The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
To show the Simple Network Management Protocol (SNMP) service status, use the show snmp-server Privileged EXEC mode command.
show snmp-server
N/A
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server
SNMP is enabled
System Contact : test
System Location : test_locationTo show the SNMP communities defined on the switch, use the show snmp-server community Privileged EXEC mode command.
show snmp-server community
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server community
Community Name Group Name View Access
-------------------- ------------------------------ ------------------------------ ------------
test all ro
Total Entries: 1The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
Community Name |
SNMP community name. |
|
Group name |
SNMP group associated with the SNMP community to determine the access rights. |
|
View |
SNMP view that can access the SNMP community. all indicates that any IP device can access the SNMP community. |
|
Access |
Community access level. The options are:
|
To show the SNMPv3 engine IDs defined on the switch, use the show snmp-server engineid Privileged EXEC command.
show snmp-server engineid
N/A
Privileged EXEC mode
switchxxxxxx# show snmp engineid
Local SNMPV3 Engine id: 00036D001000
IP address Remote SNMP engineID
----------------------------------------------------------------------------
192.168.1.55 00036D10000A
Total Entries: 1The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
Local SNMPV3 Engine id |
Local SNMP engine ID of the switch. |
|
IP address |
IP address of the remote host that receives the traps. |
|
Remote SNMP engineID |
Remote SNMP engine ID. |
To show all SNMP groups defined on the switch, use the show snmp-server group Privileged EXEC mode command.
show snmp-server group
N/A
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server group
Group Name Model Level ReadView
WriteView NotifyView
------------------------------ ------ ------------ ------------------------------ ------------------------------ ------------------------------
testgroup v1 noauth all
all all
Total Entries: 1The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
Group Name |
SNMP Group name. |
|
Model |
SNMP version in use (v1, v2c, or v3). |
|
Level |
Packet authentication with encryption (Applicable to SNMPv3 security only). The options are:
|
|
ReadView |
SNMP view enabling viewing the agent contents. If not specified, all objects except the community-table, SNMPv3 user, and access tables are available. |
|
WriteView |
SNMP view enabling data entry and managing the agent contents. |
|
NotifyView |
SNMP view enabling receiving the notify object ID for the agent contents. (It’s not used for application) |
To show all SNMP notification recipients defined on the switch, use the show snmp-server host Privileged EXEC mode command.
show snmp-server host
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server host
Server Community Name Notification Version Notification Type UDP Port Retries Timeout
----------------------------------------------------------------------------------------------------------------
10.172.1.1 public v3 trap -- -- --
Total Entries: 1The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
Server |
IP address or hostname of the SNMP notification recipient. |
|
Community Name |
SNMP community of the trap manager. |
|
Notification Version |
SNMP version for SNMP traps. |
|
Notification Type |
Send traps or informs to the recipients. |
|
UDP Port |
UDP port used for notifications on the recipient device. |
|
Retries |
Number of times that the switch resends an inform request. |
|
Timeout |
Number of seconds that the switch waits before resending informs. |
To show whether SNMP traps are enabled or disabled on the switch, use the show snmp-server trap Privileged EXEC mode command.
show snmp-server trap
N/A
N/A
Privileged EXEC mode
switchxxxxx# show snmp-server trap
SNMP auth failed trap : Enable
SNMP linkUpDown trap : Enable
SNMP warm-start trap : Enable
SNMP cold-start trap : Enable
SNMP port security trap: EnableTo show all SNMP views defined on the switch, use the show snmp-server view Privileged EXEC mode command.
show snmp-server view
N/A
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server view
View Name Subtree OID OID Mask View Type
------------ ---------------------- ---------------------- ---------
all .1 all included
agon .1.3.6.1 all included
Total Entries: 2The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
View Name |
SNMP view name. |
|
Subtree OID |
Subtree Object ID . All descendants of this node are included or excluded in the view. |
|
OID Mask |
Object ID mask. |
|
View Type |
Shows that the selected MIBs are included or excluded in this view. |
To show all SNMP users defined on the switch, use the show snmp-server user Privileged EXEC mode command.
