Cisco 2960 X Owners Manual

							DescriptionCommand
Displaysinformationaboutaspecificneighbor.
Youcanenteranasterisk(*)todisplayallCDPneighbors,or
youcanenterthenameoftheneighboraboutwhichyouwant
information.
Youcanalsolimitthedisplaytoinformationabouttheprotocols
enabledonthespecifiedneighbororinformationabouttheversion
ofsoftwarerunningonthedevice.
showcdpentryentry-name[version]
[protocol]
DisplaysinformationaboutinterfaceswhereCDPisenabled.
Youcanlimitthedisplaytotheinterfaceaboutwhichyouwant
information.
showcdpinterface[interface-id]
Displaysinformationaboutneighbors,includingdevicetype,
interfacetypeandnumber,holdtimesettings,capabilities,
platform,andportID.
Youcanlimitthedisplaytoneighborsofaspecificinterfaceor
expandthedisplaytoprovidemoredetailedinformation.
showcdpneighbors[interface-id]
[detail]
DisplaysCDPcounters,includingthenumberofpacketssent
andreceivedandchecksumerrors.
showcdptraffic
Related Topics
ConfiguringCDPCharacteristics,onpage34
Additional References
Related Documents
Document TitleRelated Topic
CiscoIOSConfigurationFundamentalsCommand
Reference,CiscoIOSXERelease3S(Catalyst3850
Switches)
SystemManagementCommands
MIBs
MIBs LinkMIB
TolocateanddownloadMIBsforselectedplatforms,
CiscoIOSreleases,andfeaturesets,useCiscoMIB
LocatorfoundatthefollowingURL:
http://www.cisco.com/go/mibs
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0141
Configuring the Cisco Discovery Protocol
Additional References 
						

							Technical Assistance
LinkDescription
http://www.cisco.com/supportTheCiscoSupportwebsiteprovidesextensiveonline
resources,includingdocumentationandtoolsfor
troubleshootingandresolvingtechnicalissueswith
Ciscoproductsandtechnologies.
Toreceivesecurityandtechnicalinformationabout
yourproducts,youcansubscribetovariousservices,
suchastheProductAlertTool(accessedfromField
Notices),theCiscoTechnicalServicesNewsletter,
andReallySimpleSyndication(RSS)Feeds.
AccesstomosttoolsontheCiscoSupportwebsite
requiresaCisco.comuserIDandpassword.
Feature History and Information for Cisco Discovery Protocol
ModificationRelease
Thisfeaturewasintroduced.CiscoIOS15.0(2)EX
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
42OL-29044-01  
Configuring the Cisco Discovery Protocol
Feature History and Information for Cisco Discovery Protocol 
						

							CHAPTER 4
Configuring Simple Network Management
Protocol
ThischapterdescribestheSimpleNetworkManagementProtocol(SNMP)configuration.
•FindingFeatureInformation,page43
•PrerequisitesforSNMP,page43
•RestrictionsforSNMP,page46
•InformationAboutSNMP,page46
•HowtoConfigureSNMP,page50
•MonitoringSNMPStatus,page62
•SNMPExamples,page63
•FeatureHistoryandInformationforSimpleNetworkManagementProtocol,page64
Finding Feature Information
Yoursoftwarereleasemaynotsupportallthefeaturesdocumentedinthismodule.Forthelatestfeature
informationandcaveats,seethereleasenotesforyourplatformandsoftwarerelease.
UseCiscoFeatureNavigatortofindinformationaboutplatformsupportandCiscosoftwareimagesupport.
ToaccessCiscoFeatureNavigator,gotohttp://www.cisco.com/go/cfn.AnaccountonCisco.comisnot
required.
Prerequisites for SNMP
Supported SNMP Versions
ThissoftwarereleasesupportsthefollowingSNMPversions:
•SNMPv1—TheSimpleNetworkManagementProtocol,aFullInternetStandard,definedinRFC1157.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
    OL-29044-0143 
						

