Configuring Communication Services

This chapter includes the following sections:

Remote Access Policies
SNMP Policies

Remote Access Policies

Cisco UCS Central supports global remote access policies defining the interfaces monitoring policy, displaying SSH configuration status, and providing policy settings for HTTP, Telnet, web session limits and CIM XML.

Configuring HTTP
Configuring Telnet
Configuring Web Session Limits
Configuring CIM XML
Configuring Interfaces Monitoring

Configuring HTTP

Configuring an HTTP Remote Access Policy

Before You Begin

Before configuring an HTTP remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create http	(Optional) If scoping into a domain group previously, creates the HTTP policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope http	(Optional) If scoping into the domain group root previously, scopes the default HTTP policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/http # enable \| disable {http \| http-redirect}	Specifies whether the HTTP remote access policy is enabled or disabled in HTTP or HTTP-Redirect mode.
Step 6	UCSC(policy-mgr) /domain-group/http* # set http port port-number	Specifies the HTTP service port number from the port range 1-65535.
Step 7	UCSC(policy-mgr) /domain-group/http* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), enable the HTTP remote access policy to HTTP redirect mode, set the HTTP service port to 1111, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope http
UCSC(policy-mgr) /domain-group/http # enable http-redirect
UCSC(policy-mgr) /domain-group/http* # set port 1111
UCSC(policy-mgr) /domain-group/http* # commit-buffer
UCSC(policy-mgr) /domain-group/http #

The following example shows how to scope into the domain group domaingroup01, create the HTTP remote access policy and enable it to HTTP mode, set the HTTP service port to 222, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # create http
UCSC(policy-mgr) /domain-group/http* # enable http
UCSC(policy-mgr) /domain-group/http* # set port 222
UCSC(policy-mgr) /domain-group/http* # commit-buffer
UCSC(policy-mgr) /domain-group/http #

The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), disable the HTTP remote access policy for HTTP redirect mode, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope http
UCSC(policy-mgr) /domain-group/http # disable http-redirect
UCSC(policy-mgr) /domain-group/http* # commit-buffer
UCSC(policy-mgr) /domain-group/http #

The following example shows how to scope into the domain group domaingroup01, disable the HTTP remote access policy for HTTP mode, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group/http # disable http
UCSC(policy-mgr) /domain-group/http* # commit-buffer
UCSC(policy-mgr) /domain-group/http #

What to Do Next

Optionally, configure the following remote access policies:

Telnet
Web Session Limits
CIM XML
Interfaces Monitoring Policy
SSH Configuration

Deleting an HTTP Remote Access Policy

An HTTP remote access policy is deleted from a domain group under the domain group root. HTTP remote access policies under the domain groups root cannot be deleted.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default HTTP policies cannot be deleted under the domain group root.

Step 3

UCSC(policy-mgr) /domain-group # delete http

Deletes the HTTP policy for that domain group.

Step 4

UCSC(policy-mgr) /domain-group/http* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete the HTTP policy for that domain group, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group/domain-group # delete http
UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer
UCSC(policy-mgr) /domain-group/domain-group #

Configuring Telnet

Configuring a Telnet Remote Access Policy

Before You Begin

Before configuring a Telnet remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create telnetd	(Optional) If scoping into a domain group previously, creates the Telnet policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope telnetd	(Optional) If scoping into the domain group root previously, scopes the default Telnet policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/telnetd* # enable \| disable telnet-server	Enables or disables Telnet server services.
Step 6	UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), enable Telnet server services, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope telnetd
UCSC(policy-mgr) /domain-group/telnetd # enable telnet-server
UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
UCSC(policy-mgr) /domain-group/telnetd #

The following example shows how to scope into the domain group domaingroup01, create a Telnet policy, enable Telnet server services, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # create telnetd
UCSC(policy-mgr) /domain-group/telnetd* # enable telnet-server
UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
UCSC(policy-mgr) /domain-group/telnetd #

