Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.
SNMP has been defined with four major functional areas to support the core function of allowing managers to manage agents:
Data Definition—The syntax conventions for how to define the data to an agent or manager. These specifications are called the Structure of Management Information (SMI).
MIBs—Over 100 Internet standards define different MIBs, each for a different technology area, with countless vendor-proprietary MIBs as well. The MIB definitions conform to the appropriate SMI version.
Protocols—The messages used by agents and managers to exchange management data.
Security and Administration—Definitions for how to secure the exchange of data between agents and managers.
Fig 28.1 SNMP concept
SNMP Version
v1, -simple authentication with communities, but used MIB-I originally.
v2 Uses SMIv2, removed requirement for communities, added Get Bulk and Inform messages, but began with MIB-II originally. 2c Pseudo-release (RFC 1905) that allowed SNMPv1-style communities with SNMPv2; otherwise, equivalent to SNMPv2.
v3 Mostly identical to SNMPv2, but adds significantly better security, although it supports communities for backward compatibility. Uses MIB-II.
Fig 28.2 SNMP Community concept
28.1 SHOW SNMP
To show the status of Simple Network Management Protocol (SNMP), use the command show snmp in the Privileged EXEC mode.
Switch# show snmp
|
Syntax |
show snmp |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the SNMP status. Switch# show snmp
|
28.2 SHOW SNMP COMMUNITY
To show the configuration of snmp communities, use the command show snmp community in the Privileged EXEC mode.
Switch# show snmp community
|
Syntax |
show snmp community |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the SNMP communities configuration. Switch# show snmp community
|
28.3 SHOW SNMP ENGINEID
To show the SNMPv3 engine IDs defined on the switch, use the command show snmp engine id in the Privileged EXEC mode.
|
Syntax |
show snmp engine id |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the SNMP engine id information. Switch# show snmp engineid
|
28.4 SHOW SNMP GROUP
To show the SNMP group configuration on the switch, use the command show snmp group in the Privileged EXEC mode.
Switch# show snmp group
|
Syntax |
show snmp group |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the SNMP group configuration. Switch# show snmp group
|
28.5 SHOW SNMP HOST
To show the SNMP trap notification recipients defined on the switch, use the command show snmp host in the Privileged EXEC mode.
Switch# show snmp host
|
Syntax |
show snmp host |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the configuration of SNMP notification recipients on the switch. Switch# show snmp host
|
28.6 SHOW SNMP TRAP
To show the status of SNMP traps on the switch, use the command show snmp trap in the Privileged EXEC mode.
Switch#show snmp trap
|
Syntax |
show snmp trap |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the status of SNMP traps. Switch# show snmp trap
|
28.7 SHOW SNMP VIEW
To show the SNMP view defined on the switch, use the command show snmp view in the Privileged EXEC mode.
Switch# show snmp view
|
Syntax |
show snmp view |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the configuration of SNMP view. Switch# show snmp view
|
28.8 SHOW SNMP USER
To show the SNMP users defined on the switch, use the command show snmp user in the Privileged EXEC mode.
Switch# show snmp user
|
Syntax |
show snmp user |
|
Mode |
Privileged EXEC |
|
Example |
The following example shows the configuration of SNMP user. Switch# show snmp user
|
28.9 SNMP
To enable the SNMP on the switch, use the command snmp in the Global Configuration mode. Otherwise, use the “no” form of the command to disable to SNMP.
Switch# configure terminal
Switch(config)# snmp
|
Syntax |
snmp |
|
Default |
SNMP is disabled by default |
|
Mode |
Global Configuration |
|
Example |
The following example enables the SNMP. Switch# configure terminal Switch(config)# snmp
|
28.10 SNMP COMMUNITY
To define the SNMP community that permit access for SNMP v1 and v2, use the command snmp community in the Global Configuration mode.
Switch# configure terminal
Switch(config)#snmp community community-name [view view-name] (ro|rw)
Switch(config)#snmp community community-name group group-name
Switch(config)#no snmp community community-name
|
Syntax |
snmp community community-name [view view-name] (ro|rw) snmp community community-name group group-name no snmp community community-name |
|
Parameter |
community-name The SNMP community name. Its maximum length is 20 characters. view view-name Specify the SNMP view configured by the command snmp view to define the object available to the community. ro Read only access (default) rw Writable access group group-name Specify the SNMP group configured by the command snmp group to define the object available to the community. |
|
Mode |
Global Configuration |
|
Example |
The following example defines the SNMP community named private with the default view all, and the access right is read-only. Switch# configure terminal Switch(config)# snmp community private ro
|
28.11 SNMP ENGINEID
To define the SNMP engine on the switch, use the command snmp engineid in the Global Configuration mode.
