Configuring Communication Services
This chapter includes the following sections:
Remote Access Policies
Cisco UCS Central supports global remote access policies defining the interfaces monitoring policy, displaying SSH configuration status, and providing policy settings for HTTP, Telnet, web session limits and CIM XML.
- Configuring HTTP
- Configuring Telnet
- Configuring Web Session Limits
- Configuring CIM XML
- Configuring Interfaces Monitoring
Configuring HTTP
Configuring an HTTP Remote Access Policy
Before configuring an HTTP remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), enable the HTTP remote access policy to HTTP redirect mode, set the HTTP service port to 1111, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope http UCSC(policy-mgr) /domain-group/http # enable http-redirect UCSC(policy-mgr) /domain-group/http* # set port 1111 UCSC(policy-mgr) /domain-group/http* # commit-buffer UCSC(policy-mgr) /domain-group/http #
The following example shows how to scope into the domain group domaingroup01, create the HTTP remote access policy and enable it to HTTP mode, set the HTTP service port to 222, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # create http UCSC(policy-mgr) /domain-group/http* # enable http UCSC(policy-mgr) /domain-group/http* # set port 222 UCSC(policy-mgr) /domain-group/http* # commit-buffer UCSC(policy-mgr) /domain-group/http #
The following example shows how to scope into the domain group root (which has an existing HTTP policy by default), disable the HTTP remote access policy for HTTP redirect mode, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope http UCSC(policy-mgr) /domain-group/http # disable http-redirect UCSC(policy-mgr) /domain-group/http* # commit-buffer UCSC(policy-mgr) /domain-group/http #
The following example shows how to scope into the domain group domaingroup01, disable the HTTP remote access policy for HTTP mode, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group/http # disable http UCSC(policy-mgr) /domain-group/http* # commit-buffer UCSC(policy-mgr) /domain-group/http #
Optionally, configure the following remote access policies:
Deleting an HTTP Remote Access Policy
An HTTP remote access policy is deleted from a domain group under the domain group root. HTTP remote access policies under the domain groups root cannot be deleted.
The following example shows how to scope into the domain group domaingroup01, delete the HTTP policy for that domain group, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group/domain-group # delete http UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer UCSC(policy-mgr) /domain-group/domain-group #
Configuring Telnet
Configuring a Telnet Remote Access Policy
Before configuring a Telnet remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # create telnetd | (Optional) If scoping into a domain group previously, creates the Telnet policy for that domain group. |
Step 4 | UCSC(policy-mgr) /domain-group # scope telnetd | (Optional) If scoping into the domain group root previously, scopes the default Telnet policy's configuration mode from the Domain Group root. |
Step 5 | UCSC(policy-mgr) /domain-group/telnetd* # enable | disable telnet-server | Enables or disables Telnet server services. |
Step 6 | UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), enable Telnet server services, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope telnetd UCSC(policy-mgr) /domain-group/telnetd # enable telnet-server UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer UCSC(policy-mgr) /domain-group/telnetd #
The following example shows how to scope into the domain group domaingroup01, create a Telnet policy, enable Telnet server services, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # create telnetd UCSC(policy-mgr) /domain-group/telnetd* # enable telnet-server UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer UCSC(policy-mgr) /domain-group/telnetd #
The following example shows how to scope into the domain group root (which has an existing Telnet policy by default), disable Telnet server services, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope telnetd UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer UCSC(policy-mgr) /domain-group/telnetd #
The following example shows how to scope into the domain group domaingroup01, disable Telnet server services, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group/telnetd # disable telnet-server UCSC(policy-mgr) /domain-group/telnetd* # commit-buffer UCSC(policy-mgr) /domain-group/telnetd #
Optionally, configure the following remote access policies:
Deleting a Telnet Remote Access Policy
A Telnet remote access policy is deleted from a domain group under the domain group root. Telnet remote access policies under the domain groups root cannot be deleted.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters a domain group under the domain group root.
