snmp-server

Enables the Simple Network Management Protocol (SNMP) engine settings. SNMP is an application layer protocol that facilitates the exchange of management information between the controller and a managed device. SNMP enabled devices listen on port 162 (by default) for SNMP packets from the controller‘s management server. SNMP uses read-only and read-write community strings as an authentication mechanism to monitor and configure supported devices. The read-only community string gathers statistics and configuration parameters from a supported wireless device. The read-write community string is used by a management server to set device parameters. SNMP is generally used to monitor a system‘s performance and other parameters.

Syntax

snmp-server [community|enable|display-vlan-info-per-radio|host|manager|max-pending-requests|
request-timeout|suppress-security-configuration-level|throttle|user]

snmp-server community [0 <WORD>|2 <WORD>|<WORD>] [ro|rw] {ip-snmp-access-list <IP-SNMP-ACL-NAME>}

snmp-server enable traps

snmp-server host <IP> [v1|v2c|v3] {<1-65535>}

snmp-server manager [all|v1|v2|v3]
snmp-server [max-pending-requests {<64-1024>}|request-timeout {<2-720>}]

snmp-server [display-vlan-info-per-radio|throttle <1-100>|suppress-security-configuration-level [0|1]]

snmp-server user [snmpmanager|snmpoperator|snmptrap]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 [auth|encrypted]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5 [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|
<PASSWORD>]

snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted [auth md5|des auth md5] 
[0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]

Parameters

snmp-server community [0 <WORD>|2 <WORD>|<WORD>] [ro|rw] {ip-snmp-access-list 
<IP-SNMP-ACL-NAME>}
community [0 <WORD>| 2 <WORD>| <WORD>] Sets the community string and associated access privileges. Define a public or private community designation. By default, SNMPv2 community strings on most devices are set to public for the read-only community string, and private for the read-write community string.
  • 0 <WORD> – Sets a clear text SNMP community string
  • 2 <WORD> – Sets an encrypted SNMP community string
    • <WORD> – Sets the SNMP community string
[ro|rw] After configuring the SNMP community string, set the access permission for each community string used by devices to retrieve or modify information. Available options include
  • ro – Assigns read-only access to the specified SNMP community (allows a remote device to retrieve information)
  • rw – Assigns read and write access to the specified SNMP community (allows a remote device to modify settings)
ip-snmp-access-list <IP-SNMP-ACL-NAME> Optional. Associates an IP SNMP access list (should be existing and configured). The IP SNMP ACL sets the SNMP management station‘s IP address. SNMP trap information is received at this address. 
snmp-server enable traps
enable traps Enables trap generation (using the trap receiver configuration defined). This feature is disabled by default. Enabling this feature ensures the dispatch of SNMP notifications to all hosts.

In a managed network, the controller uses SNMP trap receivers to notify faults. SNMP traps are unsolicited notifications triggered by thresholds (or actions) on devices and are therefore an important fault management tool.

A SNMP trap receiver is the destination of SNMP messages (external to the controller). A trap is like a Syslog message, just over another protocol (SNMP). A trap is generated when a device consolidates event information and transmits the information to an external repository. The trap contains several standard items, such as the SNMP version, community, etc.

SNMP trap notifications exist for most controller operations, but not all are necessary for day-to-day operation.

 
snmp-server host <IP> [v1|v2c|v3] {<1-65535>}
host <IP> Configures a host‘s IP address. This is the external server resource dedicated to receiving SNMP traps on behalf of the controller.
[v2c|v3] Configures the SNMP version used to send the traps
  • v1 – Uses SNMP version 1. This option is disabled by default.
  • v2c – Uses SNMP version 2c. This option is disabled by default.
  • v3 – Uses SNMP version 3. This option is enabled by default.
<1-65535> Optional. Configures the virtual port of the server resource dedicated to receiving SNMP traps
  • <1-65535> – Optional. Specify a value from 1 - 65535. The default port is 162.
 
snmp-server manager [all|v1|v2|v3]
manager [all|v1|v2|v3] Enables SNMP manager and specifies the SNMP version
  • all – Enables SNMP manager version v1, v2 and v3
  • v1 – Enables SNMP manager version v1 only. SNMPv1 uses a simple password (“community string”). Data is unencrypted (clear text). Consequently it provides limited security, and should be used only inside LANs behind firewalls, not in WANs.
  • v2 – Enables SNMP manager version v2 only. SNMPv2 provides device management using a hierarchical set of variables. SNMPv2 uses Get, GetNext, and Set operations for data management. SNMPv2 is enabled by default.
  • v3 – Enables SNMP manager version v3 only. SNMPv3 adds security and remote configuration capabilities to previous versions. The SNMPv3 architecture introduces the User-based Security Model (USM) for message security and the View-based Access Control Model (VACM) for access control. The architecture supports the concurrent use of different security, access control and message processing techniques. SNMPv3 is enabled by default.
 