Switch# configure terminal
Switch(config)# snmp engineid 00036D001122
|
Syntax |
Snmp engineid (default|ENGINEID) |
|
Parameter |
defaultDefault engine ID generated on the basis of the switch MAC address. ENGINEIDSpecify SNMP engine ID. The engine ID is the 10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2. |
|
Default |
The default SNMP engine ID on the switch is based on switch MAC address. |
|
Mode |
Global Configuration |
|
Example |
The following example configure the switch SNMP engine ID Switch# configure terminal Switch(config)# snmp engineid 00036D001122
|
28.12 SNMP ENGINEID RMOTE
To define the remote host for SNMP engine, use the command snmp engineid remote in the Global Configuration mode and use the “no” form of the command to delete the remote host from the SNMP engine.
Switch# configure terminal
Switch(config)# snmp engineid remote (ip-addr|ipv6-addr) [ENGINEID]
Switch(config)# no snmp engineid remote (ip-addr|ipv6-addr)
|
Syntax |
snmp engineid remote (ip-addr|ipv6-addr) ENGINEID no snmpengineid remote (ip-addr|ipv6-addr) |
|
Parameter |
ENGINEID Specify SNMP engine ID. The engine ID is a 10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2. ip-addr IP address of the remote host ipv6-addr IPv6 address of the remote host |
|
Mode |
Global Configuration |
|
Example |
The following example adds the remote 192.168.1.11 into SNMP engine Switch# configure terminal Switch(config)# snmp engineid remote 192.168.1.1 100036D10000A
|
28.13 SNMP GROUP
To define the SNMP group, use the command snmp group in the Global Configuration mode, and use the “no” form of the command to delete the configuration.SNMP group configuration is used in the command snmp use to map SNMP users to the SNMP group. These users would be automatically mapped to the SNMP views defined in this command. The security level for SNMP v1 or v2 is always noauth.
Switch# configure terminal
Switch(config)# snmp group group-name (1|2c|3) (noauth|auth|priv) read-view read-view write-view write-view [notify-view notify-view]
Switch(config)# no snmp group group-name security-mode version (1|2c|3)
|
Syntax |
snmp group group-name (1|2c|3) (noauth|auth|priv) read-view read-view write-view write-view [notify-view notify-view] no snmp group group-name security-mode version (1|2c|3) |
|
Parameter |
group-name Specify SNMP group name, and the maximum length is 30 characters. (1|2c|3) Specify the SNMP version. noauth Specify that no packet authentication is performed. auth Specify that no packet authentication without entryption is performed. It is applicable only to the SNMPv3 security mode. priv Specify that no packet authentication with entryption is performed. It is applicable only to the SNMPv3 security mode. read-view read- view Set the view name that enables configuring the agent, and its maximum length is 30 characters. write-view write- view Set the view name that enables viewing only, and its maximum length is 30 characters. notify-view notify- view Sets the view name that sends only traps with contents that is included in SNMP view selected for notification. The maximum length is 30 characters. |
|
Mode |
Global Configuration |
|
Example |
The following example adds SNMPv3 group Switch# configure terminal Switch(config)# snmp group v3 version 3 auth read-view all write-view all notify-view all
|
28.14 SNMP HOST
To configure the hosts to receive SNMP notifications, use the command snmp host in the Global Configuration mode and use the “no” form of the command to delete the configuration.
Switch# configure terminal
Switch(config)# snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] [version (1|2c)] community-name [udp-port udp-port] [timeout timeout] [retries retries]
Switch(config)# snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] version 3
[(auth|noauth|priv)] community-name [udp-port udp-port] [timeout
timeout] [retries retries]
Switch(config)# no snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] [version (1|2c|3)]
|
Syntax |
snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] [version (1|2c)] community-name [udp-port udp-port] [timeout timeout] [retries retries] snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] version 3 [(auth|noauth|priv)] community-name [udp-port udp-port] [timeout timeout] [retries retries] no snmp host (ip-addr|ipv6-addr|hostmane) [traps|informs] [version (1|2c|3)] |
|
Parameter |
ip-addr The IP adderss of recipet. ipv6-addr The IPv6 adderss of recipet. hostname The host name of recipet. traps Send SNMP traps to the host. It is the default action. informs Send SNMP informs to the host. version (1|2c|3) Specify the SNMP version. noauth Specify that no packet authentication is performed. It is applicable only to the SNMPv3 security mode. auth Specify that no packet authentication without entryption is performed. It is applicable only to the SNMPv3 security mode. priv Specify that no packet authentication with entryption is performed. It is applicable only to the SNMPv3 security mode. community-name The SNMP community sent with the notification. udp-portudp-port Specify the UDP port number. timeouttimeout Specify the SNMP informs timeout retriesretries Specify the retry counter of the SNMP informs. |
|
Default |
The default SNMP version for the command is SNMPv1. |
|
Mode |
Global Configuration |
|
Example |
The following example adds the receipt 192.168.1.11 for the SNMP traps notification. Switch# configure terminal Switch(config)# snmp host 192.168.1.11 private
|
28.15 SNMP TRAP
To send the SNMP traps, use the command snmp trap in the Global Configuration mode and use the “no” form of the command to disable the SNMP traps.