show snmp-server user
N/A
N/A
Privileged EXEC mode
switchxxxxxx# show snmp-server user
Username: snmpuser
Password: ********
Access GroupName: snmpgroup
Authentication Protocol: md5
Encryption Protocol: none
Access SecLevel: auth
Total Entries: 1The following table describes the significant fields shown in the example:
|
Field |
Description |
|---|---|
|
Username |
Name of the SNMP user. |
|
Password |
MD5 or SHA password or key to authenticate the SNMP user. |
|
Access GroupName |
SNMP group to which the SNMP user belongs. |
|
Authentication Protocol |
Authentication method. The options are:
|
|
Encryption Protocol |
Encryption protocol to encrypt the authentication password. |
|
Access SecLevel |
Security level attached to the group. The available options are:
|
To enable SNMP on the switch, use the snmp-server Global Configuration mode command.
To disable SNMP on the switch, use the no form of this command.
snmp-server
no snmp-server
N/A
N/A
Global Configuration mode
switchxxxxxx(config)# snmp-serverTo define an SNMP community that permits access to SNMP commands (v1 and v2), use the snmp-server community Global Configuration mode command.
To delete an SNMP community, use the no form of this command.
snmp-server community community-string [view view-name] {ro | rw}
snmp-server community community-string group group-name
no snmp-server community community-string
community-string—The SNMP community name. The community string is used as an input parameter to snmp-server user for SNMPv3. (Range: 0 to 20 characters)
view view-name—(Optional) Specifies the SNMP view (configured using the snmp-server view command) to define the objects available to the community. It is not relevant for su, which has access to the whole MIB. If unspecified, all objects, except the community-table, SNMPv3 user, and access tables, are available. (Range: 1 to 30 characters)
ro—Read-only access (default).
rw—Read-write access.
group group-name—Specifies the SNMP group (configured using the snmp-server group command with v1 or v2) to define the objects available to the community. (Range: 1 to 30 characters)
No SNMP community is defined.
Global Configuration mode
To associate communities with access rights directly (basic mode), use the snmp-server community community-string [view view-name] {ro | rw} command. The view-name value is used to restrict the access rights of a community string. When a view name is specified, the software:
Generates an internal security name.
Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name.
Maps the internal group name for SNMPv1 and SNMPv2 security models to the view name (read-view and notify-view always, and for rw for write-view also).
To associate communities with access rights through groups (advanced mode), use the snmp-server community community-string group group-name command. The group-name value is used to restrict the access rights of a community string. When a group name is specified, the software:
Generates an internal security name.
Maps the internal security name for SNMPv1 and SNMPv2 security models to the group name.
The following example defines an SNMP community comm1 and associates it with the group abcd:
switchxxxxxx(config)# snmp-server community comm1 group abcdTo set the system contact, use the snmp-server contact Global Configuration mode command.
snmp-server contact contact
contact—The system contact name. (Length: 0 to 256 characters)
No contact name is defined.
Global Configuration mode
switchxxxxxx(config)# snmp-server contact RobertTo define a local SNMPv3 engine ID, use the snmp-server engineid Global Configuration mode command.
snmp-server engineid {default | ENGINEID}
default—Uses the default generated SNMP engine ID.
ENGINEID—Specifies a local SNMP engine ID. The engine ID is a 10 to 64 hexadecimal characters. The hexadecimal number must be divided by 2.
The default SNMP engine ID is based on the MAC address of the switch.
Global Configuration mode
switchxxxxxx(config)# snmp-server engineid 00036D001122To define a remote host for the SNMP engine, use the snmp-server engineid remote Global Configuration mode command.
snmp-server engineid remote host-ip ENGINEID
host-ip—The IP address or hostname of the remote host (the targeted recipient). The default is all IP addresses.
ENGINEID—The remote SNMP engine ID. The engine ID is a 10 to 64 hexadecimal characters. The hexadecimal number must be divided by 2.
