snmp-server

Enables the SNMP (Simple Network Management Protocol) engine settings. SNMP is an application layer protocol that facilitates the exchange of management information between the controller and a managed device. SNMP enabled devices listen on port 162 (by default) for SNMP packets from the controller‘s management server. SNMP uses read-only and read-write community strings as an authentication mechanism to monitor and configure supported devices. The read-only community string gathers statistics and configuration parameters from a supported wireless device. The read-write community string is used by a management server to set device parameters. SNMP is generally used to monitor a system‘s performance and other parameters.

Supported in the following platforms:

Access Points — AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP7632, AP7662, AP8163, AP8432, AP8533
Wireless Controller — RFS4010
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

snmp-server [community|enable|display-vlan-info-per-radio|host|manager|max-pending-requests|
request-timeout|suppress-security-configuration-level|throttle|user]

snmp-server community [0 <WORD>|2 <WORD>|<WORD>] [ro|rw] {ip-snmp-access-list <IP-SNMP-ACL-NAME>}

snmp-server enable traps

snmp-server host <IP> [v1|v2c|v3] {<1-65535>}

snmp-server manager [all|v1|v2|v3]

snmp-server [max-pending-requests {<64-1024>}|request-timeout {<2-720>}]

snmp-server [display-vlan-info-per-radio|throttle <1-100>|suppress-security-configuration-level [0|1]]

snmp-server user [snmpmanager|snmpoperator|snmptrap]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 [auth|encrypted]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5 [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|
<PASSWORD>]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted [auth md5|des auth md5] 
[0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

Parameters

snmp-server community [0 <WORD>|2 <WORD>|<WORD>] [ro|rw] {ip-snmp-access-list 
<IP-SNMP-ACL-NAME>}

community [0 <WORD>\| 2 <WORD>\| <WORD>]	Sets the community string and associated access privileges. Define a public or private community designation. By default, SNMPv2 community strings on most devices are set to public for the read-only community string, and private for the read-write community string. 0 <WORD> – Sets a clear text SNMP community string 2 <WORD> – Sets an encrypted SNMP community string <WORD> – Sets the SNMP community string
[ro\|rw]	After configuring the SNMP community string, set the access permission for each community string used by devices to retrieve or modify information. Available options include ro – Assigns read-only access to the specified SNMP community (allows a remote device to retrieve information) rw – Assigns read and write access to the specified SNMP community (allows a remote device to modify settings)
ip-snmp-access-list <IP-SNMP-ACL-NAME>	Optional. Associates an IP SNMP access list (should be existing and configured). The IP SNMP ACL sets the SNMP management station‘s IP address. SNMP trap information is received at this address.

snmp-server enable traps

enable traps

Enables trap generation (using the trap receiver configuration defined). This feature is disabled by default. Enabling this feature ensures the dispatch of SNMP notifications to all hosts.

In a managed network, the controller uses SNMP trap receivers to notify faults. SNMP traps are unsolicited notifications triggered by thresholds (or actions) on devices and are therefore an important fault management tool.

A SNMP trap receiver is the destination of SNMP messages (external to the controller). A trap is like a Syslog message, just over another protocol (SNMP). A trap is generated when a device consolidates event information and transmits the information to an external repository. The trap contains several standard items, such as the SNMP version, community, etc.

SNMP trap notifications exist for most controller operations, but not all are necessary for day-to-day operation.

snmp-server host <IP> [v1|v2c|v3] {<1-65535>}

host <IP>

Configures a host‘s IP address. This is the external server resource dedicated to receiving SNMP traps on behalf of the controller.

[v2c|v3]

Configures the SNMP version used to send the traps

v1 – Uses SNMP version 1. This option is disabled by default.
v2c – Uses SNMP version 2c. This option is disabled by default.
v3 – Uses SNMP version 3. This option is enabled by default.

<1-65535>

Optional. Configures the virtual port of the server resource dedicated to receiving SNMP traps

<1-65535> – Optional. Specify a value from 1 - 65535. The default port is 162.

snmp-server manager [all|v1|v2|v3]

manager [all|v1|v2|v3]

Enables SNMP manager and specifies the SNMP version

all – Enables SNMP manager version v1, v2 and v3
v1 – Enables SNMP manager version v1 only. SNMPv1 uses a simple password (“community string”). Data is unencrypted (clear text). Consequently it provides limited security, and should be used only inside LANs behind firewalls, not in WANs.
v2 – Enables SNMP manager version v2 only. SNMPv2 provides device management using a hierarchical set of variables. SNMPv2 uses Get, GetNext, and Set operations for data management. SNMPv2 is enabled by default.
v3 – Enables SNMP manager version v3 only. SNMPv3 adds security and remote configuration capabilities to previous versions. The SNMPv3 architecture introduces the USM (User-based Security Model) for message security and the VACM (View-based Access Control Model) for access control. The architecture supports the concurrent use of different security, access control and message processing techniques. SNMPv3 is enabled by default.