Switch# configure terminal
Switch(config)# snmp trap (auth|cold-start|linkUpDown|port-security|warm-start)
Switch(config)# no snmp trap (auth|cold-start|linkUpDown|port-security |warm-start)
|
Syntax |
snmp trap (auth|cold-start|linkUpDown|port-security|warm-start) no snmp trap (auth|cold-start|linkUpDown|port-security |warm-start) |
|
Parameter |
auth Enable the SNMP authentication failure trap. cold-start Enable the SNMP cold start-up failure trap. linkUpDown Enable the SNMP link up and down failure trap. port-security Enable the SNMP port security trap. warm-start Enable the SNMP warm start-up failure trap. |
|
Default |
All the SNMP traps are enabled |
|
Mode |
Global Configuration |
|
Example |
The following example disables and enables the SNMP link up and down traps individually. Switch# configure terminal Switch(config)# snmp trap linkUpDown
|
28.16 SNMP USER
To define a SNMP user, use the command snmp user in the GlobalConfiguration mode and use the “no” form to delete the SNMP user.
Switch# configure terminal
Switch(config)# snmp user username group-name [auth (md5|sha) AUTHPASSWD] snmp user username group-name auth (md5|sha) AUTHPASSWD priv PRIVPASSWD
Switch(config)# no snmp user username
|
Syntax |
snmp user username group-name [auth (md5|sha) AUTHPASSWD] snmp user username group-name auth (md5|sha) AUTHPASSWD priv PRIVPASSWD no snmp user username |
|
Parameter |
username Specify the SNMP user name on the host that connects to the SNMP agent. The max character is 30 characters. For the SNMP v1 or v2c, the user name must match the community name by the command snmp host. group-name Specify the SNMP group to which the SNMP user belongs. The SNMP group should be SNMPv3 and configured by the command snmp group. auth (md5|) Specify the HMAC-MD5-96 authentication protocol as the user authentication. auth (sha|) Specify the HMAC-SHA-96 authentication protocol as the user authentication. AUTHPASSWD The password for authentication and the range of length is from 8 to 32 characters. Priv PRIVPASSWD The private password for the privacy key, and the range of length is from 8 to 64 characters |
|
Mode |
Global Configuration |
|
Example |
The following example adds SNMP user v3 into the group v3 by the MD5 authentication. Switch# configure terminal Switch(config)# snmp user v3 v3 auth md5 12345678
|
28.17 SNMP VIEW
To configure the SNMP view, use the command snmp view in the Global Configuration mode and use the “no” form of the command to delete the SNMP view.The default SNMP view cannot be deleted and modified by users. By default, the maximum numbers of SNMP view is limited to 16.
Switch# configure terminal
Switch(config)# snmp view view-name subtreeoid-tree oid-mask (all|oid-mask) viewtype(included|excluded)
Switch(config)# no snmp view view-name subtree (all|oid-tree)
|
Syntax |
snmp view view-name subtreeoid-tree oid-mask (all|oid-mask) viewtype(included|excluded) no snmp view view-name subtree (all|oid-tree) |
|
Parameter |
view-name The SNMP view name. Its maximum length is 30 characters. subtreeoid-tree Specify the ASN.1 subtree object identifier (OID) to be included or excluded from the SNMP view. oid-mask (all|oid- mask) Specify the OID family mask. It is used to define a family of view subtrees. For example, OID mask FA.80 is 11111010.10000000. The length of the OID mask must be less than the length of subtreeOID.Viewtype (included|excluded)Include or exclude the selected MIBs in the view. |
|
Mode |
Global Configuration |
|
Example |
The following example defines the SNMP view. Switch# configure terminal Switch(config)# snmp view private subtree 1.3.3.1 oid-mask all viewtype included
|
