SNMP

Simple Network Management Protocol

4.3.b i v2c

General information on “SNMP v2c”:

• Pseudo-security is provided by using community strings
• String is sent in plaintext within SNMP packets
• Each string can either be RO (read only) or RW (read write)
• RO strings can only read information whereas RW strings can manipulate configuration settings
• Each string can also be combined with an ACL
• A NMS server can be defined where traps (information) will automatically be sent to
• Either all or only specific traps can be enabled
• Device location and administrator contact can be defined (optionally, but recommended)

“SNMP v2c” CLI configuration commands:

## Configuring SNMP v2c community strings
Router(config)# snmp-server community <string> [ro | rw] <ACL-NAME>

## Configuring SNMP v2c NMS server and enable traps
Router(config)# snmp-server host <ip> version <version> <string>
Router(config)# snmp-server enable traps <trap>

## Configuring SNMP v2c device location and administrator contact
Router(config)# snmp-server location <location>
Router(config)# snmp-server contact <mail-addr>

4.3.b ii v3

General information on “SNMP v3”:

• With SNMP v3 real security is introduced:
  • noAuthNoPriv: No authentication, no encryption
  • AuthNoPriv: Authentication, no encryption
  • AuthPriv: Authentication, encryption
• Three new elements are introduced as well:
  • SNMP view: Defines which OIDs a user can access (“view”)
  • SNMP group: Contains user and has a view assigned (optionally)
  • SNMP user: Each user has a username/password and is assigned to a group
• When creating a group and nothing read/write attribute is specified, it’s read only
• A NMS server can be defined where traps (information) will automatically be sent to
• Either all or only specific traps can be enabled
• Device location and administrator contact can be defined (optionally, but recommended)

“SNMP v3” CLI configuration commands:

## Configuring a SNMP v3 view
Router(config)# snmp-server view <view-name> <mib> [included | excluded]

## Configuring a SNMP v3 group
Router(config)# snmp-server group <group-name> [noauth | auth | priv] [read | write] <view-name>

## Configuring a SNMP v3 user
Router(config)# snmp-server user <username> <group-name> v3 auth [md5 | sha] <password> [priv] [aes | des | 3des] <bit-integer> <key>

“SNMP v3” CLI show commands:

## Showing configured SNMP v3 views
Router# show snmp view

## Showing configured SNMP v3 groups
Router# show snmp group

## Showing configured SNMP v3 users
Router# show snmp user