snmp-server[max-pending-requests {<64-1024>}|request-timeout {<2-720>}]
max-pending-requests {<64-1024>} Sets the maximum number of requests that can be pending at any given time
  • <64-1024> – Optional. Specify a value from 64 - 1024. The default is 128.
request-timeout {<2-720>} Sets the interval, in seconds, after which an error message is returned for a pending request
  • <2-720> – Optional. Specify a value from 2 - 720 seconds. The default is 240 seconds.
 
snmp-server [display-vlan-info-per-radio|throttle <1-100>|suppress-security-configuration-level [0|1]
display-vlan-info-per-radio Enables the display of the VLAN ID along with the radio interface ID
throttle <1-100> Sets CPU usage for SNMP activities. Use this command to set the CPU usage from 1 - 100.
suppress-security-configuration-level [0|1] Sets the level of suppression of SNMP security configuration information
  • 0 – If this option is selected, an empty string is returned for the SNMP request for security configuration information. Security configuration information consists of:
  • Passwords
  • Keys
  • Shared secrets

The default setting is 0.

  • 1 – Suppresses the display of the policy, IP ACL, passwords, keys and shared secrets. If this option is selected, in addition to suppression from ‘Level 0', an empty string is returned for a SNMP request on following items:
  • Management policies
  • IP ACL
  • Tables containing user names and community strings
 
snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 auth md5 [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]
user [snmpmanager| snmpoperator| snmptrap] Defines user access to the SNMP engine
  • snmpmanager – Sets user as a SNMP manager
  • snmpoperator – Sets user as a SNMP operator
  • snmptrap – Sets user as a SNMP trap user
v3 auth md5 Uses SNMP version 3 as the security model
  • auth – Uses an authentication protocol
    • md5 – Uses HMAC-MD5 algorithm for authentication
[0 <PASSWORD>| 2 <ENCRYPTED- PASSWORD>| <PASSWORD>] Configures password using one of the following options:
  • 0 <PASSWORD> – Configures clear text password
  • 2 <PASSWORD> – Configures encrypted password
    • <PASSWORD> – Specifies a password for authentication and privacy protocols
 
snmp-server user [snmpmanager|snmpoperator|snmptrap] v3 encrypted [auth md5|des auth md5] [0 <PASSWORD>|2 <ENCRYPTED-PASSWORD>|<PASSWORD>]
user [snmpmanager| snmpoperator| snmptrap] Defines user access to the SNMP engine
  • snmpmanager – Sets user as a SNMP manager
  • snmpoperator – Sets user as a SNMP operator
  • snmptrap – Sets user as a SNMP trap user
v3 encrypted Uses SNMP version 3 as the security model
  • encrypted – Uses encrypted privacy protocol
auth md5 Uses authentication protocol
  • auth – Sets authentication parameters
    • md5 – Uses HMAC-MD5 algorithm for authentication
des auth md5 Uses privacy protocol for user privacy
  • des – Uses CBC-DES for privacy

    After specifying the privacy protocol, specify the authentication mode.

  • auth – Sets user authentication parameters
    • md5 – Uses HMAC-MD5 algorithm for authentication
[0 <PASSWORD>| 2 <ENCRYPTED- PASSWORD>| <PASSWORD>] The following are common to both the auth and des parameters:

Configures password using one of the following options:

  • 0 <PASSWORD> – Configures a clear text password
  • 2 <PASSWORD> – Configures an encrypted password
    • <PASSWORD> – Specifies a password for authentication and privacy protocols

Examples

nx9500-6C8809(config-management-policy-test)#snmp-server community snmp1 ro

nx9500-6C8809(config-management-policy-test)#snmp-server host 172.16.10.23 v3 162

nx9500-6C8809(config-management-policy-test)#snmp-server user snmpmanager v3 auth md5 test@123

nx9500-6C8809(config-management-policy-test)#show context
management-policy test
 no http server
 https server
 ftp username superuser password 1 f617ca50c59fb47028f96db4baab5f3d8f03c03ab257960b0fd127c69f02cd7e rootdir dir
 no ssh
 snmp-server community snmp1 ro
 snmp-server user snmpmanager v3 encrypted des auth md5 0 test@123
 snmp-server host 172.16.10.23 v3 162
 aaa-login radius external
 aaa-login radius policy test
 idle-session-timeout 0
 restrict-access host 172.16.10.2 log all
nx9500-6C8809(config-management-policy-test)#

Related Commands

no (management-policy)

Disables or resets the SNMP server settings
9037762-01 Rev AA