snmp-server community

To set the community access string (password) that permits access to SNMP commands (v1 and v2), use the snmp-server community Global Configuration mode command. This is used for SNMP commands, such as GETs and SETs.

This command configures both SNMP v1 and v2.

To remove the specified community string, use the no form of this command.

Syntax

snmp-server community community-string [ro | rw | su] [ip-address | ipv6-address]

[mask mask | prefix prefix-length] [view view-name]  [type {router | oob}] no snmp-server community community-string [ip-address]  [type {router | oob}]

Parameters

• community-string—Define the password that permits access to the SNMP protocol. (Range: 1–20 characters).
• ro—(Optional) Specifies read-only access (default)
• rw—(Optional) Specifies read-write access
• su—(Optional) Specifies SNMP administrator access
• ip-address—(Optional) Management station IP address. The default is all IP addresses. This can be an IPv4 address, IPv6 or IPv6z address. See IPv6z Address Conventions.
• mask—(Optional) Specifies the mask of the IPv4 address. This is not a network mask, but rather a mask that defines which bits of the packet’s source address are compared to the configured IP address. If unspecified, it defaults to 255.255.255.255. The command returns an error if the mask is specified without an IPv4 address.
• prefix-length—(Optional) Specifies the number of bits that comprise the IPv4 address prefix. If unspecified, it defaults to 32. The command returns an error if the prefix-length is specified without an IPv4 address.
• view view-name—(Optional) Specifies the name of a view configured using the command snmp-server view (no specific order of the command configurations is imposed on the user). The view defines the objects available to the community. It is not relevant for su, which has access to the whole MIB. If unspecified, all the objects, except the community-table and SNMPv3 user and access tables , are available. (Range: 1–30 characters)
• type router—(Optional) Indicates whether the IP address is on the out-of-band or in-band network.

Default Configuration

No community is defined

Command Mode

Global Configuration mode

User Guidelines

The logical key of the command is the pair (community, ip-address). If ip-address is omitted, the key is (community, All-IPs). This means that there cannot be two commands with the same community, ip address pair.

The view-name is used to restrict the access rights of a community string. When a view-name is specified, the software:

• Generates an internal security-name.
• Maps the internal security-name for SNMPv1 and SNMPv2 security models to an internal group-name.
• Maps the internal group-name for SNMPv1 and SNMPv2 security models to view-name (read-view and notify-view always, and for rw for write-view also),

Example

Defines a password for administrator access to the management station at IP address 1.1.1.121 and mask 255.0.0.0.

switchxxxxxx(config)# snmp-server community abcd su 1.1.1.121 mask 255.0.0.0

snmp-server community-group

To configure access rights to a user group, use snmp-server community-group. The group must exist in order to be able to specify the access rights. This command configures both SNMP v1 and v2.

Syntax

snmp-server community-group community-string group-name [ip-address |

ipv6-address] [mask mask | prefix prefix-length]  [type {router | oob}]

Parameters

• community-string—Define the password that permits access to the SNMP protocol. (Range: 1–20 characters).
• group-name—This is the name of a group configured using snmp-server group with v1 or v2 (no specific order of the two command configurations is imposed on the user). The group defines the objects available to the community. (Range: 1–30 characters)
• ip-address—(Optional) Management station IP address. The default is all IP addresses. This can be an IPv4 address, IPv6 or IPv6z address. See IPv6z Address Conventions.
• mask—(Optional) Specifies the mask of the IPv4 address. This is not a network mask, but rather a mask that defines which bits of the packet’s source address are compared to the configured IP address. If unspecified, it defaults to 255.255.255.255. The command returns an error if the mask is specified without an IPv4 address.
• prefix-length—(Optional) Specifies the number of bits that comprise the IPv4 address prefix. If unspecified, it defaults to 32. The command returns an error if the prefix-length is specified without an IPv4 address.
• type router—(Optional) Indicates whether the IP address is on the out-of-band or in-band network.

Default Configuration

No community is defined

Command Mode

Global Configuration mode

User Guidelines

The group-name is used to restrict the access rights of a community string. When a group-name is specified, the software:

• Generates an internal security-name.
• Maps the internal security-name for SNMPv1 and SNMPv2 security models to the group-name.