|
||
Step 3 | UCSC(policy-mgr) /domain-group # delete telnetd | Deletes the Telnet policy for that domain group. |
||
Step 4 | UCSC(policy-mgr) /domain-group/http* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group domaingroup01, delete the Telnet policy for that domain group, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group/domain-group # delete telnetd UCSC(policy-mgr) /domain-group/domain-group* # commit-buffer UCSC(policy-mgr) /domain-group/domain-group #
Configuring Web Session Limits
Configuring a Web Session Limits Remote Access Policy
Before configuring a web session limits remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # create web-session-limits | (Optional) If scoping into a domain group previously, creates the web session limits policy for that domain group. |
Step 4 | UCSC(policy-mgr) /domain-group # scope web-session-limits | (Optional) If scoping into the domain group root previously, scopes the default web session limits policy's configuration mode from the Domain Group root. |
Step 5 | UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser sessions-per-user | Sets the sessions per user limit (1-256). |
Step 6 | UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions total-sessions | Sets the total sessions limit (1-256). |
Step 7 | UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group root (which has an existing web sessions limit policy by default), set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope web-session-limits UCSC(policy-mgr) /domain-group/web-session-limits # set sessionsperuser 12 UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144 UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer UCSC(policy-mgr) /domain-group/web-session-limits #
The following example shows how to scope into the domain group domaingroup01, create a web sessions limit policy, set the sessions per user limit to 12 sessions, set the total sessions limit to 144 sessions, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # create web-session-limits UCSC(policy-mgr) /domain-group/web-session-limits* # set sessionsperuser 12 UCSC(policy-mgr) /domain-group/web-session-limits* # set totalsessions 144 UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer UCSC(policy-mgr) /domain-group/web-session-limits #
Optionally, configure the following remote access policies:
Deleting a Web Session Limits Remote Access Policy
A web session limits remote access policy is deleted from a domain group under the domain group root. Web session limits remote access policies under the domain groups root cannot be deleted.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 2 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 3 | UCSC(policy-mgr)# scope domain-group domain-group | Enters a domain group under the domain group root.
|
||
Step 4 | UCSC(policy-mgr) /domain-group # delete web-session-limits | Deletes the web session limits policy for that domain group. |
||
Step 5 | UCSC(policy-mgr) /domain-group/http* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group domaingroup01, delete a web sessions limit policy, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # delete web-session-limits UCSC(policy-mgr) /domain-group/web-session-limits* # commit-buffer UCSC(policy-mgr) /domain-group/web-session-limits #
Configuring CIM XML
Configuring a CIM XML Remote Access Policy
Before configuring a CIM XML remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # create cimxml | (Optional) If scoping into a domain group previously, creates the CIM XML policy for that domain group. |
Step 4 | UCSC(policy-mgr) /domain-group # scope cimxml | (Optional) If scoping into the domain group root previously, scopes the default CIM XML's policy's configuration mode from the Domain Group root. |
Step 5 | UCSC(policy-mgr) /domain-group/cimxml # enable cimxml | Enables CIM XML mode. |
Step 6 | UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group root (which has an existing CIM XML policy by default), enable CIM XML mode, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope cimxml UCSC(policy-mgr) /domain-group/cimxml # enable cimxml UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer UCSC(policy-mgr) /domain-group/cimxml #
The following example shows how to scope into the domain group domaingroup01, create a CIM XML policy, enable CIM XML mode, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # create cimxml UCSC(policy-mgr) /domain-group/cimxml* # enable cimxml UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer UCSC(policy-mgr) /domain-group/cimxml #
Optionally, configure the following remote access policies:
Deleting a CIM XML Remote Access Policy
A CIM XML remote access policy is deleted from a domain group under the domain group root. CIM XML remote access policies under the domain groups root cannot be deleted.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters a domain group under the domain group root.
