Chapter 1
| Initial Switch Configuration
Enabling SNMP Management Access
– 79 –
Console(config)#snmp-server community admin rw
Console(config)#snmp-server community private
Console(config)#
Note:
If you do not intend to support access to SNMP version 1 and 2c clients, we
recommend that you delete both of the default community strings. If there are no
community strings, then SNMP management access from SNMP v1 and v2c clients
is disabled.
Trap Receivers
You can also specify SNMP stations that are to receive traps from the switch. To
configure a trap receiver, use the “snmp-server host” command. From the
Privileged Exec level global configuration mode prompt, type:
“snmp-server host host-address community-string [version {1 | 2c | 3 {auth |
noauth | priv}}]”
where “host-address” is the IP address for the trap receiver, “community-string”
specifies access rights for a version 1/2c host, or is the user name of a version 3 host,
“version” indicates the SNMP client version, and “auth | noauth | priv” means that
authentication, no authentication, or authentication and privacy is used for v3
clients. Then press <Enter>. For a more detailed description of these parameters,
see the snmp-server host command. The following example creates a trap host for
each type of SNMP client.
Console(config)#snmp-server host 10.1.19.23 batman
Console(config)#snmp-server host 10.1.19.98 robin version 2c
Console(config)#snmp-server host 10.1.19.34 barbie version 3 auth
Console(config)#
Configuring Access for SNMP Version 3 Clients
To configure management access for SNMPv3 clients, you need to first create a
view that defines the portions of MIB that the client can read or write, assign the
view to a group, and then assign the user to a group. The following example creates
one view called “mib-2” that includes the entire MIB-2 tree branch, and then
another view that includes the IEEE 802.1d bridge MIB. It assigns these respective
read and read/write views to a group call “r&d” and specifies group authentication
via MD5 or SHA. In the last step, it assigns a v3 user to this group, indicating that
MD5 will be used for authentication, provides the password “greenpeace” for
authentication, and the password “einstien” for encryption.
Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included
Console(config)#snmp-server view 802.1d 1.3.6.1.2.1.17 included
Console(config)#snmp-server group r&d v3 auth read mib-2 write 802.1d
Console(config)#snmp-server user steve group r&d v3 auth md5 greenpeace priv
des56 einstien
Console(config)#
To Next Page
Loading...
Need help?
General