Онлайн-демонстрация
Связаться с нами
8.6. Configuring SNMP
Overview
Function Introduction
SNMP is an application-layer protocol that provides a message format for communication between managers and agents. The SNMP system consists of an SNMP manager, an SNMP agent, and a MIB. The SNMP manager can be part of a network management system (NMS). The agent and MIB reside on the switch. To configure SNMP on the switch, you define the relationship between the manager and the agent. The SNMP agent contains MIB variables whose values the SNMP manager can request or change. A manager can get a value from an agent or store a value into the agent. The agent gathers data from the MIB, the repository for information about device parameters and network data. The agent can also respond to a manager’s requests to get or set data. An agent can send unsolicited traps to the manager. Traps are messages alerting the SNMP manager to a condition on the network. Error user authentication, restarts, link status (up or down), MAC address tracking, closing of a Transmission Control Protocol (TCP) connection, loss of connection to a neighbor, or other significant events may send a trap.
Principle Description
SNMP module is based on the following RFC draft:
SNMPv1: Defined in RFC 1157.
SNMPv2C: Defined in RFC 1901.
SNMPv3: Defined in RFC 2273 to 2275.
Following is a brief description of terms and concepts used to describe the SNMP protocol:
Agent: A network-management software module, an agent has local knowledge of management information and translates that information into a form compatible with SNMP.
Management Information Base (MIB): Management Information Base, collection of information is organized hierarchically.
Engine ID: A unique ID for a network’s node.
Trap: Used by managed devices to asynchronously report events to the NMS.
Configuration
As shown in the figure SNMP agent gathers data from the MIB. The agent can send traps, or notification of certain events, to the SNMP manager, which receives and processes the traps. Traps alert the SNMP manager to a condition on the network such as improper user authentication, restarts, link status (up or down), MAC address tracking, and so forth. The SNMP agent also responds to MIB-related queries sent by the SNMP manager in get-request, get-next-request, and set-request format.
Enable SNMP
step 1 Enter the configure mode
Switch# configure terminal
step 2 Enable SNMP globally
Switch(config)# snmp-server enable
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show running-config
snmp-server enable
Configuring community string
You use the SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to permit access to the agent on the switch. Optionally, you can specify one or more of these characteristics associated with the string:
A MIB view, which defines the subset of all MIB objects accessible to the given community
Read and write or read-only permission for the MIB objects accessible to the community
Beginning in privileged EXEC mode, follow these steps to configure a community string on the switch.
step 1 Enter the configure mode
Switch# configure terminal
step 2 Configuring community string
Configure a view named “DUT”(optional); Configure a community named “public” with read access and view “DUT”.
Switch(config)# snmp-server view DUT included 1
Switch(config)# snmp-server community public read-write (view DUT)
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show running-config
snmp-server enable
snmp-server view DUT included .1
snmp-server community public read-only view DUT
Configuring SNMPv3 Groups, Users and Accesses
You can specify an identification name (engine ID) for the local SNMP server engine on the switch. You can configure an SNMP server group that maps SNMP users to SNMP views, you can add new users to the SNMP group, and you can add access for the SNMP group.
Beginning in privileged EXEC mode, follow these steps to configure SNMP on the switch.
step 1 Enter the configure mode
Switch# configure terminal
step 2 Set the globle configurations for SNMP
Set engineID; Set the user name, password, and authentication type; Create SNMP server; Set the authority for the group member.
Switch(config)# snmp-server engineID 8000123456
Switch(config)# snmp-server usm-user usr1 authentication md5 mypassword privacy des yourpassword
Switch(config)# snmp-server group grp1 user usr1 security-model usm
Switch(config)# snmp-server access grp1 security-model usm noauth
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show running-config
snmp-server engineID 8000123456
snmp-server usm-user usr1 authentication md5 mypassword privacy des yourpassword
snmp-server group grp1 user usr1 security-model usm
snmp-server access grp1 security-model usm noauth
SNMPv1 and SNMPv2 notifications configure
Beginning in privileged EXEC mode, follow these steps to configure SNMP on the switch.
step 1 Enter the configure mode
Switch# configure terminal
step 2 Set the global configurations for SNMP
Enable all supported traps; Configure a remote trap manager which IP is “10.0.0.2”; Configure a remote trap manager which IPv6 address is “2001:1000::1”.
Switch(config)# snmp-server trap enable all
Switch(config)# snmp-server trap target-address 10.0.0.2 community public
Switch(config)# snmp-server trap target-address 2001:1000::1 community public
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show running-config
snmp-server trap target-address 10.0.0.2 community public
snmp-server trap target-address 2001:1000::1 community public
snmp-server trap enable vrrp
snmp-server trap enable igmp snooping
snmp-server trap enable ospf
snmp-server trap enable pim
snmp-server trap enable stp
snmp-server trap enable system
snmp-server trap enable coldstart
snmp-server trap enable warmstart
snmp-server trap enable linkdown
snmp-server trap enable linkup
Configuring SNMPv3 notifications
step 1 Enter the configure mode
Switch# configure terminal
step 2 Set the global configurations for SNMP
Enable all supported traps; Configure a trap notify item for SNMPv3; Configure a remote trap manager’s IP address; Configure a remote trap manager’s IPv6 address; Add a local user to SNMPv3 notifications.
Switch(config)# snmp-server trap enable all
Switch(config)# snmp-server notify notif1 tag tmptag trap
Switch(config)# snmp-server target-address targ1 param parm1 10.0.0.2 taglist tmptag
Switch(config)# snmp-server target-address t1 param p1 2001:1000::1 taglist tag1
Switch(config)# snmp-server target-params parm1 user usr1 security-model v3 message-processing v3 noauth
step 3 Exit the configure mode
Switch(config)# end
step 4 Validation
Switch# show running-config
snmp-server notify notif1 tag tmptag trap
snmp-server target-address t1 param p1 2001:1000::1 taglist tag1
snmp-server target-address targ1 param parm1 10.0.0.2 taglist tmptag snmp-server target-params parm1 user usr1 security-model v3
message-processing v3 noauth
snmp-server trap enable vrrp
snmp-server trap enable igmp snooping
snmp-server trap enable ospf
snmp-server trap enable pim
snmp-server trap enable stp
snmp-server trap enable system
snmp-server trap enable coldstart
snmp-server trap enable warmstart
snmp-server trap enable linkdown
snmp-server trap enable linkup
Application cases
N/A