|
||
Step 3 | UCSC(policy-mgr) /domain-group # delete cimxml | Deletes the CIM XML policy for that domain group. |
||
Step 4 | UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group domaingroup01, delete the CIM XML policy, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # delete cimxml UCSC(policy-mgr) /domain-group* # commit-buffer UCSC(policy-mgr) /domain-group #
Configuring Interfaces Monitoring
Configuring an Interfaces Monitoring Remote Access Policy
Before configuring an interfaces monitoring remote access policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy | (Optional) If scoping into a domain group previously, creates the management interface monitor policy for that domain group. |
Step 4 | UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy | (Optional) If scoping into the domain group root previously, scopes the default management interface monitors policy's configuration mode from the Domain Group root. |
Step 5 | UCSC(policy-mgr) /domain-group/cimxml # set admin-state enabled | disabled | Enables or disabled the administrator status mode. |
Step 6 | UCSC(policy-mgr) /domain-group/cimxml # set arp-deadline arp-response-deadline | Enter the deadline time in minutes to wait for ARP responses (5-15). |
Step 7 | UCSC(policy-mgr) /domain-group/cimxml # set arp-requests arp-requests | Enter the number of ARP requests (1-5). |
Step 8 | UCSC(policy-mgr) /domain-group/cimxml # set arp-target1 arp-ip-target-1 | Enter the ARP IP Target1 (in format 0.0.0.0) to remove. |
Step 9 | UCSC(policy-mgr) /domain-group/cimxml # set arp-target2 arp-ip-target-1 | Enter the ARP IP Target2 (in format 0.0.0.0) to remove. |
Step 10 | UCSC(policy-mgr) /domain-group/cimxml # set arp-target3 arp-ip-target-1 | Enter the ARP IP Target3 (in format 0.0.0.0) to remove. |
Step 11 | UCSC(policy-mgr) /domain-group/cimxml # set max-fail-reports arp-ip-target-1 | Enter the number of failure reports at which the interface is to be marked as down (2-5). |
Step 12 | UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-count mii-retry-count | Enter the maximum number of retries when using the Media Independent Interface (MII) status to perform monitoring (1-3). |
Step 13 | UCSC(policy-mgr) /domain-group/cimxml # set mii-retry-interval mii-retry-interval | Enter the interval between MII status monitoring retries (3-10). |
Step 14 | UCSC(policy-mgr) /domain-group/cimxml # set monitor-mechanism mii-status | ping-arp-targets | ping-getaway | Enter the MII monitoring mechanism of MII Status (mii-status), Ping ARP Targets (ping-arp-targets), or Ping Getaway (ping-getaway). |
Step 15 | UCSC(policy-mgr) /domain-group/cimxml # set ping-deadline ping-deadline | Enter the deadline time to wait for ping responses (5-15). |
Step 16 | UCSC(policy-mgr) /domain-group/cimxml # set ping-requests ping-requests | Enter the number of ping requests (1-5). |
Step 17 | UCSC(policy-mgr) /domain-group/cimxml # set poll-interval poll-interval | Enter the polling interval in seconds (90-300). |
Step 18 | UCSC(policy-mgr) /domain-group/cimxml* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group root (which has an existing Management Interfaces Monitoring policy by default), enable Management Interfaces Monitoring mode, enter the status settings, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope mgmt-if-mon-policy UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy # set admin-state enabled UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 5 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 1 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 2 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 1 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 3 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 5 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 1 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 90 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy #
The following example shows how to scope into the domain group domaingroup01, create the Management Interfaces Monitoring policy, enter the status settings, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # create mgmt-if-mon-policy UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set admin-state enabled UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-deadline 15 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-requests 5 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target1 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target2 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set arp-target3 0.0.0.0 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set max-fail-reports 5 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-count 3 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set mii-retry-interval 10 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set monitor-mechanism ping-getaway UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-deadline 15 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set ping-requests 5 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # set poll-interval 300 UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy* # commit-buffer UCSC(policy-mgr) /domain-group/mgmt-if-mon-policy #
Optionally, configure the following remote access policies:
Deleting an Interfaces Monitoring Remote Access Policy
An interfaces monitoring remote access policy is deleted from a domain group under the domain group root. Interfaces monitoring remote access policies under the domain groups root cannot be deleted.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters a domain group under the domain group root.
|
||
Step 3 | UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy | Deletes the Management Interfaces Monitoring policy for that domain group. |
||
Step 4 | UCSC(policy-mgr) /domain-group* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group domaingroup01, delete the Management Interfaces Monitoring policy, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # delete mgmt-if-mon-policy UCSC(policy-mgr) /domain-group* # commit-buffer UCSC(policy-mgr) /domain-group #
SNMP Policies
Cisco UCS Central supports global SNMP policies enabling or disabling, defining SNMP traps and SNMP users (with regular and privacy passwords, authentication types of md5 or sha, and option for AES-128). Registered Cisco UCS domains choosing to define SNMP policies globally within that client's policy resolution control will defer all SNMP policies to its registration with Cisco UCS Central.
- Configuring an SNMP Policy
- Deleting an SNMP Policy
- Configuring an SNMP Trap
- Deleting an SNMP Trap
- Configuring an SNMP User
- Deleting an SNMP User
Configuring an SNMP Policy
Before configuring a SNMP policy under a domain group, this policy must first be created. Policies under the Domain Groups root were already created by the system and ready to configure.