The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), disable Telnet server services, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope telnetd
UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server
UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
UCSC(policy-mgr) /domain-group/telnetd #

The following example shows how to scope into the domain group domaingroup01, disable Telnet server services, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server
UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer
UCSC(policy-mgr) /domain-group/telnetd #

What to Do Next

Optionally, configure the following remote access policies:

HTTP
Web Session Limits
CIM XML
Interfaces Monitoring Policy
SSH Configuration

Deleting a Telnet Remote Access Policy

A Telnet remote access policy is deleted from a domain group under the domain group root. Telnet remote access policies under the domain groups root cannot be deleted.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default Telnet policies cannot be deleted under the domain group root.

Step 3

UCSC(policy-mgr) /domain-group # delete telnetd

Deletes the Telnet policy for that domain group.

Step 4

UCSC(policy-mgr) /domain-group/http* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete the Telnet policy for that domain group, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group/domain-group # delete telnetd
UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer
UCSC(policy-mgr) /domain-group/domain-group #

Configuring Web Session Limits

Configuring a Web Session Limits Remote Access Policy

Before You Begin

Before configuring a web session limits remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create web-session-limits	(Optional) If scoping into a domain group previously, creates the web session limits policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope web-session-limits	(Optional) If scoping into the domain group root previously, scopes the default web session limits policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser sessions-per-user	Sets the sessions per user limit (1-256).
Step 6	UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions total-sessions	Sets the total sessions limit (1-256).
Step 7	UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the domain group root (which has an existing web sessions limit policy by default), set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope web-session-limits
UCSC(policy-mgr) /domain-group/web-session-limits # set sessionsperuser 12
UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144
UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
UCSC(policy-mgr) /domain-group/web-session-limits #

The following example shows how to scope into the domain group domaingroup01, create a web sessions limit policy, set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # create web-session-limits
UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser 12
UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144
UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
UCSC(policy-mgr) /domain-group/web-session-limits #

What to Do Next

Optionally, configure the following remote access policies:

HTTP
Telnet
CIM XML
Interfaces Monitoring Policy

Deleting a Web Session Limits Remote Access Policy

A web session limits remote access policy is deleted from a domain group under the domain group root. Web session limits remote access policies under the domain groups root cannot be deleted.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC# connect policy-mgr

Enters policy manager mode.

Step 3

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default web session limits policies cannot be deleted under the domain group root.

Step 4

UCSC(policy-mgr) /domain-group # delete web-session-limits

Deletes the web session limits policy for that domain group.

Step 5

UCSC(policy-mgr) /domain-group/http* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete a web sessions limit policy, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # delete web-session-limits
UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer
UCSC(policy-mgr) /domain-group/web-session-limits #

Configuring CIM XML

Configuring a CIM XML Remote Access Policy

Before You Begin

Before configuring a CIM XML remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create cimxml	(Optional) If scoping into a domain group previously, creates the CIM XML policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope cimxml	(Optional) If scoping into the domain group root previously, scopes the default CIM XML's policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/cimxml # enable cimxml	Enables CIM XML mode.
Step 6	UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the domain group root (which has an existing CIM XML policy by default), enable CIM XML mode, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope cimxml
UCSC(policy-mgr) /domain-group/cimxml # enable cimxml
UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer
UCSC(policy-mgr) /domain-group/cimxml #

The following example shows how to scope into the domain group domaingroup01, create a CIM XML policy, enable CIM XML mode, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # create cimxml
UCSC(policy-mgr) /domain-group/cimxml* # enable cimxml
UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer
UCSC(policy-mgr) /domain-group/cimxml #

What to Do Next

Optionally, configure the following remote access policies:

HTTP
Telnet
Web Session Limits
Interfaces Monitoring Policy

Deleting a CIM XML Remote Access Policy

A CIM XML remote access policy is deleted from a domain group under the domain group root. CIM XML remote access policies under the domain groups root cannot be deleted.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default CIM XML policies cannot be deleted under the domain group root.