							•SNMPv2CreplacestheParty-basedAdministrativeandSecurityFrameworkofSNMPv2Classicwith
thecommunity-string-basedAdministrativeFrameworkofSNMPv2Cwhileretainingthebulkretrieval
andimprovederrorhandlingofSNMPv2Classic.Ithasthesefeatures:
◦SNMPv2—Version2oftheSimpleNetworkManagementProtocol,aDraftInternetStandard,
definedinRFCs1902through1907.
◦SNMPv2C—Thecommunity-string-basedAdministrativeFrameworkforSNMPv2,anExperimental
InternetProtocoldefinedinRFC1901.
•SNMPv3—Version3oftheSNMPisaninteroperablestandards-basedprotocoldefinedinRFCs2273
to2275.SNMPv3providessecureaccesstodevicesbyauthenticatingandencryptingpacketsoverthe
networkandincludesthesesecurityfeatures:
◦Messageintegrity—Ensuresthatapacketwasnottamperedwithintransit.
◦Authentication—Determinesthatthemessageisfromavalidsource.
◦Encryption—Mixesthecontentsofapackagetopreventitfrombeingreadbyanunauthorized
source.
Toselectencryption,entertheprivkeyword.Note
BothSNMPv1andSNMPv2Cuseacommunity-basedformofsecurity.Thecommunityofmanagersableto
accesstheagent’sMIBisdefinedbyanIPaddressaccesscontrollistandpassword.
SNMPv2Cincludesabulkretrievalfunctionandmoredetailederrormessagereportingtomanagement
stations.Thebulkretrievalfunctionretrievestablesandlargequantitiesofinformation,minimizingthenumber
ofround-tripsrequired.TheSNMPv2Cimprovederror-handlingincludesexpandederrorcodesthatdistinguish
differentkindsoferrorconditions;theseconditionsarereportedthroughasingleerrorcodeinSNMPv1.Error
returncodesinSNMPv2Creporttheerrortype.
SNMPv3providesforbothsecuritymodelsandsecuritylevels.Asecuritymodelisanauthenticationstrategy
setupforauserandthegroupwithinwhichtheuserresides.Asecuritylevelisthepermittedlevelofsecurity
withinasecuritymodel.Acombinationofthesecuritylevelandthesecuritymodeldeterminewhichsecurity
methodisusedwhenhandlinganSNMPpacket.AvailablesecuritymodelsareSNMPv1,SNMPv2C,and
SNMPv3.
Thefollowingtableidentifiescharacteristicsandcomparesdifferentcombinationsofsecuritymodelsand
levels:
Table 7: SNMP Security Models and Levels
ResultEncryptionAuthenticationLevelModel
Usesacommunity
stringmatchfor
authentication.
NoCommunitystringnoAuthNoPrivSNMPv1
Usesacommunity
stringmatchfor
authentication.
NoCommunitystringnoAuthNoPrivSNMPv2C
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
44OL-29044-01  
Configuring Simple Network Management Protocol
Prerequisites for SNMP 
						

							ResultEncryptionAuthenticationLevelModel
Usesausername
matchfor
authentication.
NoUsernamenoAuthNoPrivSNMPv3
Provides
authenticationbased
ontheHMAC-MD5
orHMAC-SHA
algorithms.
NoMessageDigest5
(MD5)orSecure
HashAlgorithm
(SHA)
authNoPrivSNMPv3
Provides
authenticationbased
ontheHMAC-MD5
orHMAC-SHA
algorithms.
Allowsspecifying
theUser-based
SecurityModel
(USM)withthese
encryption
algorithms:
•DES56-bit
encryptionin
additionto
authentication
basedonthe
CBC-DES
(DES-56)
standard.
•3DES168-bit
encryption
•AES128-bit,
192-bit,or
256-bit
encryption
DataEncryption
Standard(DES)or
Advanced
EncryptionStandard
(AES)
MD5orSHAauthPrivSNMPv3
YoumustconfiguretheSNMPagenttousetheSNMPversionsupportedbythemanagementstation.Because
anagentcancommunicatewithmultiplemanagers,youcanconfigurethesoftwaretosupportcommunications
usingSNMPv1,SNMPv2C,orSNMPv3.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0145
Configuring Simple Network Management Protocol
Prerequisites for SNMP 
						

