Cisco SNMP Configuration and Verfication Process
- David Clark (Unlicensed)
Enable SNMP Community Strings
This procedure is the same for both routers and Cisco IOS® software-based XL Catalyst Switches.
1. Telnet to the router:
prompt# telnet 172.16.99.20
2. Enter the enable password at the prompt in order to enter the enable mode:
Router>enable Password: Router#
3. Go into the configuration mode:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#
4. Use this command in order to enable the read-only (RO) community string:
Router(config)#snmp-server community public RO
where "public" is the read-only community string.
5. Use this command in order to enable the read-write (RW) community string:
Router(config)#snmp-server community private RW
where "private" is the read-write community string.
6. Exit out of the configuration mode and return to the main prompt:
Router(config)#exit Router#
7. Write the modified configuration to nonvolatile RAM (NVRAM) to save the settings:
Router#write memory Building configuration... [OK] Router#
Configuring a Specific IP Address for an SNMP Operation
If you do not enter a snmp-server host command, no notifications are sent. To configure the device to send SNMP notifications, you must enter at least one snmp-server host command. If you enter the command without keywords, all trap types are enabled for the host.
To enable multiple hosts, you must issue a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and type of notification, each succeeding command overwrites the previous command. Only the last snmp-server host command will be in effect. For example, if you enter an snmp-server host inform command for a host and then enter another snmp-server host inform command for the same host, the second command replaces the first.
The snmp-server host command is used in conjunction with the snmp-server enable command. Use the snmp-server enable command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable command and the snmp-server host command for that host must be enabled.
SUMMARY STEPS
- enable
- configure terminal
- snmp-server host host-id [traps | informs ] [version {1 | 2c | 3 [auth | noauth | priv ]}] community-string [udp-port port-number ] [notification-type ]
- exit
- show snmp host
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | enable Example: | Enables privileged EXEC mode.
|
| Step 2 | configure terminal Example: | Enters global configuration mode. |
| Step 3 | snmp-server host host-id [traps | informs ] [version {1 | 2c | 3 [auth | noauth | priv ]}] community-string [udp-port port-number ] [notification-type ] Example: | Specifies whether you want the SNMP notifications sent as traps or informs, the version of SNMP to use, the security level of the notifications (for SNMPv3), and the recipient (host) of the notifications. |
| Step 4 | exit Example: | Exits global configuration mode. |
| Step 5 | show snmp host Example: | (Optional) Displays the SNMP notifications sent as traps, the version of SNMP, and the host IP address of the notifications. |
Examples
The following example shows the host information configured for SNMP notifications:
Device> enable
Device# configure terminal
Device(config)# snmp-server host 10.2.28.1 informs version 2c public
Device(config)# exit
Device# show snmp host
Notification host: 10.2.28.1 udp-port: 162 type: inform
user: public security model: v2c
traps: 00001000.00000000.00000000Configuring SNMP Version 3
When you configure SNMPv3 and you want to use the SNMPv3 security mechanism for handling SNMP packets, you must establish SNMP groups and users with passwords.
Perform the following tasks to configure SNMPv3.
Specifying SNMP-Server Group Names
SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the group in which the user resides.
No default values exist for authentication or privacy algorithms when you configure the snmp-server group command. Also, no default passwords exist. For information about specifying a MD5 password, see the documentation for the snmp-server user command.
Perform this task to specify a new SNMP group or a table that maps SNMP users to SNMP views.
SUMMARY STEPS
- enable
- configure terminal
- snmp-server group [groupname {v1 | v2c | v3 [auth | noauth | priv ]}] [read readview ] [write writeview ] [notify notifyview ] [access access-list ]
- exit
- show snmp group
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | enable Example: | Enables privileged EXEC mode.
|
| Step 2 | configure terminal Example: | Enters global configuration mode. |
| Step 3 | snmp-server group [groupname {v1 | v2c | v3 [auth | noauth | priv ]}] [read readview ] [write writeview ] [notify notifyview ] [access access-list ] Example: | Configures the SNMP server group to enable authentication for members of a specified named access list.
|
| Step 4 | exit Example: | Exits global configuration mode. |
| Step 5 | show snmp group Example:
| Displays information about each SNMP group on the network. |
Testing
- From the Linux Server running NMIS try to ping the device to verify connectivity
- Then verify SNMP communication by doing an snmpwalk of the device:
|
This command should output something like this:
|