Example

Defines a password tom for the group abcd that enables this group to access the management station 1.1.1.121 with prefix 8.

switchxxxxxx(config)# snmp-server community-group tom abcd 1.1.1.122 prefix 8

snmp-server server

To enable the device to be configured by the SNMP protocol, use the snmp-server  server Global Configuration mode command. To disable this function, use the no form of this command.

Syntax snmp-server server no snmp-server server

Parameters

This command has no arguments or keywords.

Default Configuration

Enabled

Command Mode

Global Configuration mode

Example

switchxxxxxx(config)# snmp-server server

snmp-server source-interface

To specify the interface from which a Simple Network Management Protocol (SNMP) trap originates the informs or traps, use the snmp-server source-interface command in Global Configuration mode. To returned to the default, use the no form of this command.

Syntax

snmp-server source-interface {traps | informs} interface-id no snmp-server source-interface [traps | informs]

Parameters

• traps—Specifies the SNMP traps interface.
• informs—Specifies the SNMP informs.
• interface-id—Specifies the source interface.

Default Configuration

The source IPv4 address is the IPv4 address defined on the outgoing interface and belonging to next hop IPv4 subnet.

If no parameters are specified in no snmp-server source-interface, the default is both traps and informs.

Command Mode

Global Configuration mode

User Guidelines

If the source interface is the outgoing interface, the interface IP address belonging to next hop IPv4 subnet is applied.

If the source interface is not the outgoing interface, the minimal IPv4 address defined on the source interface is applied.

If there is no available IPv4 source address, a SYSLOG message is issued when attempting to send an SNMP trap or inform.

Use the no snmp-server source-interface traps command to remove the source interface for SNMP traps.

Use the no snmp-server source-interface informs command to remove the source interface for SNMP informs.

Use the no snmp-server source-interface command to remove the source interface for SNMP traps and informs.

Example

The following example configures the VLAN 10 as the source interface for traps.

switchxxxxxx(config)# snmp-server source-interface traps vlan 100

snmp-server source-interface-ipv6

To specify the interface from which a Simple Network Management Protocol (SNMP) trap originates the informs or traps, use the snmp-server source-interface command in Global Configuration mode. To returned to the default, use the no form of this command.

Syntax

snmp-server source-interface-ipv6 {traps | informs} interface-id no snmp-server source-interface-ipv6 [traps | informs]

Parameters

• traps—Specifies the SNMP traps interface.
• informs—Specifies the SNMP traps informs.
• interface-id—Specifies the source interface.

Default Configuration

The IPv6 source address is the IPv6 address of the outgoing interface and selected in accordance with RFC6724.

If no parameters are specified in no snmp-server source-interface, the default is both traps and informs.

Command Mode

Global Configuration mode

User Guidelines

If the source interface is the outgoing interface, the IPv6 address defined on the interfaces is selected in accordance with RFC 6724.

If the source interface is not the outgoing interface, the minimal IPv6 address defined on the source interface with the scope of the destination IPv6 address is applied.

If there is no available IPv6 source address, a SYSLOG message is issued when attempting to send an SNMP trap or inform.

Use the no snmp-server source-interface-ipv6 traps command to remove the source IPv6 interface for SNMP traps.

Use the no snmp-server source-interface-ipv6 informs command to remove the source IPv6 interface for SNMP informs.

Use the no snmp-server source-interface-ipv6 command to remove the source IPv6 interface for SNMP traps and informs.

Example

The following example configures the VLAN 10 as the source interface.

switchxxxxxx(config)# snmp-server source-interface-ipv6 traps vlan 100

snmp-server view

To create or update an SNMP view, use the snmp-server view Global

Configuration mode command. To remove an SNMP view, use the no form of this command.

Syntax

snmp-server view view-name oid-tree {included | excluded} no snmp-server view view-name [oid-tree]

Parameters

• view-name—Specifies the name for the view that is being created or updated. (Length: 1–30 characters)
• included—Specifies that the view type is included.
• excluded—Specifies that the view type is excluded.
• oid-tree—(Optional) Specifies the ASN.1 subtree object identifier to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as System and, optionally, a sequence of numbers. Replace a single sub-identifier with the asterisk (*) wildcard to specify a subtree family; for example 1.3.*.4. This parameter depends on the MIB being specified.