							Restrictions for SNMP
Version Restrictions
•SNMPv1doesnotsupportinforms.
Information About SNMP
SNMP Overview
SNMPisanapplication-layerprotocolthatprovidesamessageformatforcommunicationbetweenmanagers
andagents.TheSNMPsystemconsistsofanSNMPmanager,anSNMPagent,andamanagementinformation
base(MIB).TheSNMPmanagercanbepartofanetworkmanagementsystem(NMS)suchasCiscoPrime
Infrastructure.TheagentandMIBresideontheswitch.ToconfigureSNMPontheswitch,youdefinethe
relationshipbetweenthemanagerandtheagent.
TheSNMPagentcontainsMIBvariableswhosevaluestheSNMPmanagercanrequestorchange.Amanager
cangetavaluefromanagentorstoreavalueintotheagent.TheagentgathersdatafromtheMIB,therepository
forinformationaboutdeviceparametersandnetworkdata.Theagentcanalsorespondtoamanager'srequests
togetorsetdata.
Anagentcansendunsolicitedtrapstothemanager.TrapsaremessagesalertingtheSNMPmanagertoa
conditiononthenetwork.Trapscanmeanimproperuserauthentication,restarts,linkstatus(upordown),
MACaddresstracking,closingofaTCPconnection,lossofconnectiontoaneighbor,orothersignificant
events.
TheactiveswitchhandlestheSNMPrequestsandtrapsforthewholeswitchstack.Theactiveswitch
transparentlymanagesanyrequestsortrapsthatarerelatedtoallstackmembers.Whenanewactiveswitch
iselected,thenewactiveswitchcontinuestohandleSNMPrequestsandtrapsasconfiguredontheprevious
activeswitch,assumingthatIPconnectivitytotheSNMPmanagementstationsisstillinplaceafterthenew
activeswitchhastakencontrol.
SNMP Manager Functions
TheSNMPmanagerusesinformationintheMIBtoperformtheoperationsdescribedinthefollowingtable:
Table 8: SNMP Operations
DescriptionOperation
Retrievesavaluefromaspecificvariable.get-request
Retrievesavaluefromavariablewithinatable.2get-next-request
Retrieveslargeblocksofdata,suchasmultiplerowsinatable,thatwouldotherwise
requirethetransmissionofmanysmallblocksofdata.
get-bulk-request3
Repliestoaget-request,get-next-request,andset-requestsentbyanNMS.get-response
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
46OL-29044-01  
Configuring Simple Network Management Protocol
Restrictions for SNMP 
						