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # create snmp | (Optional) If scoping into a domain group previously, creates the SNMP policy for that domain group. |
Step 4 | UCSC(policy-mgr) /domain-group # scope snmp | (Optional) If scoping into the domain group root previously, scopes the default SNMP policy's configuration mode from the Domain Group root. |
Step 5 | UCSC(policy-mgr) /domain-group/snmp* # enable | disable snmp | Enable or disable SNMP services for this policy. |
Step 6 | UCSC(policy-mgr) /domain-group/snmp* # set community snmp-community-name-text | Enter a name for the SNMP community. |
Step 7 | UCSC(policy-mgr) /domain-group/snmp* # set syscontact syscontact-name-text | Enter a name for the SNMP system contact. |
Step 8 | UCSC(policy-mgr) /domain-group/snmp* # set syslocation syslocation-name-text | Enter a name for the SNMP system location. |
Step 9 | UCSC(policy-mgr) /domain-group/snmp* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the Domain Group root, scope the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # enable snmp UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01 UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01 UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group/snmp #
The following example shows how to scope into the Domain Group domaingroup01, create the SNMP policy, enable SNMP services, set the SNMP community name to SNMPCommunity01, set the SNMP system contact name to SNMPSysAdmin01, set the SNMP system location to SNMPWestCoast01, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # create snmp UCSC(policy-mgr) /domain-group/snmp* # enable snmp UCSC(policy-mgr) /domain-group/snmp* # set community SNMPCommunity01 UCSC(policy-mgr) /domain-group/snmp* # set syscontact SNMPSysAdmin01 UCSC(policy-mgr) /domain-group/snmp* # set syslocation SNMPWestCoast01 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group/snmp #
The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, disable SNMP services, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # disable snmp UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group/snmp #
Deleting an SNMP Policy
A SNMP policy is deleted from a domain group under the domain group root. SNMP policies under the domain groups root cannot be deleted.
Deleting an SNMP policy will remove all SNMP trap and SNMP User settings within that policy.
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
||
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters a domain group under the domain group root.
|
||
Step 3 | UCSC(policy-mgr) /domain-group # delete snmp | Deletes the SNMP policy for that domain group. |
||
Step 4 | UCSC(policy-mgr) /domain-group* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the domain group domaingroup01, delete the SNMP policy, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # delete snmp UCSC(policy-mgr) /domain-group* # commit-buffer UCSC(policy-mgr) /domain-group #
Configuring an SNMP Trap
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # scope snmp | Scopes the default SNMP policy's configuration mode. |
Step 4 | UCSC(policy-mgr) /domain-group/snmp # create snmp-trap snmp-trap-ip | (Optional) If scoping into a domain group previously, creates the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode. |
Step 5 | UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap snmp-trap-ip | (Optional) If scoping into the domain group root previously, scopes the snmp-trap IP address for that domain group (in format 0.0.0.0), and enters SNMP trap configuration mode. |
Step 6 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable | disable snmp-trap | Enable or disable the SNMP trap for this policy. |
Step 7 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmp-trap-community-host-config-string | Enter the SNMP trap community string to configure the SNMP trap host. |
Step 8 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs | traps | Enter a notification type for the SNMP trap notifications of SNMP Information Notification (informs) or SNMP Trap Notifications (traps). |
Step 9 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port port-number | Enter the SNMP trap port number (1-65535). |
Step 10 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth | noauth | priv | Enter a V3 Privilege security level for the SNMP trap of authNoPriv Security Level (auth), noAuthNoPriv Security Level (noauth), or authPriv Security Level (priv). |
Step 11 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1 | v2c | v3 | Enter a version for the SNMP trap of SNMP v1, v2c, or v3. |
Step 12 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the Domain Group root, scope the SNMP policy, create the SNMP trap with IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap01, set the SNMP notification type to informs, set the SNMP port to 1, set the v3privilege to priv, set the version to v1, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # create snmp-trap 0.0.0.0 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap01 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 1 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege priv UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v1 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer UCSC(policy-mgr) /domain-group/snmp/snmp-trap #
