527
Cisco Systems, Inc. www.cisco.com
Configuring SNMP
Prerequisites for SNMP
An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An
SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP
engine.
If the switch starts and the switch startup configuration has at least one snmp-server global configuration
command, the SNMP agent is enabled.
When configuring an SNMP group, do not specify a notify view. The snmp-server host global configuration
command autogenerates a notify view for the user and then adds it to the group associated with that user. Modifying
the group's notify view affects all users associated with that group. See the Cisco IOS Network Management
Command Reference for information about when you should configure notify views.
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where
the user resides.
Before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server
engineID global configuration with the remote option. The remote agent's SNMP engine ID and user password are
used to compute the authentication and privacy digests. If you do not configure the remote engine ID first, the
configuration command fails.
Restrictions for SNMP
When configuring SNMP informs, you need to configure the SNMP engine ID for the remote agent in the SNMP
database before you can send proxy requests or informs to it.
If a local user is not associated with a remote host, the switch does not send informs for the auth (authNoPriv) and
the priv (authPriv) authentication levels.
Changing the value of the SNMP engine ID has important implications. A user's password (entered on the command
line) is converted to an MD5 or SHA security digest based on the password and the local engine ID. The
command-line password is then destroyed, as required by RFC 2274. Because of this deletion, if the value of the
engine ID changes, the security digests of SNMPv3 users become invalid, and you need to reconfigure SNMP users
by using the snmp-server user username global configuration command. Similar restrictions require the
reconfiguration of community strings when the engine ID changes.
To Next Page
Loading...
Need help?
General
