Enforcing SNMP Message Encryption
You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP
agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco
NX-OS responds with an authorization error for any SNMPv3 PDU request that uses a security level parameter
of either noAuthNoPriv or authNoPriv.
Use the following command in global configuration mode to enforce SNMP message encryption for a specific
user:
PurposeCommand
Enforces SNMP message encryption for this user.
switch(config)# snmp-server user name enforcePriv
Use the following command in global configuration mode to enforce SNMP message encryption for all users:
PurposeCommand
Enforces SNMP message encryption for all users.switch(config)# snmp-server globalEnforcePriv
Assigning SNMPv3 Users to Multiple Roles
After you configure an SNMP user, you can assign multiple roles for the user.
Only users who belong to a network-admin role can assign roles to other users.
Note
PurposeCommand
Associates this SNMP user with the configured user role.
switch(config)# snmp-server user name group
Creating SNMP Communities
You can create SNMP communities for SNMPv1 or SNMPv2c.
PurposeCommand
Creates an SNMP community string.
switch(config)# snmp-server community name group {ro | rw}
Filtering SNMP Requests
You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL
allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops
the request and sends a system message.
Create the ACL with the following parameters:
• Source IP address
• Destination IP address
Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 7.x
97
Configuring SNMP
Enforcing SNMP Message Encryption
To Next Page
Loading...