Default Configuration

The following views are created by default:

• Default—Contains all MIBs except for those that configure the SNMP parameters themselves.
• DefaultSuper—Contains all MIBs.

Command Mode

Global Configuration mode

User Guidelines

This command can be entered multiple times for the same view.

The command’s logical key is the pair (view-name, oid-tree). Therefore there cannot be two commands with the same view-name and oid-tree.

The number of views is limited to 64.

Default and DefaultSuper views are reserved for internal software use and cannot be deleted or modified.

Example

The following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) and all objects for interface 1 in the MIB-II interface group (this format is specified on the parameters specified in ifEntry).

switchxxxxxx(config)# snmp-server view user-view system included switchxxxxxx(config)# snmp-server view user-view system.7 excluded switchxxxxxx(config)# snmp-server view user-view ifEntry.*.1 included

snmp-server group

To configure an SNMP group, use the snmp-server group Global Configuration mode command. Groups are used to map SNMP users to SNMP views. To remove an SNMP group, use the no form of this command.

Syntax

snmp-server group groupname {v1 | v2 | v3 {noauth | auth | priv} [notify notifyview]}

[read readview] [write writeview] no snmp-server group groupname {v1 | v2 | v3 [noauth | auth | priv]}

Parameters

• group groupname—Specifies the group name. (Length: 1–30 characters)
• v1—Specifies the SNMP Version 1 security model.
• v2—Specifies the SNMP Version 2 security model.
• v3—Specifies the SNMP Version 3 security model.
• noauth—Specifies that no packet authentication will be performed. Applicable only to the SNMP version 3 security model.
• auth—Specifies that packet authentication without encryption will be performed. Applicable only to the SNMP version 3 security model.
• priv—Specifies that packet authentication with encryption will be performed. Applicable only to the SNMP version 3 security model. Note that creation of SNMPv3 users with both authentication and privacy must be done in the GUI. All other users may be created in the CLI.
• notify notifyview—(Optional) Specifies the view name that enables generating informs or a traps. An inform is a trap that requires acknowledgement. Applicable only to the SNMP version 3 security model. (Length: 1–32 characters)
• read readview—(Optional) Specifies the view name that enables viewing only. (Length: 1–32 characters)
• write writeview—(Optional) Specifies the view name that enables configuring the agent. (Length: 1–32 characters)

Default Configuration No group entry exists.

If notifyview is not specified, the notify view is not defined.

If readview is not specified, all objects except for the community-table and SNMPv3 user and access tables are available for retrieval.

If writeview is not specified, the write view is not defined.

Command Mode

Global Configuration mode

User Guidelines

The group defined in this command is used in the snmp-server user command to map users to the group. These users are then automatically mapped to the views defined in this command.

The command logical key is (groupname, snmp-version, security-level). For snmp-version v1/v2 the security-level is always noauth.

Example

The following example attaches a group called user-group to SNMPv3, assigns the encrypted security level to the group, and limits the access rights of a view called user-view to read-only. User tom is then assigned to user-group. So that user tom has the rights assigned in user-view.

switchxxxxxx(config)# snmp-server group user-group v3 priv read user-view switchxxxxxx(config)# snmp-server user tom user-group v3

show snmp views

To display SNMP views, use the show snmp views Privileged EXEC mode command.

Syntax show snmp views [viewname]

Parameters

viewname—(Optional) Specifies the view name. (Length: 1–30 characters) Default Configuration

If viewname is not specified, all views are displayed.

Command Mode

Privileged EXEC mode

Example

The following example displays the configured SNMP views.

switchxxxxxx# show snmp views

Name	OID Tree	Type
—————-DefaultDefaultDefaultSuper	———————iso snmpNotificationMIB iso	———-IncludedExcludedIncluded

show snmp groups

To display the configured SNMP groups, use the show snmp groups Privileged EXEC mode command.

Syntax show snmp groups [groupname]

Parameters

groupname—(Optional) Specifies the group name. (Length: 1–30 characters)

Default Configuration Display all groups.

Command Mode

Privileged EXEC mode

Example

The following example displays the configured SNMP groups.:

switchxxxxxx# show snmp groups

Name		Security		Views
————user-group managers-group	Model—–V2V2	Level —no_auth no_auth	Read——-DefaultDefault	Write——-“”Default	Notify——-“”””

The following table describes significant fields shown above.

