snmp-server
Configures
Simple Network Management
Protocol (SNMP) server settings. Once configured and applied on a
EX3500 switch, the management policy controls access to the switch from management
stations using SNMP.
SNMP is an application layer protocol that facilitates the exchange of
management information between the management stations and a managed EX3500 switch. SNMP-enabled devices listen on port 162 (by default) for SNMP packets
from the management server. SNMP uses read-only and read-write community strings as an
authentication mechanism to monitor and configure supported devices. The read-only community
string is used to gather statistics and configuration parameters from a supported wireless
device. The read-write community string is used by a management server to set device
parameters. SNMP is generally used to monitor a system's performance and other
parameters.
Supported in the following platforms:
- Service Platforms — NX 95XX, NX 96XX, NX 7510
Syntax
snmp-server {community|contact|enable|engine-id|group|host|location|notify-filter|
user|view}
snmp-server {community <STRING> {ro|rw}}
snmp-server {contact <NAME>}
snmp-server {enable traps {authentication|link-up-down}}
snmp-server {engine-id [local <WORD>|remote <IP> <WORD>]}
snmp-server {group <GROUP-NAME> [v1|v2c|v3 [auth|noauth|priv]] {notify <WORD>|read <WORD>|
write <WORD>}}
snmp-server {host <IP> [<STRING>|inform]}
snmp-server {host <IP> <STRING> version [v1|v2c|v3 [auth|noauth|priv]]
{udp-port <1-65535>}}
snmp-server {host <IP> inform [retry <0-255>|timeout <0-2147483647>]
<STRING> version [v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}
snmp-server {location <WORD>}
snmp-server {notify-filter <WORD> remote <IP>}
snmp-server {user <USER-NAME> <GROUP-NAME> [remote-host|v1|v2c|v3]}
snmp-server {user <USER-NAME> <GROUP-NAME> remote-host <IP> v3 [auth|encrypted auth]
[md5|sha] <WORD> {priv [3des|aes128|aes192|aes256|des56] <WORD>}}
snmp-server {user <USER-NAME> <GROUP-NAME> [v1|v2c|v3]}
snmp-server {view <VIEW-NAME> <OID-TREE-STRING> [excluded|included]}
Parameters
snmp-server {community <STRING> {ro|rw}}
snmp-server {community <STRING> {ro|rw}} |
Configures SNMP-server related settings
- community – Optional.
Configures an SNMP community access string used to authorize management access
by clients using SNMP v1, v2c, or v3
- <STRING> – Specify
the SNMP community access string (should not exceed 32 characters).
After specifying the string, optionally specify the access type associated
with it.
- ro – Optional. Provides
read-only access with this SNMP community string. Allows authorized clients to
only retrieve MIB (Management Information Base) objects. This is
the default setting.
- rw – Optional. Provides
read-write access with this SNMP community string. Allows authorized clients
to retrieve as well as modify MIB objects.
You can configure a maximum of five (5) community strings per vEX3500 management policy.
|
|
snmp-server {contact <NAME>}
snmp-server {contact <NAME>} |
Configures SNMP-server related settings
- contact – Optional. Configures the system‘s contact information
- <NAME> – Specify the contact person‘s name (should not exceed 255
characters).
|
|
snmp-server {enable traps {authentication|link-up-down}}
snmp-server {enable traps
{authentication|link-up-down}} |
Configures SNMP-server related settings
- enable traps – Optional.
Enables the EX3500 switch to send following SNMP traps
or notifications:
- authentication – Optional.
Enables SNMP authentication trap. This option is disabled by default.
- link-up-down – Optional.
Enables SNMP link up and link down traps. This option is disabled by
default.
If the command is executed without either of the above mentioned trap
options, the system enables both authentication and link-up-down traps.
If
enabling SNMP traps, use the snmp-server > host command to
specify the host(s) receiving the SNMP notifications.
|
|
snmp-server {engine-id [local <WORD>|remote <IP> <WORD>]}
snmp-server {engine-id [local <WORD>|remote <IP> <WORD>]} |
Configures SNMP-server related settings
- engine-id – Optional. Configures an identification string for the SNMPv3
engine. The SNMP engine is an independent SNMP agent residing either on the
logged switch or on a remote device. It prevents message replay, delay, and
redirection. In SNMPv3, the engine ID in combination with user passwords
generates the security keys that is used for SNMPv3 packet authentication and
encryption.
- local – Configures the SNMP engine on the logged switch
- <WORD> – Specify the hexadecimal engine ID string identifying the
SNMP engine (should be 9 - 64 characters in length).
- remote <IP> <WORD> – Configures a remote device as the SNMP
engine
- <IP> – Specify the remote device‘s IP address.
- <WORD> – Specify the hexadecimal engine ID string identifying
the SNMP engine (should be 9 - 64 characters in length).
Configure the remote engine ID when using SNMPv3 informs. The remote ID
configured here is used to generate the security digest for authentication and
encryption of packets exchanged between the switch and the and the remote host
user. SNMP passwords are localized using the engine ID of the authoritative agent.
For informs, the authoritative SNMP agent is the remote agent. You therefore need
to configure the remote agent‘s SNMP engine ID before you can send proxy requests
or informs to it.
|
|
snmp-server {group <GROUP-NAME> [v1|v2c|v3 [auth|noauth|priv]] {notify <WORD>|
read <WORD>|write <WORD>}}
snmp-server group <GROUP-NAME> |
Configures SNMP-server related settings
- group – Optional. Configures an SNMP user group, mapping SNMP users to SNMP
views
- <GROUP-NAME> – Specify the SNMP group name (should not exceed 32
characters).
|
[v1|v2c|v3 [auth|noauth|priv]] |
Configures the SNMP version used for authentication by this user group
- v1 – Configures the SNMP version as v1.
- v2c – Configures SNMP version as v2c
- v3 – Configures the SNMP version as v3. If using SNMP v3, specify the
authentication and encryption levels.
- auth – Uses SNMP v3 with authentication and no privacy
- noauth – Uses SNMP v3 with no authentication and no privacy
- priv – Uses SNMP v3 with authentication and privacy
|
notify <WORD> |
Optional. Configures the notification view string
- <WORD> – Specify the string (should not exceed 32 characters).
|
read <WORD> |
Optional. Configures the read view string
- <WORD> – Specify the string (should not exceed 32 characters).
|
write <WORD> |
Optional. Configures the write view string
- <WORD> – Specify the string (should not exceed 32 characters).
|
|
snmp-server {host <IP> <STRING> version [v1|v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}
snmp-server host <IP> |
Configures SNMP-server related settings
- host – Optional. Configures the
host(s) receiving the SNMP notifications. At least one SNMP server host should
be configured in order to configure the switch to send notifications
- <IP> – Specify the
SNMP host‘s IP address.
You can configure a maximum of five (5) SNMP trap recipients per EX3500 management policy.
Ensure that SNMP trap
notification is enabled.
|
<STRING> |
Configures the SNMP community string. You can configure the SNMP community
string here, or else use the string configured using the snmp-server >
community <STRING> > {ro|rw} command. It is recommended that
you configure the SNMP community string prior to configuring the SNMP host.
- <STRING> – Specify the
community string. The string configured here is sent in the SNMP traps to the
SNMPv1 or SNMPv2c hosts.
|
version [v1|v2c| v3 [auth|noauth| priv]] |
Configures the SNMP version used
- v1 – Configures the SNMP version as 1. This is the default setting.
- v2c – Configures SNMP version as 2c
- v3 – Configures the SNMP version as 3. If using SNMPv3, specify the
authentication and encryption levels.
- auth – Uses SNMP v3 with authentication and no privacy
- noauth – Uses SNMP v3 with no authentication and no privacy
- priv – Uses SNMP v3 with authentication and privacy
|
udp-port <1-65535> |
Optional. After specifying the SNMP version, optionally specify the host UDP
port
- <1-65535> – Specify the UDP port. The default is 162.
|
|
snmp-server {host <IP> inform [retry <0-255>|timeout <0-2147483647>] <STRING>
version [v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}
snmp-server host <IP> |
Configures SNMP-server related settings
- host – Optional. Configures the
host(s) receiving the SNMP notifications
- <IP> – Specify the
SNMP host‘s IP address.
You can configure a maximum of five (5) SNMP trap recipients per EX3500 management policy.
Ensure that SNMP trap
notification is enabled.
|
inform [retry <0-255>| timeout <0-2147483647>] |
Enables sending of SNMP notifications as inform messages, and configures inform
message settings.
- retry <0-255> – Configures the maximum number attempts made to re-send an
inform message in case the specified SNMP host does not acknowledge receipt.
<0-255> – Specify a value from 0 - 255. The default is 3.
- timeout <0-2147483647> – Configures the interval, in seconds, to wait for
an acknowledgment from the SNMP host before re-sending an inform message
- <0-2147483647> – Specify a value from 0 - 2147483647 seconds. The
default is 1500 seconds.
Inform messages are more reliable than trap messages since they include a
request for acknowledgement of receipt. Using inform messages to communicate
critical information would be good practice. However, since inform messages are
retained in the memory until a response is received, they consume more memory and
may also result in traffic congestion. Take into considerations these facts when
configuring the notification format.
|
<STRING> |
Configures the SNMP community string. You can configure the SNMP community
string here, or else use the string configured using the snmp-server >
community <STRING> > {ro|rw} command. It is recommended that
you configure the SNMP community string prior to configuring the SNMP host.
- <STRING> – Specify the
community string. The string configured here is sent in the SNMP inform messages
to the SNMPv2c or SNMPv3 hosts.
|
version [v2c| v3 [auth|noauth| priv]] |
Configures the SNMP version used
- v2c – Configures the SNMP version as v2c
- v3 – Configures the SNMP version as v3. If using SNMP v3, specify the
authentication and encryption levels.