Step 3

UCSC(policy-mgr) /domain-group # delete cimxml

Deletes the CIM XML policy for that domain group.

Step 4

UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete the CIM XML policy, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # delete cimxml
UCSC(policy-mgr) /domain-group* # commit-buffer
UCSC(policy-mgr) /domain-group #

Configuring Interfaces Monitoring

Configuring an Interfaces Monitoring Remote Access Policy

Before You Begin

Before configuring an interfaces monitoring remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy	(Optional) If scoping into a domain group previously, creates the management interface monitor policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy	(Optional) If scoping into the domain group root previously, scopes the default management interface monitors policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/cimxml # set admin-state enabled \| disabled	Enables or disabled the administrator status mode.
Step 6	UCSC(policy-mgr) /domain-group/cimxml # set arp-deadline arp-response-deadline	Enter the deadline time in minutes to wait for ARP responses (5-15).
Step 7	UCSC(policy-mgr) /domain-group/cimxml # set arp-requests arp-requests	Enter the number of ARP requests (1-5).
Step 8	UCSC(policy-mgr) /domain-group/cimxml # set arp-target1 arp-ip-target-1	Enter the ARP IP Target1 (in format 0.0.0.0) to remove.
Step 9	UCSC(policy-mgr) /domain-group/cimxml # set arp-target2 arp-ip-target-1	Enter the ARP IP Target2 (in format 0.0.0.0) to remove.
Step 10	UCSC(policy-mgr) /domain-group/cimxml # set arp-target3 arp-ip-target-1	Enter the ARP IP Target3 (in format 0.0.0.0) to remove.
Step 11	UCSC(policy-mgr) /domain-group/cimxml # set max-fail-reports arp-ip-target-1	Enter the number of failure reports at which the interface is to be marked as down (2-5).
Step 12	UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-count mii-retry-count	Enter the maximum number of retries when using the Media Independent Interface (MII) status to perform monitoring (1-3).
Step 13	UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-interval mii-retry-interval	Enter the interval between MII status monitoring retries (3-10).
Step 14	UCSC(policy-mgr) /domain-group/cimxml # set monitor-mechanism mii-status \| ping-arp-targets \| ping-getaway	Enter the MII monitoring mechanism of MII Status (mii-status), Ping ARP Targets (ping-arp-targets), or Ping Getaway (ping-getaway).
Step 15	UCSC(policy-mgr) /domain-group/cimxml # set ping-deadline ping-deadline	Enter the deadline time to wait for ping responses (5-15).
Step 16	UCSC(policy-mgr) /domain-group/cimxml # set ping-requests ping-requests	Enter the number of ping requests (1-5).
Step 17	UCSC(policy-mgr) /domain-group/cimxml # set poll-interval poll-interval	Enter the polling interval in seconds (90-300).
Step 18	UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the domain group root (which has an existing Management Interfaces Monitoring policy by default), enable Management Interfaces Monitoring mode, enter the status settings, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy # set admin-state enabled
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 5
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 1
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 2
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 1
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 3
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 5
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 1
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 90
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy #

The following example shows how to scope into the domain group domaingroup01, create the Management Interfaces Monitoring policy, enter the status settings, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set admin-state enabled
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 15
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 5
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 5
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 3
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 10
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 15
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 5
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 300
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer
UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy #

What to Do Next

Optionally, configure the following remote access policies:

HTTP
Telnet
Web Session Limits
CIM XML

Deleting an Interfaces Monitoring Remote Access Policy

An interfaces monitoring remote access policy is deleted from a domain group under the domain group root. Interfaces monitoring remote access policies under the domain groups root cannot be deleted.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default Management Interfaces Monitoring policies cannot be deleted under the domain group root.

Step 3

UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy

Deletes the Management Interfaces Monitoring policy for that domain group.