Field	Description
Name		Group name.
Security	Model	SNMP model in use (v1, v2 or v3).
Security	Level	Packet security. Applicable to SNMP v3 security only.
Views	Read	View name enabling viewing the agent contents. If unspecified, all objects except the community-table and SNMPv3 user and access tables are available.
Write	View name enabling data entry and managing the agent contents.
Notify	View name enabling specifying an inform or a trap.

snmp-server user

To configure a new SNMP Version user, use the snmp-server user Global

Configuration mode command. To remove a user, use the no form of the command. To enter the authentication and privacy passwords in encrypted form (see SSD), use the encrypted form of this command.

Syntax

snmp-server user username groupname {v1 | v2c | [remote host] v3[auth {md5 | sha} auth-password [priv priv-password] ]}

no snmp-server user username {v1 | v2c | [remote host] v3[auth {md5 | sha}

Parameters

• username—Define the name of the user on the host that connects to the agent. (Range: Up to 20 characters).
• groupname—The name of the group to which the user belongs. The group should be configured using the command snmp-server group with v1 or v2c parameters (no specific order of the 2 command configurations is imposed on the user). (Range: Up to 30 characters)
• v1—Specifies that the user is a v1 user.
• v2c—Specifies that the user is a v2c user..
• v3—Specifies that the user is a v3 user..
• remote host—(Optional) IP address (IPv4, IPv6 or IPv6z) or host name of the remote SNMP host. See IPv6z Address Conventions.
• auth—(Optional) Specifies which authentication level is to be used.
• md5—(Optional) Specifies the HMAC-MD5-96 authentication level.
• Sha—(Optional) Specifies the HMAC-SHA-96 authentication level.
• auth-password—(Optional) Specifies the authentication password. Range: Up to 32 characters.
• priv-password—(Optional) Specifies the privacy password (The encryption algorithm used is data encryption standard – DES). Range: Up to 64 characters.

Default Configuration No group entry exists.

Command Mode

Global Configuration mode

User Guidelines

For SNMP v1 and v2, this command performs the same actions as snmp-server community-group, except that snmp-server community-group configures both v1 and v2 at the same time. With this command, you must perform it once for v1 and once for v2.

When you enter the show running-config command, you do not see a line for the SNMP user defined by this command. To see if this user has been added to the configuration, type the show snmp user command.

A local SNMP EngineID must be defined in order to add SNMPv3 users to the device (use the snmp-server engineID remote command). For remote hosts users a remote SNMP EngineID is also required (use the snmp-server engineID remote command).

Changing or removing the value of snmpEngineID deletes the SNMPv3 users’ database.

The logical key of the command is username.

Configuring a remote host is required in order to send informs to that host, because an inform is a trap that requires acknowledgement. A configured remote host is also able to manage the device (besides getting the informs)

To configure a remote user, specify the IP address for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server engineID remote command. The remote agent’s SNMP engine ID is needed when computing the authentication and privacy digests from the password. If the remote engine ID is not configured first, the configuration command fails.

Since the same group may be defined several times, each time with different version or different access level (noauth, auth or auth & priv), when defining a user it is not sufficient to specify the group name, rather you must specify group name, version and access level for complete determination of how to handle packets from this user.

Example

This example assigns user tom to group abcd using SNMP v1 and v2c. The default is assigned as the engineID. User tom is assigned to group abcd using SNMP v1 and v2c

switchxxxxxx(config)# snmp-server user tom acbd v1 switchxxxxxx(config)# snmp-server user tom acbd v2c switchxxxxxx(config)# snmp-server user tom acbd v3

show snmp users

To display the configured SNMP users, use the show snmp users Privileged EXEC mode command.

Syntax show snmp users [username]

Parameters

username—(Optional) Specifies the user name. (Length: 1–30 characters)

Default Configuration Display all users.

