- Welcome to the Cisco Nexus 3550F Fusion Documentation
-
- Command Line Interface
- Configuration Management
- User Management
- Diagnostics
- Statistics Logging
- Configuring Ports
- Packet Capture
- Patches and Taps
- FPGA Module
- Switch Objects
- Mux Objects
- MAC Address Table
- IGMP and Multicast
- VLAN Support
- Mirror and Timestamping Fusion
- Mirror and Timestamping Fusion HPT
- Virtual Ports
- LLDP
- SNMP
- TACACS+
- Access Control
- Latency Statistics
- BGP
- Bash Shell
- Automatic Configuration
- Known Issues
SNMP
This section covers the Cisco Nexus 3550-F Fusion's (formerly ExaLINK Fusion) support for SNMP v2c. The MIB file for the Nexus 3550-F can be downloaded here.
Show Configuration
The current status and configuration for SNMP can be obtained by issuing the following command:
admin@N3550-F> config show snmp
SNMP status : disabled
Location :
Contact :
Community name :
Listen port : 161 (default)
SNMP traps : disabled
To view just the status of all services:
admin@N3550-F> show services
Service Status
-------------- --------
telnet enabled
remote-logging disabled
snmp disabled
snmptrap enabled
http enabled
Configuring SNMP
Before SNMP can be used, the shared read community phrase should be set. This is shared between the Nexus 3550-F and the system making the SNMP requests. It can be set, for example:
admin@N3550-F> config snmp read community public
SNMP configuration updated
After which, the service may be enabled.
admin@N3550-F> config snmp enable
SNMP enabled
The location of the Nexus 3550-F can be set in the SNMP configuration. This is available to SNMP through the OID SNMPv2-MIB::sysLocation.0. Similarly, the configured contact details are available through SNMPv2-MIB::sysContact.0.
admin@N3550-F> config snmp location "server room, 6th floor"
SNMP configuration updated
admin@N3550-F> config snmp contact "The Sys Admin <sysadmin@company.org>"
SNMP configuration updated
admin@N3550-F> config show snmp
SNMP status : enabled
Location : server room, 6th floor
Contact : The Sys Admin <sysadmin@company.org>
Community name : public
Listen port : 161 (default)
SNMP traps : disabled
SNMP Traps
The Nexus 3550-F has the ability to send SNMP notifications on important events. To enable this feature, use the command:
admin@N3550-F> config snmp trap enable
SNMP Trap enabled
To specify where the SNMP notifications should be sent, one or more trap targets must be configured using the snmp trap target
command:
admin@N3550-F> config snmp trap target 192.168.220.11 public
SNMP Trap configuration updated
To clear SNMP trap targets use the no
form of the command:
admin@N3550-F> config no snmp trap
Reset SNMP Trap configuration
The current SNMP trap configuration is visible via the show snmp
command:
admin@N3550-F> config show snmp
SNMP status : enabled
Location : server room, 6th floor
Contact : The Sys Admin <sysadmin@company.org>
Community name : public
Listen port : 161 (default)
SNMP traps : enabled
Target address Community
-------------- ---------
192.168.220.11 public
192.168.220.12 public
SNMP v3
SNMP v3 can be configured to operate on the Nexus 3550-F. If an administrator chooses to specify SNMP v3 users then this will change the behaviour of the SNMP system, providing the ability to authentic users,encrypt traffic and generate secure traps.
SNMP v3 requires users to be configured as part of the SNMP configuration. When the operator is adding these users they can decide whether the user should require no authentication, authentication only or authentication and encryption.
A SNMP v3 user can be added to the Nexus 3550-F with the configure snmp user
command. This follows the usage:
admin@N3550-F> configure snmp user
Usage: configure snmp user <name> [{md5-auth|sha-auth} <auth_password> [{aes-encrypt|des-encrypt} <privacy_phrase>]]
For example to add a user with no authentication and no encryption run:
configure snmp user tim
To configure a user with MD5 authentication but not encryption run:
configure snmp user tom md5-auth mypassword1
To configure a user with SHA authentication and AES encryption run:
configure snmp user jim sha-auth mypassword2 aes-encrypt mypassphrase3
To view the configured SNMP users run the show snmp
command which will include a table of the configured users:
User auth-type auth-password encrypt-type encrypt-phrase
---- --------- ------------- ------------ --------------
tim (none) (none) (none) (none)
tom MD5 mypassword1 (none) (none)
jim SHA mypassword2 AES mypassphrase3
If no SNMP v3 users are configured show snmp
will instead contain:
No SNMP v3 users configured
If an administrator has configured SNMP v3 users then when a TRAP is generated the SNMP v3 TRAP functionality will be enforced. The TRAP notifications will be sent to the specified targets using the configured authentication and encryption methods. The TRAP target will need to be configured in a similar manner to observe or act on the SNMP v3 TRAPS.
Before a TRAP target can configure the valid users, the operator will need to identify the engine ID of the SNMP source. This can be done by querying the SNMP OID for the snmpEngineID
.
$ snmpget -v 3 -l noAuthNoPriv -u tim EXALINK SNMP-FRAMEWORK-MIB::snmpEngineID.0
SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 A9 20 03 64 3F 5F 80 C4 00
An example snmptrapd.conf
file that would allow an operator to view SNMP v3 TRAPs raised from the users defined on the Nexus 3550-F above would then be:
createUser -e 0x8000A92003643F5F80C400 tim
authuser log tim
createUser -e 0x8000A92003643F5F80C400 tom MD5 mypassword1
authuser log tom
createUser -e 0x8000A92003643F5F80C400 jim SHA mypassword1 AES mypassphrase3
authuser log jim