Step 4

UCSC(policy-mgr) /domain-group* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete the Management Interfaces Monitoring policy, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy
UCSC(policy-mgr) /domain-group* # commit-buffer
UCSC(policy-mgr) /domain-group #

SNMP Policies

Cisco UCS Central supports global SNMP policies enabling or disabling, defining SNMP traps and SNMP users (with regular and privacy passwords, authentication types of md5 or sha, and option for AES-128). Registered Cisco UCS domains choosing to define SNMP policies globally within that client's policy resolution control will defer all SNMP policies to its registration with Cisco UCS Central.

Configuring an SNMP Policy
Deleting an SNMP Policy
Configuring an SNMP Trap
Deleting an SNMP Trap
Configuring an SNMP User
Deleting an SNMP User

Configuring an SNMP Policy

Before You Begin

Before configuring a SNMP policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # create snmp	(Optional) If scoping into a domain group previously, creates the SNMP policy for that domain group.
Step 4	UCSC(policy-mgr) /domain-group # scope snmp	(Optional) If scoping into the domain group root previously, scopes the default SNMP policy's configuration mode from the Domain Group root.
Step 5	UCSC(policy-mgr) /domain-group/snmp* # enable \| disable snmp	Enable or disable SNMP services for this policy.
Step 6	UCSC(policy-mgr) /domain-group/snmp* # set community snmp-community-name-text	Enter a name for the SNMP community.
Step 7	UCSC(policy-mgr) /domain-group/snmp* # set syscontact syscontact-name-text	Enter a name for the SNMP system contact.
Step 8	UCSC(policy-mgr) /domain-group/snmp* # set syslocation syslocation-name-text	Enter a name for the SNMP system location.
Step 9	UCSC(policy-mgr) /domain-group/snmp* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the Domain Group root, scope the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # enable snmp
UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01
UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01
UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp #

The following example shows how to scope into the Domain Group domaingroup01, create the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # create snmp
UCSC(policy-mgr) /domain-group/snmp* # enable snmp
UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01
UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01
UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp #

The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, disable SNMP services, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # disable snmp
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp #

Deleting an SNMP Policy

A SNMP policy is deleted from a domain group under the domain group root. SNMP policies under the domain groups root cannot be deleted.

Deleting an SNMP policy will remove all SNMP trap and SNMP User settings within that policy.

Procedure

Command or Action

Purpose

Step 1

UCSC# connect policy-mgr

Enters policy manager mode.

Step 2

UCSC(policy-mgr)# scope domain-group domain-group

Enters a domain group under the domain group root.

Note

Do not enter the domain group root itself. System default Management Interfaces Monitoring policies cannot be deleted under the domain group root.

Step 3

UCSC(policy-mgr) /domain-group # delete snmp

Deletes the SNMP policy for that domain group.

Step 4

UCSC(policy-mgr) /domain-group* # commit-buffer

Commits the transaction to the system configuration.

The following example shows how to scope into the domain group domaingroup01, delete the SNMP policy, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # delete snmp
UCSC(policy-mgr) /domain-group* # commit-buffer
UCSC(policy-mgr) /domain-group #

Configuring an SNMP Trap

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # scope snmp	Scopes the default SNMP policy's configuration mode.
Step 4	UCSC(policy-mgr) /domain-group/snmp # create snmp-trap snmp-trap-ip	(Optional) If scoping into a domain group previously, creates the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode.
Step 5	UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap snmp-trap-ip	(Optional) If scoping into the domain group root previously, scopes the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode.
Step 6	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable \| disable snmp-trap	Enable or disable the SNMP trap for this policy.
Step 7	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmp-trap-community-host-config-string	Enter the SNMP trap community string to configure the SNMP trap host.
Step 8	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs \| traps	Enter a notification type for the SNMP trap notifications of SNMP Information Notification (informs) or SNMP Trap Notifications (traps).
Step 9	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port port-number	Enter the SNMP trap port number (1-65535).
Step 10	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth \| noauth \| priv	Enter a V3 Privilege security level for the SNMP trap of authNoPriv Security Level (auth), noAuthNoPriv Security Level (noauth), or authPriv Security Level (priv).
Step 11	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1 \| v2c \| v3	Enter a version for the SNMP trap of SNMP v1, v2c, or v3.
Step 12	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the Domain Group root, scope the SNMP policy, create the SNMP trap with IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap01, set the SNMP notification type to informs, set the SNMP port to 1, set the v3privilege to priv, set the version to v1, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # create snmp-trap 0.0.0.0
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap01
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 1
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege priv
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp/snmp-trap #