Command Mode

Privileged EXEC mode

Example

The following examples displays the configured SNMP users:

switchxxxxxx# show snmp users   User name                       :u1rem   Group name                    :group1   Authentication Algorithm      : None   Privacy Algorithm             : None   Remote                        :11223344556677   Auth Password                 :   Priv Password                 :   User name                       : qqq   Group name                    : www   Authentication Algorithm : MD5   Privacy Algorithm             : None   Remote                        :   Auth Password                 : helloworld1234567890987665   Priv Password                 :   User name                       : hello   Group name                    : world   Authentication Algorithm      : MD5   Privacy Algorithm             : DES   Remote                        :   Auth Password (encrypted): Z/tC3UF5j0pYfmXm8xeMvcIOQ6LQ4GOACCGYLRdAgOE6XQKTC                              qMlrnpWuHraRlZj   Priv Password (encrypted) : kN1ZHzSLo6WWxlkuZVzhLOo1gI5waaNf7Vq6yLBpJdS4N68tL   1tbTRSz2H4c4Q4o   User name                       : u1noAuth   Group name                    : group1   Authentication Algorithm      : None   Privacy Algorithm               : None   Remote                          :   Auth Password (encrypted)       :   Priv Password (encrypted)       :   User name                         : u1OnlyAuth   Group name                      : group1   Authentication Algorithm        : SHA   Privacy Algorithm               : None   Remote                          :   Auth Password (encrypted): 8nPzy2hzuba9pG3iiC/q0451RynUn7kq94L9WORFrRM=   Priv Password (encrypted) :

snmp-server host

To configure the host for SNMP notifications: (traps/informs), use the snmp-server host Global Configuration mode command. To remove the specified host, use the no form of this command.

Syntax

snmp-server host {host-ip | hostname} [traps | informs] [version {1 | 2c | 3 [auth |

noauth | priv]}] community-string [udp-port port][timeout seconds] [retries retries] no snmp-server host {ip-address | hostname} [traps | informs] [version {1 | 2c | 3}]

Parameters

• host-ip—IP address of the host (the targeted recipient). The default is all IP addresses. This can be an IPv4 address, IPv6 or IPv6z address. See IPv6z Address Conventions.
• hostname—Hostname of the host (the targeted recipient). (Range: 1–158 characters. Maximum label size of each part of the host name: 63)
• trap—(Optional) Sends SNMP traps to this host (default).
• informs—(Optional) Sends SNMP informs to this host. An inform is a trap that requires acknowledgement. Not applicable to SNMPv1.
• version 1—(Optional) SNMPv1 traps are used.
• version 2c—(Optional) SNMPv2 traps or informs are used
• version 3—(Optional) SNMPv2 traps or informs are used
• Authentication options are available for SNMP v3 only. The following options are available:
  • noauth—(Optional) Specifies no authentication of a packet.
  • auth—(Optional) Specifies authentication of a packet without encryption.
  • priv—(Optional) Specifies authentication of a packet with encryption.
• community-string—Password-like community string sent with the notification operation. (Range: 1–20 characters). For v1 and v2, any community string can be entered here. For v3, the community string must match the user name defined in snmp-server user (ISCLI) command for v3.
• udp-port port—(Optional) UDP port of the host to use. The default is 162. (Range: 1–65535)
• timeout seconds—(Optional) (For informs only) Number of seconds to wait for an acknowledgment before resending informs. The default is 15 seconds. (Range: 1–300)
• retries retries—(Optional) (For informs only) Maximum number of times to resend an inform request, when a response is not received for a generated message. The default is 3. (Range: 0–255)

Default Configuration

Version: SNMP V1

Type of notification: Traps udp-port: 162

If informs are specified, the default for retries: 3

Timeout: 15

Command Mode

Global Configuration mode

User Guidelines

The logical key of the command is the list (ip-address/hostname, traps/informs, version).

When configuring SNMP v1 or v2 notifications recipient, the software automatically generates a notification view for that recipient for all MIBs.

For SNMPv3 the software does not automatically create a user or a notify view.

, use the commands snmp-server user (ISCLI) and snmp-server group to create a user or a group.

Example

The following defines a host at the IP address displayed.

switchxxxxxx(config)# snmp-server host 1.1.1.121 abc

snmp-server engineID local

To specify the SNMP engineID on the local device for SNMP v3, use the snmp-server engineID local Global Configuration mode command. To remove this engine ID, use the no form of this command.

