SNMP
SNMP Versions and Workflow
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 273
19
SNMP agents maintain a list of variables that are used to manage the switch.
These variables are defined in the MIB. The MIB presents the variables controlled
by the agent. All MIBs supported by the switch are listed in the Supported MIBs
section.
NOTE Due to the security vulnerabilities of other versions, we recommend that you use
SNMPv3.
SNMP v3
In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies
access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs.
SNMPv3 also defines a User Security Model (USM) that includes:
• Authentication—Provides data integrity and data origin authentication.
• Privacy—Protects against disclosure message content. Cipher Block-
Chaining (CBC) is used for encryption. Either authentication alone is enabled
on an SNMP message, or both authentication and privacy are enabled on an
SNMP message. However, privacy cannot be enabled without
authentication.
• Timeliness—Protects against message delay or playback attacks. The
SNMP agent compares the incoming message time stamp to the message
arrival time.
• Key Management—Defines key generation, key updates, and key use. The
switch supports SNMP notification filters based on Object IDs (OIDs). OIDs
are used by the switch to manage device features.
SNMP Workflow
NOTE For security reasons, SNMP is disabled by default. Before you can manage the
switch via SNMP, you must enable the SNMP service on the switch as described in
the Configuring TCP/UDP Services section.
The following is the recommended series of actions for configuring SNMP:
If you decide to use SNMP v1 or v2:
STEP 1 If desired, define SNMP views on the SNMP > Views page, as described in the
Configuring SNMP Views section.
STEP 2 Define SNMP groups on the SNMP > Groups page, as described in the
Configuring SNMP Groups section. The group can be associated with the
specified SNMP view.
To Next Page
Loading...
