SNMP
Simple Network Management Protocol
4.3.b i v2c
General information on “SNMP v2c”:
- Pseudo-security is provided by using community strings
- String is sent in plaintext within SNMP packets
- Each string can either be RO (read only) or RW (read write)
- RO strings can only read information whereas RW strings can manipulate configuration settings
- Each string can also be combined with an ACL
- A NMS server can be defined where traps (information) will automatically be sent to
- Either all or only specific traps can be enabled
- Device location and administrator contact can be defined (optionally, but recommended)
“SNMP v2c” CLI configuration commands:
## Configuring SNMP v2c community strings
Router(config)# snmp-server community <string> [ro | rw] <ACL-NAME>
## Configuring SNMP v2c NMS server and enable traps
Router(config)# snmp-server host <ip> version <version> <string>
Router(config)# snmp-server enable traps <trap>
## Configuring SNMP v2c device location and administrator contact
Router(config)# snmp-server location <location>
Router(config)# snmp-server contact <mail-addr>
4.3.b ii v3
General information on “SNMP v3”:
- With SNMP v3 real security is introduced:
- noAuthNoPriv: No authentication, no encryption
- AuthNoPriv: Authentication, no encryption
- AuthPriv: Authentication, encryption
- Three new elements are introduced as well:
- SNMP view: Defines which OIDs a user can access (“view”)
- SNMP group: Contains user and has a view assigned (optionally)
- SNMP user: Each user has a username/password and is assigned to a group
- When creating a group and nothing read/write attribute is specified, it’s read only
- A NMS server can be defined where traps (information) will automatically be sent to
- Either all or only specific traps can be enabled
- Device location and administrator contact can be defined (optionally, but recommended)
“SNMP v3” CLI configuration commands:
## Configuring a SNMP v3 view
Router(config)# snmp-server view <view-name> <mib> [included | excluded]
## Configuring a SNMP v3 group
Router(config)# snmp-server group <group-name> [noauth | auth | priv] [read | write] <view-name>
## Configuring a SNMP v3 user
Router(config)# snmp-server user <username> <group-name> v3 auth [md5 | sha] <password> [priv] [aes | des | 3des] <bit-integer> <key>
“SNMP v3” CLI show commands:
## Showing configured SNMP v3 views
Router# show snmp view
## Showing configured SNMP v3 groups
Router# show snmp group
## Showing configured SNMP v3 users
Router# show snmp user