Syntax

snmp-server engineID local {engineid-string | default} no snmp-server engineID local

Parameters

• engineid-string—Specifies a concatenated hexadecimal character string identifying the engine ID. Each byte in a hexadecimal character string is two hexadecimal digits. Bytes are separated by a period or colon. If an odd number of hexadecimal digits are entered, the system automatically prefixes the digit 0 to the string. (Length: 5–32 characters, 9–64 hexadecimal digits)
• default—Specifies that the engine ID is created automatically based on the device MAC address.

Default Configuration

The default engine ID is defined per standard as:

• First 4 octets: First bit = 1, the rest is IANA Enterprise number = 674.
• Fifth octet: Set to 3 to indicate the MAC address that follows.
• Last 6 octets: The device MAC address.

Command Mode

Global Configuration mode

User Guidelines

To use SNMPv3, an engine ID must be specified for the device. Any ID can be specified or the default string, which is generated using the device MAC address, can be used.

As the engineID should be unique within an administrative domain, the following guidelines are recommended:

• Since the engineID should be unique within an administrative domain, use the default keyword to configure the Engine ID or configure it explicitly. In the latter case verify that it is unique within the administrative domain.
• Changing or removing the value of snmpEngineID deletes the SNMPv3 users database.
• The SNMP EngineID cannot be all 0x0 or all 0xF or 0x000000001.

Example

The following example enables SNMPv3 on the device and sets the device local engine ID to the default value.

switchxxxxxx(config)# snmp-server engineid local default   The engine-id must be unique within your administrative domain.   Do you wish to continue? [Y/N]Y   The SNMPv3 database will be erased. Do you wish to continue? [Y/N]Y

snmp-server engineID remote

To specify the SNMP engine ID of a remote SNMP device, use the snmp-server engineID remote Global Configuration mode command. To remove the configured engine ID, use the no form of this command.

Syntax

snmp-server engineID remote ip-address engineid-string no snmp-server engineID remote ip-address

Parameters

• ip-address —IPv4, IPv6 or IPv6z address of the remote device. See IPv6z Address Conventions.
• engineid-string—The character string that identifies the engine ID. The engine ID is a concatenated hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or colon. If the user enters an odd number of hexadecimal digits, the system automatically prefixes the hexadecimal string with a zero.

(Range: engineid-string5–32 characters. 9–64 hexadecimal digits)

Default Configuration

The remote engineID is not configured by default.

Command Mode

Global Configuration mode

User Guidelines

A remote engine ID is required when an SNMP version 3 inform is configured. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.

Example

switchxxxxxx(config)# snmp-server engineID remote 1.1.1.1 11:AB:01:CD:23:44

show snmp engineID

To display the local SNMP engine ID, use the show snmp engineID Privileged EXEC mode command.

Syntax show snmp engineID

Parameters

This command has no arguments or keywords.

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example displays the SNMP engine ID.

switchxxxxxx# show snmp engineID   Local SNMP engineID: 08009009020C0B099C075878   IP address   Remote SNMP engineID   ----------- -------------------------------   172.16.1.1   08009009020C0B099C075879

snmp-server enable traps

To enable the device to send SNMP traps, use the snmp-server enable traps Global Configuration mode command. To disable all SNMP traps, use the no form of the command.

Syntax

snmp-server enable traps no snmp-server enable traps

Default Configuration

SNMP traps are enabled.

Command Mode

Global Configuration mode

User Guidelines

If no snmp-server enable traps has been entered, you can enable failure traps by using snmp-server trap authentication as shown in the example.

Example

The following example enables SNMP traps except for SNMP failure traps.

switchxxxxxx(config)# snmp-server enable traps switchxxxxxx(config)# no snmp-server trap authentication

snmp-server trap authentication

To enable the device to send SNMP traps when authentication fails, use the snmp-server trap authentication Global Configuration mode command. To disable SNMP failed authentication traps, use the no form of this command.

Syntax

snmp-server trap authentication no snmp-server trap authentication

Parameters

This command has no arguments or keywords.

Default Configuration

SNMP failed authentication traps are enabled.

Command Mode

Global Configuration mode

User Guidelines

The command snmp-server enable traps enables all traps including failure traps. Therefore, if that command is enabled (it is enabled by default), this command is not necessary.