The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, scope the SNMP trap IP address 0.0.0.0, enable SNMP trap services, set the SNMP community host string to snmptrap02, set the SNMP notification type to informs, set the SNMP port to 65535, set the v3privilege to auth, set the version to v2c, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # scope snmp-trap 0.0.0.0 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # enable snmp-trap UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set community snmptrap02 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set notificationtype informs UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set port 65535 UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set v3privilege auth UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # set version v2c UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer UCSC(policy-mgr) /domain-group/snmp/snmp-trap #
Deleting an SNMP Trap
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # scope snmp | Scopes the default SNMP policy's configuration mode. |
Step 4 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap # delete snmp-trap snmp-trap-ip | Deletes the snmp-trap IP address for that domain group. |
Step 5 | UCSC(policy-mgr) /domain-group/snmp/snmp-trap* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group #
The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, delete the SNMP trap IP address 0.0.0.0, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # delete snmp-trap 0.0.0.0 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group #
Configuring an SNMP User
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # scope snmp | Scopes the SNMP policy's configuration mode. |
Step 4 | UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmp-user | Enter a name for the SNMP user. |
Step 5 | UCSC(policy-mgr) /domain-group/snmp* # set aes-128 yes | no | Use AES-128 for the SNMP user (yes or no). |
Step 6 | UCSC(policy-mgr) /domain-group/snmp* # set auth md5 | sha | Use MD5 or Sha authorization mode for the SNMP user. |
Step 7 | UCSC(policy-mgr) /domain-group/snmp* # set password password | Enter and confirm a password for the SNMP user. |
Step 8 | UCSC(policy-mgr) /domain-group/snmp* # set priv-password private-password | Enter and confirm a private password for the SNMP user. |
Step 9 | UCSC(policy-mgr) /domain-group/snmp/snmpuser* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to Sha mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01 UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 yes UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth sha UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01 Enter a password: userpassword01 Confirm the password: userpassword01 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02 Enter a password: userpassword02 Confirm the password: userpassword02 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer UCSC(policy-mgr) /domain-group/snmp/snmp-user #
The following example shows how to scope into the domain group domaingroup01, scope the SNMP policy, create the SNMP user named snmpuser01, set aes-128 mode to enabled, set authorization to md5 mode, set password to userpassword01, set private password to userpassword02, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # create snmp-user snmpuser01 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set aes-128 yes UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set password userpassword01 Enter a password: userpassword01 Confirm the password: userpassword01 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set priv-password userpassword02 Enter a password: userpassword02 Confirm the password: userpassword02 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer UCSC(policy-mgr) /domain-group/snmp/snmp-user #
The following example shows how to scope into the Domain Group root, scope the SNMP policy, scope into the SNMP user named snmpuser01, set aes-128 mode to disabled, set authorization to md5 mode, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # scope snmp-user snmpuser01 UCSC(policy-mgr) /domain-group/snmp/snmp-user # set aes-128 no UCSC(policy-mgr) /domain-group/snmp/snmp-user* # set auth md5 UCSC(policy-mgr) /domain-group/snmp/snmp-user* # commit-buffer UCSC(policy-mgr) /domain-group/snmp/snmp-user #
Deleting an SNMP User
Command or Action | Purpose | |
---|---|---|
Step 1 | UCSC# connect policy-mgr | Enters policy manager mode. |
Step 2 | UCSC(policy-mgr)# scope domain-group domain-group | Enters domain group root mode and (optionally) enters a domain group under the domain group root. To enter the domain group root mode, type / as the domain-group. |
Step 3 | UCSC(policy-mgr) /domain-group # scope snmp | Scopes the SNMP policy's configuration mode. |
Step 4 | UCSC(policy-mgr) /domain-group/snmp # delete snmp-user snmp-user | Delete the SNMP user. |
Step 5 | UCSC(policy-mgr) /domain-group/snmp* # commit-buffer | Commits the transaction to the system configuration. |
The following example shows how to scope into the Domain Group root, scope the SNMP policy, delete the SNMP user named snmpuser01, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group / UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser01 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group/snmp #
The following example shows how to scope into the Domain Group domaingroup01, scope the SNMP policy, delete the SNMP user named snmpuser02, and commit the transaction:
UCSC # connect policy-mgr UCSC(policy-mgr)# scope domain-group domaingroup01 UCSC(policy-mgr) /domain-group # scope snmp UCSC(policy-mgr) /domain-group/snmp # delete snmp snmpuser02 UCSC(policy-mgr) /domain-group/snmp* # commit-buffer UCSC(policy-mgr) /domain-group/snmp #