snmp-server[max-pending-requests {<64-1024>}|request-timeout {<2-720>}]

max-pending-requests {<64-1024>}

Sets the maximum number of requests that can be pending at any given time

<64-1024> – Optional. Specify a value from 64 - 1024. The default is 128.

request-timeout {<2-720>}

Sets the interval, in seconds, after which an error message is returned for a pending request

<2-720> – Optional. Specify a value from 2 - 720 seconds. The default is 240 seconds.

snmp-server [display-vlan-info-per-radio|throttle <1-100>|suppress-security-configuration-level [0|1]

display-vlan-info-per-radio

Enables the display of the VLAN ID along with the radio interface ID

throttle <1-100>

Sets CPU usage for SNMP activities. Use this command to set the CPU usage from 1 - 100.

suppress-security-configuration-level [0|1]

Sets the level of suppression of SNMP security configuration information

0 – If this option is selected, an empty string is returned for the SNMP request for security configuration information. Security configuration information consists of:
Passwords
Keys
Shared secrets

The default setting is 0.

1 – Suppresses the display of the policy, IP ACL, passwords, keys and shared secrets. If this option is selected, in addition to suppression from ‘Level 0', an empty string is returned for a SNMP request on following items:
Management policies
IP ACL
Tables containing user names and community strings

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5 
[0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

user [snmpmanager| snmpoperator| snmptrap]

Defines user access to the SNMP engine

snmpmanager – Sets user as a SNMP manager
snmpoperator – Sets user as a SNMP operator
snmptrap – Sets user as a SNMP trap user

v3 auth md5

Uses SNMP version 3 as the security model

auth – Uses an authentication protocol
- md5 – Uses HMAC-MD5 algorithm for authentication

[0 <PASSWORD>| 2 <ENCRYPTED- PASSWORD>| <PASSWORD>]

Configures password using one of the following options:

0 <PASSWORD> – Configures clear text password
2 <PASSWORD> – Configures encrypted password
- <PASSWORD> – Specifies a password for authentication and privacy protocols

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted 
[auth md5|des auth md5] [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

user [snmpmanager\| snmpoperator\| snmptrap]	Defines user access to the SNMP engine snmpmanager – Sets user as a SNMP manager snmpoperator – Sets user as a SNMP operator snmptrap – Sets user as a SNMP trap user
v3 encrypted	Uses SNMP version 3 as the security model encrypted – Uses encrypted privacy protocol
auth md5	Uses authentication protocol auth – Sets authentication parameters md5 – Uses HMAC-MD5 algorithm for authentication
des auth md5	Uses privacy protocol for user privacy des – Uses CBC-DES for privacy After specifying the privacy protocol, specify the authentication mode. auth – Sets user authentication parameters md5 – Uses HMAC-MD5 algorithm for authentication
[0 <PASSWORD>\| 2 <ENCRYPTED- PASSWORD>\| <PASSWORD>]	The following are common to both the auth and des parameters: Configures password using one of the following options: 0 <PASSWORD> – Configures a clear text password 2 <PASSWORD> – Configures an encrypted password <PASSWORD> – Specifies a password for authentication and privacy protocols

Examples

rfs4000-6DB5D4(config-management-policy-test)#snmp-server community snmp1 ro

rfs4000-6DB5D4(config-management-policy-test)#snmp-server host 172.16.10.23 v3 162

rfs4000-6DB5D4(config-management-policy-test)#snmp-server user snmpmanager v3 auth md5 test@123

rfs4000-6DB5D4(config-management-policy-test)#show context
management-policy test
 no http server
 https server
 ftp username superuser password 1 f617ca50c59fb47028f96db4baab5f3d8f03c03ab257960b0fd127c69f02cd7e rootdir dir
 no ssh
 snmp-server community snmp1 ro
 snmp-server user snmpmanager v3 encrypted des auth md5 0 test@123
 snmp-server host 172.16.10.23 v3 162
 aaa-login radius external
 aaa-login radius policy test
 idle-session-timeout 0
 restrict-access host 172.16.10.2 log all
rfs4000-6DB5D4(config-management-policy-test)#

Related Commands

no	Disables or resets the SNMP server settings

Published June 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback