snmp-server

Configures Simple Network Management Protocol (SNMP) server settings. Once configured and applied on a EX3500 switch, the management policy controls access to the switch from management stations using SNMP.

SNMP is an application layer protocol that facilitates the exchange of management information between the management stations and a managed EX3500 switch. SNMP-enabled devices listen on port 162 (by default) for SNMP packets from the management server. SNMP uses read-only and read-write community strings as an authentication mechanism to monitor and configure supported devices. The read-only community string is used to gather statistics and configuration parameters from a supported wireless device. The read-write community string is used by a management server to set device parameters. SNMP is generally used to monitor a system's performance and other parameters.

Supported in the following platforms:

Service Platforms — NX 95XX, NX 96XX, NX 7510

Syntax

snmp-server {community|contact|enable|engine-id|group|host|location|notify-filter|
user|view}

snmp-server {community <STRING> {ro|rw}}

snmp-server {contact <NAME>}

snmp-server {enable traps {authentication|link-up-down}}

snmp-server {engine-id [local <WORD>|remote <IP> <WORD>]}

snmp-server {group <GROUP-NAME> [v1|v2c|v3 [auth|noauth|priv]] {notify <WORD>|read <WORD>|
write <WORD>}}

snmp-server {host <IP> [<STRING>|inform]}

snmp-server {host <IP> <STRING> version [v1|v2c|v3 [auth|noauth|priv]] 
{udp-port <1-65535>}}

snmp-server {host <IP> inform [retry <0-255>|timeout <0-2147483647>] 
<STRING> version [v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}

snmp-server {location <WORD>}

snmp-server {notify-filter <WORD> remote <IP>}

snmp-server {user <USER-NAME> <GROUP-NAME> [remote-host|v1|v2c|v3]}

snmp-server {user <USER-NAME> <GROUP-NAME> remote-host <IP> v3 [auth|encrypted auth] 
[md5|sha] <WORD> {priv [3des|aes128|aes192|aes256|des56] <WORD>}}

snmp-server {user <USER-NAME> <GROUP-NAME> [v1|v2c|v3]}

snmp-server {view <VIEW-NAME> <OID-TREE-STRING> [excluded|included]}

Parameters

snmp-server {community <STRING> {ro|rw}}


snmp-server {community <STRING> {ro\|rw}}	Configures SNMP-server related settings community – Optional. Configures an SNMP community access string used to authorize management access by clients using SNMP v1, v2c, or v3 <STRING> – Specify the SNMP community access string (should not exceed 32 characters). After specifying the string, optionally specify the access type associated with it. ro – Optional. Provides read-only access with this SNMP community string. Allows authorized clients to only retrieve MIB (Management Information Base) objects. This is the default setting. rw – Optional. Provides read-write access with this SNMP community string. Allows authorized clients to retrieve as well as modify MIB objects. You can configure a maximum of five (5) community strings per vEX3500 management policy.

snmp-server {contact <NAME>}


snmp-server {contact <NAME>}	Configures SNMP-server related settings contact – Optional. Configures the system‘s contact information <NAME> – Specify the contact person‘s name (should not exceed 255 characters).

snmp-server {enable traps {authentication|link-up-down}}


snmp-server {enable traps {authentication\|link-up-down}}	Configures SNMP-server related settings enable traps – Optional. Enables the EX3500 switch to send following SNMP traps or notifications: authentication – Optional. Enables SNMP authentication trap. This option is disabled by default. link-up-down – Optional. Enables SNMP link up and link down traps. This option is disabled by default. If the command is executed without either of the above mentioned trap options, the system enables both authentication and link-up-down traps. If enabling SNMP traps, use the snmp-server > host command to specify the host(s) receiving the SNMP notifications.

snmp-server {engine-id [local <WORD>|remote <IP> <WORD>]}


snmp-server {engine-id [local <WORD>\|remote <IP> <WORD>]}	Configures SNMP-server related settings engine-id – Optional. Configures an identification string for the SNMPv3 engine. The SNMP engine is an independent SNMP agent residing either on the logged switch or on a remote device. It prevents message replay, delay, and redirection. In SNMPv3, the engine ID in combination with user passwords generates the security keys that is used for SNMPv3 packet authentication and encryption. local – Configures the SNMP engine on the logged switch <WORD> – Specify the hexadecimal engine ID string identifying the SNMP engine (should be 9 - 64 characters in length). remote <IP> <WORD> – Configures a remote device as the SNMP engine <IP> – Specify the remote device‘s IP address. <WORD> – Specify the hexadecimal engine ID string identifying the SNMP engine (should be 9 - 64 characters in length). Configure the remote engine ID when using SNMPv3 informs. The remote ID configured here is used to generate the security digest for authentication and encryption of packets exchanged between the switch and the and the remote host user. SNMP passwords are localized using the engine ID of the authoritative agent. For informs, the authoritative SNMP agent is the remote agent. You therefore need to configure the remote agent‘s SNMP engine ID before you can send proxy requests or informs to it.

snmp-server {group <GROUP-NAME> [v1|v2c|v3 [auth|noauth|priv]] {notify <WORD>|
read <WORD>|write <WORD>}}


snmp-server group <GROUP-NAME>	Configures SNMP-server related settings group – Optional. Configures an SNMP user group, mapping SNMP users to SNMP views <GROUP-NAME> – Specify the SNMP group name (should not exceed 32 characters).
[v1\|v2c\|v3 [auth\|noauth\|priv]]	Configures the SNMP version used for authentication by this user group v1 – Configures the SNMP version as v1. v2c – Configures SNMP version as v2c v3 – Configures the SNMP version as v3. If using SNMP v3, specify the authentication and encryption levels. auth – Uses SNMP v3 with authentication and no privacy noauth – Uses SNMP v3 with no authentication and no privacy priv – Uses SNMP v3 with authentication and privacy
notify <WORD>	Optional. Configures the notification view string <WORD> – Specify the string (should not exceed 32 characters).
read <WORD>	Optional. Configures the read view string <WORD> – Specify the string (should not exceed 32 characters).
write <WORD>	Optional. Configures the write view string <WORD> – Specify the string (should not exceed 32 characters).

snmp-server {host <IP> <STRING> version [v1|v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}


snmp-server host <IP>	Configures SNMP-server related settings host – Optional. Configures the host(s) receiving the SNMP notifications. At least one SNMP server host should be configured in order to configure the switch to send notifications <IP> – Specify the SNMP host‘s IP address. You can configure a maximum of five (5) SNMP trap recipients per EX3500 management policy. Ensure that SNMP trap notification is enabled.
<STRING>	Configures the SNMP community string. You can configure the SNMP community string here, or else use the string configured using the snmp-server > community <STRING> > {ro\|rw} command. It is recommended that you configure the SNMP community string prior to configuring the SNMP host. <STRING> – Specify the community string. The string configured here is sent in the SNMP traps to the SNMPv1 or SNMPv2c hosts.
version [v1\|v2c\| v3 [auth\|noauth\| priv]]	Configures the SNMP version used v1 – Configures the SNMP version as 1. This is the default setting. v2c – Configures SNMP version as 2c v3 – Configures the SNMP version as 3. If using SNMPv3, specify the authentication and encryption levels. auth – Uses SNMP v3 with authentication and no privacy noauth – Uses SNMP v3 with no authentication and no privacy priv – Uses SNMP v3 with authentication and privacy
udp-port <1-65535>	Optional. After specifying the SNMP version, optionally specify the host UDP port <1-65535> – Specify the UDP port. The default is 162.

snmp-server {host <IP> inform [retry <0-255>|timeout <0-2147483647>] <STRING> 
version [v2c|v3 [auth|noauth|priv]] {udp-port <1-65535>}}


snmp-server host <IP>	Configures SNMP-server related settings host – Optional. Configures the host(s) receiving the SNMP notifications <IP> – Specify the SNMP host‘s IP address. You can configure a maximum of five (5) SNMP trap recipients per EX3500 management policy. Ensure that SNMP trap notification is enabled.
inform [retry <0-255>\| timeout <0-2147483647>]	Enables sending of SNMP notifications as inform messages, and configures inform message settings. retry <0-255> – Configures the maximum number attempts made to re-send an inform message in case the specified SNMP host does not acknowledge receipt. <0-255> – Specify a value from 0 - 255. The default is 3. timeout <0-2147483647> – Configures the interval, in seconds, to wait for an acknowledgment from the SNMP host before re-sending an inform message <0-2147483647> – Specify a value from 0 - 2147483647 seconds. The default is 1500 seconds. Inform messages are more reliable than trap messages since they include a request for acknowledgement of receipt. Using inform messages to communicate critical information would be good practice. However, since inform messages are retained in the memory until a response is received, they consume more memory and may also result in traffic congestion. Take into considerations these facts when configuring the notification format.
<STRING>	Configures the SNMP community string. You can configure the SNMP community string here, or else use the string configured using the snmp-server > community <STRING> > {ro\|rw} command. It is recommended that you configure the SNMP community string prior to configuring the SNMP host. <STRING> – Specify the community string. The string configured here is sent in the SNMP inform messages to the SNMPv2c or SNMPv3 hosts.
version [v2c\| v3 [auth\|noauth\| priv]]	Configures the SNMP version used v2c – Configures the SNMP version as v2c v3 – Configures the SNMP version as v3. If using SNMP v3, specify the authentication and encryption levels. auth – Uses SNMP v3 with authentication and no privacy noauth – Uses SNMP v3 with no authentication and no privacy priv – Uses SNMP v3 with authentication and privacy SNMP inform messages are not supported on SNMP v1.
udp-port <1-65535>	Optional. After specifying the SNMP version, optionally specify the host UDP port <1-65535> – Specify the UDP port. The default is 162.

snmp-server {location <WORD>}


snmp-server {location <WORD>}	Configures SNMP-server related settings location – Optional. Configures the EX3500‘s location string <WORD> – Specify the location (should not exceed 255 characters).

snmp-server {notify-filter <WORD> remote <IP>}


snmp-server notify-filter <WORD>	Configures SNMP-server related settings notify-filter – Optional. Modifies the SNMP server‘s notify filter <WORD> – Specify the SNMP notify-filter name.
remote <IP>	Optional. Configures the remote host‘s IP address <IP> – Specify the IP address in the A.B.C.D format.

snmp-server {user <USER-NAME> <GROUP-NAME> remote <IP> v3 {auth|encrypted auth} 
[md5|sha] <WORD> {priv [3des|aes128|aes192|aes256|des56] <WORD>}}


snmp-server user <USER-NAME> <GROUP-NAME>	Configures SNMP-server related settings user – Optional. Configures the name of the SNMP user (connecting to the SNMP agent) and adds the user to an existing SNMP group. It also specifies the SNMP version type used. In case of SNMP version 3, this command also configures the remote host‘s IP address and the authentication type used. <USER-NAME> – Specify the user‘s name (should not exceed 32 characters). <GROUP-NAME> – Specify the SNMP group name to which this user is assigned.
remote <IP> v3	Configures the remote host on which the SNMPv3 engine is running <IP> – Specify the remote host‘s IP address. This option is available only for SNMPv3 engine. After configuring the remote host, optionally configure the authentication type and the corresponding authentication password used.
{auth\|encrypted auth} [md5\|sha] <WORD> {priv [3des\|aes128\| aes192\|aes256\| des56] <WORD>}	Optional. Configures authentication and encryption settings auth – Specifies the authentication type used and configures the authentication password encrypted – Enables encryption. When enabled all communications between the user and the SNMP engine are encrypted. After enabling encryption, specify the authentication type and configure the authentication password. The following parameters are common to the ‘auth‘ and ‘encrypted‘ keywords: md5 – Uses MD5 to authenticate the user sha – Uses SHA to authenticate the user The following parameter is common to the ‘md5‘ and ‘sha‘ keywords: <WORD> – Specify the authentication password. If the ‘encrypted‘ option is not being used, enter an 8 - 40 characters ASCII password. Whereas, in case of an encrypted password enter a HEX characters password of 32 characters. priv – Optional. Uses SNMPv3 with privacy. Select one of the privacy options: des, aes128, aes192, aes256, des56. <WORD> – Configures the privacy password. If the ‘encrypted‘ option is not being used, enter an 8 - 40 characters long ASCII password. Whereas, the encrypted password should be 32 HEX characters.

snmp-server {user <USER-NAME> <GROUP-NAME> [v1|v2c|v3]}


snmp-server {user <USER-NAME> <GROUP-NAME> [v1\|v2c\|v3]}	Configures SNMP-server related settings user – Optional. Configures the name of the SNMP user (connecting to the SNMP agent) and adds the user to an existing SNMP group. It also specifies the SNMP version type used. In case of SNMPv3, this command also configures the authentication type used and the enables encryption. <USER-NAME> – Specify the user‘s name (should not exceed 32 characters). <GROUP-NAME> – Specify the SNMP group name to which this user is assigned. [v1\|v2c\|v3] – After specifying the group name, specify the SNMP version used. The options are SNMP version v1, SNMP version 2c, and SNMP version 3. If using SNMP version 3, optionally specify the authentication type and the corresponding authentication password used. Please see previous table for SNMPv3 authentication and encryption configuration details.

snmp-server {view <VIEW-NAME> <OID-TREE-STRING> [excluded|included]}


snmp-server view <VIEW-NAME>	Configures SNMP-server related settings view – Optional. Creates an SNMP view. SNMP views are used to control user access to the MIB. <VIEW-NAME> – Provide a name for this SNMP view (should not exceed 32 characters).
<OID-TREE-STRING> [excluded\|included]	Configures the object identifier (OID) of a branch within the MIB tree excluded – Specifies an excluded view included – Specifies an included view

Examples

nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server enable traps

nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server host 192.168.13.10 
snmpteststring version 1 udp-port 170

nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server host 1.2.3.4 inform 
retry 2 test version 3 auth udp-port 180

nx9500-6C8809(config-ex3500-management-policy-test)#snmp-server engine-id local
1234567890

nx9500-6C8809(config-ex3500-management-policy-test)#show context
ex3500-management-policy test
 http secure-server
 enable password level 3 7 12345678901020304050607080929291
 snmp-server enable traps authentication
 snmp-server notify-filter 3 remote 1.2.3.4
 snmp-server notify-filter 1 remote 127.0.0.1
 snmp-server notify-filter 2 remote 192.168.13.10
 snmp-server host 1.2.3.4 inform timeout 1500 retry 2 test version 3 auth udp-port 180
 snmp-server host 192.168.13.10 snmpteststring version 1 udp-port 170
 snmp-server engine-id local 1234567890
 memory falling-threshold 50
 memory rising-threshold 95
 process-cpu falling-threshold 60
 process-cpu rising-threshold 80
nx9500-6C8809(config-ex3500-management-policy-test)#

Related Commands


no (ex3500-management-policy-config-mode)	Removes SNMP server related settings or reverts them to default