Example

The following example disables all SNMP traps and enables only failed authentication traps.

switchxxxxxx(config)# no snmp-server enable traps switchxxxxxx(config)# snmp-server trap authentication

snmp-server contact

To set the value of the system contact (sysContact) string, use the snmp-server contact Global Configuration mode command. To remove the system contact information, use the no form of the command.

Syntax

snmp-server contact text no snmp-server contact

Parameters

text—Specifies system contact information. (Length: 1–160 characters)

Default Configuration

None

Command Mode

Global Configuration mode

Example

The following example sets the system contact information to Technical_Support.

switchxxxxxx(config)# snmp-server contact Technical_Support

snmp-server location

To set the value of the system location string, use the snmp-server location Global Configuration mode command. To remove the location string, use the no form of this command.

Syntax

snmp-server location text no snmp-server location

Parameters

text—Specifies the system location information. (Length: 1–160 characters)

Default Configuration

None

Command Mode

Global Configuration mode

Example

The following example sets the device location to New_York.

switchxxxxxx(config)# snmp-server location New_York

snmp-server set

To define SNMP MIB commands in the configuration file if a MIB performs an action for which there is no corresponding CLI command, use the snmp-server set Global Configuration mode command.

Syntax

snmp-server set variable-name name value [name2 value2…]

Parameters

• variable-name—Specifies an SNMP MIB variable name, which must be a valid string.
• name value—Specifies a list of names and value pairs. Each name and value must be a valid string. In the case of scalar MIBs, there is only a single name-value pair. In the case of an entry in a table, there is at least one name-value pair, followed by one or more fields.

Default Configuration

None

Command Mode

Global Configuration mode

User Guidelines

Although the CLI can set any required configuration, there might be a situation where an SNMP user sets a MIB variable that does not have an equivalent CLI command. To generate configuration files that support those situations, the system uses snmp-server set. This command is not intended for the end user.

Example

The following example configures the scalar MIB sysName with the value TechSupp.

switchxxxxxx(config)# snmp-server set sysName sysname TechSupp

snmp trap link-status

To enable link-status generation of SNMP traps, use the snmp trap link-status Interface Configuration mode command. To disable generation of link-status SNMP traps, use the no form of this command.

Syntax

snmp trap link-status no snmp trap link-status

Parameters

This command has no arguments or keywords.

Default Configuration

Generation of SNMP link-status traps is enabled

Command Mode

Interface Configuration mode

Example

The following example disables generation of SNMP link-status traps.

switchxxxxxx(config)# interface te1/0/1 switchxxxxxx(config-if)# # no snmp trap link-status

show snmp

Created by Sinan KizarLast updated 25 Mar , 2019

To display the SNMP status, use the show snmp Privileged EXEC mode command.

Syntax show snmp

Parameters

This command has no arguments or keywords

Default Configuration

None

Command Mode

Privileged EXEC mode

Example

The following example displays the SNMP communications status.

switchxxxxxx# show snmp   SNMP is enabled   SNMP traps Source IPv4 interface: vlan 1   SNMP informs Source IPv4 interface: vlan 11   SNMP traps Source IPv6 interface: vlan 10 SNMP informs Source IPv6 interface:   Community-String Community-Access View name IP Address Mask ---------------- ---------------- ------------ ---------- ----   public read only user-view All private read write Default 172.16.1.1/10 private su DefaultSuper 172.16.1.1   Community-string Group name      IP Address      Mask    Type ----------------   ----------      ----------      -----public       user-group      All     Router   Traps are enabled.   Authentication trap is enabled.   Version 1,2 notifications   Target Address      Type       Community   Version    UDP        TO        Retries   Port       Sec   -----------         ----       --------    -------    ----       ---       -------   192.122.173.42      Trap       public      2          162        15        3   192.122.173.42      Inform     public      2          162        15        3

Version 3 notifications

Target Address———–192.122.173.42

Type—-Inform

Username——–Bob

SecurityLevel——-Priv

UDPPort—-162

TOSec—15

Retries——-3

System Contact: Robert

System Location: Marketing

The following table describes the significant fields shown in the display.

Field	Description
Community-string	The community access string permitting access to SNMP.
Community-access	The permitted access type—read-only, read-write, super access.
IP Address	The management station IP Address.
Target Address	The IP address of the targeted recipient.
Version	The SNMP version for the sent trap.