- auth – Uses SNMP v3 with authentication and no privacy
- noauth – Uses SNMP v3 with no authentication and no privacy
- priv – Uses SNMP v3 with authentication and privacy
SNMP inform messages are not supported on SNMP v1.
|
udp-port <1-65535> |
Optional. After specifying the SNMP version, optionally specify the host UDP
port
- <1-65535> – Specify the UDP port. The default is 162.
|
|
snmp-server {location <WORD>}
snmp-server {location <WORD>} |
Configures SNMP-server related settings
- location – Optional.
Configures the EX3500‘s location string
- <WORD> – Specify the
location (should not exceed 255 characters).
|
|
snmp-server {notify-filter <WORD> remote <IP>}
snmp-server notify-filter <WORD> |
Configures SNMP-server related settings
- notify-filter – Optional. Modifies the SNMP server‘s notify filter
- <WORD> – Specify the SNMP notify-filter name.
|
remote <IP> |
Optional. Configures the remote host‘s IP address
- <IP> – Specify the IP address in the A.B.C.D format.
|
|
snmp-server {user <USER-NAME> <GROUP-NAME> remote <IP> v3 {auth|encrypted auth}
[md5|sha] <WORD> {priv [3des|aes128|aes192|aes256|des56] <WORD>}}
snmp-server user <USER-NAME> <GROUP-NAME> |
Configures SNMP-server related settings
- user – Optional. Configures the name of the SNMP user (connecting to the SNMP
agent) and adds the user to an existing SNMP group. It also specifies the SNMP
version type used. In case of SNMP version 3, this command also configures the
remote host‘s IP address and the authentication type used.
- <USER-NAME> – Specify the user‘s name (should not exceed 32
characters).
- <GROUP-NAME> – Specify the SNMP group name to which this user is
assigned.
|
remote <IP> v3 |
Configures the remote host on which the SNMPv3 engine is running
- <IP> – Specify the remote host‘s IP address.
This option is available only for SNMPv3 engine.
After configuring the
remote host, optionally configure the authentication type and the corresponding
authentication password used.
|
{auth|encrypted auth} [md5|sha] <WORD> {priv [3des|aes128| aes192|aes256|
des56] <WORD>} |
Optional. Configures authentication and encryption settings
- auth – Specifies the authentication type used and configures the
authentication password
- encrypted – Enables encryption. When enabled all communications between the
user and the SNMP engine are encrypted. After enabling encryption, specify the
authentication type and configure the authentication password.
The following parameters are common to the ‘auth‘ and ‘encrypted‘
keywords:
- md5 – Uses MD5 to authenticate the user
- sha – Uses SHA to authenticate the user
The following parameter is common to the ‘md5‘ and ‘sha‘ keywords:
|
|
snmp-server {user <USER-NAME> <GROUP-NAME> [v1|v2c|v3]}
snmp-server {user <USER-NAME> <GROUP-NAME> [v1|v2c|v3]} |
Configures SNMP-server related settings
- user – Optional. Configures the name of the SNMP user (connecting to the SNMP
agent) and adds the user to an existing SNMP group. It also specifies the SNMP
version type used. In case of SNMPv3, this command also configures the
authentication type used and the enables encryption.
- <USER-NAME> – Specify the user‘s name (should not exceed 32
characters).
- <GROUP-NAME> – Specify the SNMP group name to which this user is
assigned.
- [v1|v2c|v3] – After specifying the group name, specify the SNMP
version used. The options are SNMP version v1, SNMP version 2c, and
SNMP version 3.
If using SNMP version 3, optionally specify the authentication type and the
corresponding authentication password used. Please see previous table for SNMPv3
authentication and encryption configuration details.
|
|
snmp-server {view <VIEW-NAME> <OID-TREE-STRING> [excluded|included]}
snmp-server view <VIEW-NAME> |
Configures SNMP-server related settings
- view – Optional. Creates an SNMP view. SNMP views are used to control user
access to the MIB.
- <VIEW-NAME> – Provide a name for this SNMP view (should not exceed 32
characters).
|
<OID-TREE-STRING> [excluded|included] |
Configures the object identifier (OID) of a branch within the MIB tree
- excluded – Specifies an
excluded view
- included – Specifies an
included view
|
|
Examples
nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server enable traps
nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server host 192.168.13.10
snmpteststring version 1 udp-port 170
nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server host 1.2.3.4 inform
retry 2 test version 3 auth udp-port 180
nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server engine-id local
1234567890
nx9500-6C8809(config-ex3500-management-policy-test)#show context
ex3500-management-policy test
http secure-server
enable password level 3 7 12345678901020304050607080929291
snmp-server enable traps authentication
snmp-server notify-filter 3 remote 1.2.3.4
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server notify-filter 2 remote 192.168.13.10
snmp-server host 1.2.3.4 inform timeout 1500 retry 2 test version 3 auth udp-port 180
snmp-server host 192.168.13.10 snmpteststring version 1 udp-port 170
snmp-server engine-id local 1234567890
memory falling-threshold 50
memory rising-threshold 95
process-cpu falling-threshold 60
process-cpu rising-threshold 80
nx9500-6C8809(config-ex3500-management-policy-test)#