/mask/node.def
@@ -0,0 +1,4 @@
+type: txt
+help: Defines a bit-mask that is indicating which subidentifiers of the associated subtree OID should be regarded as significant.
+syntax:expression: pattern $VAR(@) "^[0-9a-f]{2}([\\.:][0-9a-f]{2})*$" ; \
+ "MASK is a list of hex octets, separated by '.' or ':'" \ No newline at end of file