SNMP over IPv6

Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Information About SNMP over IPv6

SNMP over an IPv6 Transport

Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6 software. The SNMP agent and related MIBs have been enhanced to support IPv6 addressing. This feature uses the data encryption standard (3DES) and advanced encryption standard (AES) message encryption.

How to Configure SNMP over IPv6

Configuring an SNMP Notification Server over IPv6

Use an SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to regulate access to the agent on the device. Optionally, you can specify one or more of the following characteristics associated with the string:

  • An access list of IP addresses of the SNMP managers that are permitted to use the community string to gain access to the agent.
  • A MIB view, which defines the subset of all MIB objects accessible to the given community.
  • Read and write or read-only permission for the MIB objects accessible to the community.

You can configure one or more community strings. To remove a specific community string, use the no snmp-server community command.

The snmp-server host command specifies which hosts will receive SNMP notifications, and whether you want the notifications sent as traps or inform requests. The snmp-server enable traps command globally enables the production mechanism for the specified notification types (such as Border Gateway Protocol [BGP] traps, config traps, entity traps, and Hot Standby Router Protocol [HSRP] traps).

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number]

    4.    snmp-server engineID remote {ipv4-ip-address | ipv6-address} [udp-port udp-port-number] [vrf vrf-name] engineid-string

    5.    snmp-server group group-name {v1 | v2c | v3 {auth | noauth | priv}} [context context-name] [read read-view] [write write-view] [notify notify-view] [access [ipv6 named-access-list ] {acl-number | acl-name}]

    6.    snmp-server host {hostname | ip-address} [vrf vrf-name] [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type]

    7.    snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 | 256}} privpassword] {acl-number | acl-name} ]

    8.    snmp-server enable traps [notification-type] [vrrp]


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number]


    Example:
    Device(config)# snmp-server community mgr view restricted rw ipv6 mgr2
     

    Defines the community access string.

     
    Step 4 snmp-server engineID remote {ipv4-ip-address | ipv6-address} [udp-port udp-port-number] [vrf vrf-name] engineid-string


    Example:
    Device(config)# snmp-server engineID remote 3ffe:b00:c18:1::3/127 remotev6
     

    (Optional) Specifies the name of the remote SNMP engine (or copy of SNMP).

     
    Step 5 snmp-server group group-name {v1 | v2c | v3 {auth | noauth | priv}} [context context-name] [read read-view] [write write-view] [notify notify-view] [access [ipv6 named-access-list ] {acl-number | acl-name}]


    Example:
    Device(config)# snmp-server group public v2c access ipv6 public2
     

    (Optional) Configures a new SNMP group, or a table that maps SNMP users to SNMP views.

     
    Step 6 snmp-server host {hostname | ip-address} [vrf vrf-name] [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type]


    Example:
    Device(config)# snmp-server host host1.com 2c vrf trap-vrf 
     

    Specifies the recipient of an SNMP notification operation.

    • Specifies whether you want the SNMP notifications sent as traps or informs, the version of SNMP to use, the security level of the notifications (for SNMPv3), and the recipient (host) of the notifications.
     
    Step 7 snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 | 192 | 256}} privpassword] {acl-number | acl-name} ]


    Example:
    Device(config)# snmp-server user user1 bldg1 remote 3ffe:b00:c18:1::3/127 v2c access ipv6 public2
     

    (Optional) Configures a new user to an existing SNMP group.

    Note   

    You cannot configure a remote user for an address without first configuring the engine ID for that remote host. This is a restriction imposed in the design of these commands; if you try to configure the user before the host, you will receive a warning message, and the command will not be executed.

     
    Step 8 snmp-server enable traps [notification-type] [vrrp]


    Example:
    Device(config)# snmp-server enable traps bgp
     

    Enables sending of traps or informs, and specifies the type of notifications to be sent.

    • If a value for the notification-type argument is not specified, all supported notification will be enabled on the device.
    • To discover which notifications are available on your device, enter the snmp-server enable traps ? command.
     

    Configuration Examples for SNMP over IPv6

    Examples: Configuring an SNMP Notification Server over IPv6

    The following example permits any SNMP to access all objects with read-only permission using the community string named public. The device also will send Border Gateway Protocol (BGP) traps to the IPv4 host 172.16.1.111 and IPv6 host 3ffe:b00:c18:1::3/127 using SNMPv1 and to the host 172.16.1.27 using SNMPv2c. The community string named public will be sent with the traps.

    Device(config)# snmp-server community public
    Device(config)# snmp-server enable traps bgp
    Device(config)# snmp-server host 172.16.1.27 version 2c public
    Device(config)# snmp-server host 172.16.1.111 version 1 public
    Device(config)# snmp-server host 3ffe:b00:c18:1::3/127 public
    

    Example: Associate an SNMP Server Group with Specified Views

    In the following example, the SNMP context A is associated with the views in SNMPv2c group GROUP1 and the IPv6 named access list public2:

    Device(config)# snmp-server context A 
    Device(config)# snmp mib community-map commA context A target-list commAVpn
    Device(config)# snmp mib target list commAVpn vrf CustomerA 
    Device(config)# snmp-server view viewA ciscoPingMIB included
    Device(config)# snmp-server view viewA ipForward included 
    Device(config)# snmp-server group GROUP1 v2c context A read viewA write viewA notify access ipv6 public2
    

    Example: Create an SNMP Notification Server

    The following example configures the IPv6 host as the notification server:

    Device> enable
    Device# configure terminal
    Device(config)# snmp-server community mgr view restricted rw ipv6 mgr2
    Device(config)# snmp-server engineID remote 3ffe:b00:c18:1::3/127 remotev6
    Device(config)# snmp-server group public v2c access ipv6 public2
    Device(config)# snmp-server host host1.com 2c vrf trap-vrf 
    Device(config)# snmp-server user user1 bldg1 remote 3ffe:b00:c18:1::3/127 v2c access ipv6 public2
    Device(config)# snmp-server enable traps bgp
    Device(config)# exit
    

    Additional References

    Related Documents

    Related Topic

    Document Title

    IPv6 addressing and connectivity

    IPv6 Configuration Guide

    Cisco IOS commands

    Cisco IOS Master Commands List, All Releases

    IPv6 commands

    Cisco IOS IPv6 Command Reference

    Cisco IOS IPv6 features

    Cisco IOS IPv6 Feature Mapping

    Standards and RFCs

    Standard/RFC

    Title

    RFCs for IPv6

    IPv6 RFCs

    MIBs

    MIB

    MIBs Link

    No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

    To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

    http:/​/​www.cisco.com/​go/​mibs

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for SNMP over IPv6

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 1 Feature Information for SNMP over IPv6

    Feature Name

    Releases

    Feature Information

    SNMP over IPv6

    12.2(33)SRB

    12.2(33)SXI

    12.2(44)SE

    12.2(44)SG

    12.3(14)T

    15.0(2)SG

    Cisco IOS XE Release 2.1

    3.2SG

    SNMP can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6.

    The following commands were introduced or modified: snmp-server community, snmp-server enable traps, snmp-server engineID remote, snmp-server group, snmp-server host, snmp-server user.

    SNMPv3--3DES and AES Encryption Support

    12.2(33)SRB

    12.2(33)SXI

    12.2(50)SG

    12.2(52)SE

    12.4(2)T

    15.0(2)SG

    Cisco IOS XE Release 2.1

    3.2SG

    IPv6 supports the SNMPv3 - 3DES and AES Encryption Support feature.

    No commands were introduced or modified.