The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, scope the SNMP trap IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap02, set the SNMP notification type to informs, set the SNMP port to 65535, set the v3privilege to auth, set the version to v2c, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap 0.0.0.0
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap02
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 65535
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v2c
UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp/snmp-trap #

Deleting an SNMP Trap

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # scope snmp	Scopes the default SNMP policy's configuration mode.
Step 4	UCSC(policy-mgr) /domain-group/snmp/snmp-trap # delete snmp-trap snmp-trap-ip	Deletes the snmp-trap IP address for that domain group.
Step 5	UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group #

The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group #

Configuring an SNMP User

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # scope snmp	Scopes the SNMP policy's configuration mode.
Step 4	UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmp-user	Enter a name for the SNMP user.
Step 5	UCSC(policy-mgr) /domain-group/snmp* # set aes-128 yes \| no	Use AES-128 for the SNMP user (yes or no).
Step 6	UCSC(policy-mgr) /domain-group/snmp* # set auth md5 \| sha	Use MD5 or Sha authorization mode for the SNMP user.
Step 7	UCSC(policy-mgr) /domain-group/snmp* # set password password	Enter and confirm a password for the SNMP user.
Step 8	UCSC(policy-mgr) /domain-group/snmp* # set priv-password private-password	Enter and confirm a private password for the SNMP user.
Step 9	UCSC(policy-mgr) /domain-group/snmp/snmpuser* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to Sha mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01
UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 yes
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth sha
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01
Enter a password: userpassword01
Confirm the password: userpassword01
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02
Enter a password: userpassword02
Confirm the password: userpassword02
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp/snmp-user #

The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, create the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to md5 mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmpuser01
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set aes-128 yes
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01
Enter a password: userpassword01
Confirm the password: userpassword01
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02
Enter a password: userpassword02
Confirm the password: userpassword02
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp/snmp-user #

The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to disabled, set authorization to md5 mode, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01
UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 no
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5
UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp/snmp-user #

Deleting an SNMP User

Procedure

	Command or Action	Purpose
Step 1	UCSC# connect policy-mgr	Enters policy manager mode.
Step 2	UCSC(policy-mgr)# scope domain-group domain-group	Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group.
Step 3	UCSC(policy-mgr) /domain-group # scope snmp	Scopes the SNMP policy's configuration mode.
Step 4	UCSC(policy-mgr) /domain-group/snmp # delete snmp-user snmp-user	Delete the SNMP user.
Step 5	UCSC(policy-mgr) /domain-group/snmp* # commit-buffer	Commits the transaction to the system configuration.

The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP user named snmpuser01, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group /
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser01
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp #

The following example shows how to scope into the Domain Group domaingroup01, scope the SNMP policy, delete the SNMP user named snmpuser02, and commit the transaction:

UCSC # connect policy-mgr
UCSC(policy-mgr)# scope domain-group domaingroup01
UCSC(policy-mgr) /domain-group # scope snmp
UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser02
UCSC(policy-mgr) /domain-group/snmp* # commit-buffer
UCSC(policy-mgr) /domain-group/snmp #

Cisco UCS Central CLI Configuration Guide, Release 1.0

Bias-Free Language

Book Title

Cisco UCS Central CLI Configuration Guide, Release 1.0

Chapter Title