N/A
Global Configuration mode
switchxxxxxx(config)# snmp-server engineid remote 172.10.77.1 00036D0012To define an SNMP group, use the snmp-server group Global Configuration mode command. Groups are used to map SNMP users to SNMP views (using the snmp-server user command).
To delete an SNMP group, use the no form of this command.
snmp-server group groupname {v1 | v2c | v3} {noauth | auth | priv} read-view readview write-view writeview [notify-view notifyview]
no snmp-server group groupname {v1 | v2c | v3} {noauth | auth | priv}
groupname—The SNMP group name. (Length: 1 to 30 characters)
{v1 | v2c | v3}—Specifies the SNMP version.
noauth—Specifies that no packet authentication will be performed. Applicable only to the SNMP version 3 security model.
auth—Specifies that packet authentication without encryption will be performed. Applicable only to the SNMP version 3 security model.
priv—Specifies that packet authentication with encryption will be performed. Applicable only to the SNMP version 3 security model. Note that creation of SNMPv3 users with both authentication and privacy must be done in the GUI. All other users may be created in the CLI.
read-view readview—Sets the view name that enables viewing only. (Length: 1 to 30 characters)
write-view writeview—Sets the view name that enables configuring the agent. (Length: 1 to 30 characters; setting "" means no write view)
notify-view notifyview—(Optional) Sets the view name that sends only traps with contents that is included in SNMP view selected for notification. Otherwise, there is no restriction on the contents of the traps. This can only be available for SNMPv3. (Length: 1 to 30 characters)
No group entry exists.
If the notifyview value is not specified, the notify view is not defined.
If the readview value is not specified, all objects except for the community table, SNMPv3 user, and access tables are available for retrieval.
If the writeview value is not specified, the write view is not defined.
Global Configuration mode
The group defined in this command is used in the snmp-server user command to map SNMP users to the SNMP group. These users are then automatically mapped to SNMP views defined in this command.
The security level for SNMP v1 or v2 is always noauth.
switchxxxxxx(config)# snmp-server group user-group v3 priv read-view view1 write-view view2To configure the hosts to receive SNMP notifications (traps or informs), use the snmp-server host Global Configuration mode command.
To delete an SNMP notification recipient, use the no form of this command.
snmp-server host {ipv4address | hostname | ipv6address} [traps | informs] [version {1 | 2c | 3} [noauth | auth | priv]] community-string [udp-port port-number ] [timeout timeout-value] [retries retry-time]
no snmp-server host {ipv4address | hostname | ipv6address}
ipv4address—IPv4 address of the host (the targeted recipient). The default is all IP addresses.
hostname—Hostname of the host (the targeted recipient).
ipv6address—IPv6 address of the host (the targeted recipient). The default is all IP addresses.
traps—(Optional) Sends SNMP traps to the host. This is the default setting.
informs—(Optional) Sends SNMP informs to the host.
version {1 | 2c | 3}—(Optional) Specifies the SNMP version.
1—SNMPv1 traps are used.
2c—SNMPv2 traps or informs are used.
3—SNMP version 3 is used.
noauth—(Optional) Specifies that no packet authentication will be performed. Applicable only to the SNMP version 3 security model.
auth—(Optional) Specifies that packet authentication without encryption will be performed. Applicable only to the SNMP version 3 security model.
priv—(Optional) Specifies that packet authentication with encryption will be performed. Applicable only to the SNMP version 3 security model. Note that creation of SNMPv3 users with both authentication and privacy must be done in the GUI. All other users may be created in the CLI.
community-string—The SNMP community sent with the notification operation. For SNMP v1 and v2, any community string can be entered here. (Range: 1 to 20 characters)
udp-port port-number—(Optional) Specifies the UDP port number.
timeout timeout-value—(Optional) Specifies the SNMP inform timeout.
retries retry-time—(Optional) Specifies the number of SNMP inform retries.
The default SNMP version is SNMPv1.
Global Configuration mode
Use the snmp-server user, snmp-server group, and snmp-server view commands to create a SNMP user, a SNMP group, or a SNMP view.
switchxxxxxx(config)# snmp-server host 1.1.1.121 abcTo set the system location, use the snmp-server location Global Configuration mode command.
snmp-server location location
location—The system location. (Length: 0 to 256 characters)
No location name is defined.
Global Configuration mode
switchxxxxxx(config)# snmp-server location NewYorkTo send SNMP traps when the authentication fails, use the snmp-server trap Global Configuration mode command.
To disable SNMP traps, use the no form of this command.
snmp-server trap [auth | cold-start | linkUpDown | port-security | warm-start]
no snmp-server trap [auth | cold-start | linkUpDown | port-security | warm-start]
auth—(Optional) Enables the SNMP authentication failure trap.
cold-start—(Optional) Enables the SNMP bootup cold startup trap.
linkUpDown—(Optional) Enables the SNMP link up and down trap.
port-security—(Optional) Enables the port security trap.
warm-start—(Optional) Enables the SNMP bootup warm startup trap.
SNMP auth, cold-start, warm-start, port-security, and linkUpDown traps are enabled.
Global Configuration mode
switchxxxxxx(config)# snmp-server trap authTo define an SNMP user, use the snmp-server user Global Configuration mode command.
To delete an SNMP user, use the no form of the command.
snmp-server user username groupname [auth {sha | sha224 | sha256 | sha384 | sha512} AUTHPASSWD]
snmp-server user username groupname auth {sha | sha224 | sha256 | sha384 | sha512}} AUTHPASSWD priv PRIVPASSWD
no snmp-server user username
username—Specifies the name of the user on the host that connects to the SNMP agent. (Range: 1 to 30 characters). For SNMP v1 or v2c, this username must match the community string entered in the snmp-server host command.
groupname—Specifies the SNMP group to which the SNMP user belongs. The SNMP group should be configured using the snmp-server group command with v1 or v2c parameters. (Range: 1 to 30 characters)
auth {md5 | sha}—(Optional) Specifies the protocol to authenticate the SNMP user. The options are:
md5—Uses the HMAC-MD5-96 authentication protocol.
Sha—Uses the HMAC-SHA-96 authentication protocol.
AUTHPASSWD—(Optional) The authentication password. (Length: 8 to 32 characters)
priv PRIVPASSWD—Specifies the private password for the privacy key. (Length: 8 to 64 characters)
N/A
Global Configuration mode
switchxxxxxx(config)# snmp-server user tom acbdTo define an SNMP view, use the snmp-server view Global Configuration mode command.
To delete an SNMP view, use the no form of this command.
snmp-server view view-name subtree oid-tree oid-mask {all | MASK} viewtype {included | excluded}
no snmp-server view view-name subtree [oid-tree | all]
view-name—The SNMP view name. (Length: 1 to 30 characters)
subtree oid-tree—Specifies the ASN.1 subtree object identifier (OID) to be included or excluded from the SNMP view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as System and, optionally, a sequence of numbers. Replace a single subidentifier with the asterisk (*) wildcard to specify a subtree family; for example, 1.3.*.4. This parameter depends on the MIB being specified.
oid-mask {all | MASK}—Specifies the family mask. It is used to define a family of view subtrees. For example, OID mask is 11111010.10000000. The length of the OID mask must be less than the length of subtree OID.
viewtype included—Includes the selected MIBs in the view.
viewtype excluded—Excludes the selected MIBs in the view.
N/A
Global Configuration mode
This command can be entered multiple times for the same SNMP view.
The command’s logical key is the pair (view-name, oid-tree). Two commands cannot have the same view-name and oid-tree.
The number of SNMP views is limited to 16.
switchxxxxxx(config)# ssnmp-server view agon subtree 1.3.6.1 oid-mask all viewtype included
switchxxxxxx(config)# snmp-server view userview subtree 1.3.6.1.2 oid-mask 1111110 viewtype excluded
Feedback