							DescriptionOperation
Storesavalueinaspecificvariable.set-request
AnunsolicitedmessagesentbyanSNMPagenttoanSNMPmanagerwhensomeevent
hasoccurred.
trap
2Withthisoperation,anSNMPmanagerdoesnotneedtoknowtheexactvariablename.Asequentialsearchisperformedtofindtheneededvariablefromwithinatable.3Theget-bulkcommandonlyworkswithSNMPv2orlater.
SNMP Agent Functions
TheSNMPagentrespondstoSNMPmanagerrequestsasfollows:
•GetaMIBvariable—TheSNMPagentbeginsthisfunctioninresponsetoarequestfromtheNMS.The
agentretrievesthevalueoftherequestedMIBvariableandrespondstotheNMSwiththatvalue.
•SetaMIBvariable—TheSNMPagentbeginsthisfunctioninresponsetoamessagefromtheNMS.
TheSNMPagentchangesthevalueoftheMIBvariabletothevaluerequestedbytheNMS.
TheSNMPagentalsosendsunsolicitedtrapmessagestonotifyanNMSthatasignificanteventhasoccurred
ontheagent.Examplesoftrapconditionsinclude,butarenotlimitedto,whenaportormodulegoesupor
down,whenspanning-treetopologychangesoccur,andwhenauthenticationfailuresoccur.
SNMP Community Strings
SNMPcommunitystringsauthenticateaccesstoMIBobjectsandfunctionasembeddedpasswords.Inorder
fortheNMStoaccesstheswitch,thecommunitystringdefinitionsontheNMSmustmatchatleastoneof
thethreecommunitystringdefinitionsontheswitch.
Acommunitystringcanhaveoneofthefollowingattributes:
•Read-only(RO)—GivesallobjectsintheMIBexceptthecommunitystringsreadaccesstoauthorized
managementstations,butdoesnotallowwriteaccess.
•Read-write(RW)—GivesallobjectsintheMIBreadandwriteaccesstoauthorizedmanagementstations,
butdoesnotallowaccesstothecommunitystrings.
•Whenaclusteriscreated,thecommandswitchmanagestheexchangeofmessagesamongmember
switchesandtheSNMPapplication.TheNetworkAssistantsoftwareappendsthememberswitchnumber
(@esN,whereNistheswitchnumber)tothefirstconfiguredRWandROcommunitystringsonthe
commandswitchandpropagatesthemtothememberswitches.
SNMP MIB Variables Access
AnexampleofanNMSistheCiscoPrimeInfrastructurenetworkmanagementsoftware.CiscoPrime
Infrastructure2.0softwareusestheswitchMIBvariablestosetdevicevariablesandtopolldevicesonthe
networkforspecificinformation.Theresultsofapollcanbedisplayedasagraphandanalyzedtotroubleshoot
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0147
Configuring Simple Network Management Protocol
SNMP Agent Functions 
						

							internetworkingproblems,increasenetworkperformance,verifytheconfigurationofdevices,monitortraffic
loads,andmore.
Asshowninthefigure,theSNMPagentgathersdatafromtheMIB.Theagentcansendtraps,ornotification
ofcertainevents,totheSNMPmanager,whichreceivesandprocessesthetraps.TrapsalerttheSNMPmanager
toaconditiononthenetworksuchasimproperuserauthentication,restarts,linkstatus(upordown),MAC
addresstracking,andsoforth.TheSNMPagentalsorespondstoMIB-relatedqueriessentbytheSNMP
manageringet-request,get-next-request,andset-requestformat.
Figure 3: SNMP Network
SNMP Notifications
SNMPallowstheswitchtosendnotificationstoSNMPmanagerswhenparticulareventsoccur.SNMP
notificationscanbesentastrapsorinformrequests.Incommandsyntax,unlessthereisanoptioninthe
commandtoselecteithertrapsorinforms,thekeywordtrapsreferstoeithertrapsorinforms,orboth.Use
thesnmp-serverhostcommandtospecifywhethertosendSNMPnotificationsastrapsorinforms.
SNMPv1doesnotsupportinforms.Note
Trapsareunreliablebecausethereceiverdoesnotsendanacknowledgmentwhenitreceivesatrap,andthe
sendercannotdetermineifthetrapwasreceived.WhenanSNMPmanagerreceivesaninformrequest,it
acknowledgesthemessagewithanSNMPresponseprotocoldataunit(PDU).Ifthesenderdoesnotreceive
aresponse,theinformrequestcanbesentagain.Becausetheycanberesent,informsaremorelikelythan
trapstoreachtheirintendeddestination.
Thecharacteristicsthatmakeinformsmorereliablethantrapsalsoconsumemoreresourcesintheswitchand
inthenetwork.Unlikeatrap,whichisdiscardedassoonasitissent,aninformrequestisheldinmemory
untilaresponseisreceivedortherequesttimesout.Trapsaresentonlyonce,butaninformmightberesent
orretriedseveraltimes.Theretriesincreasetrafficandcontributetoahigheroverheadonthenetwork.
Therefore,trapsandinformsrequireatrade-offbetweenreliabilityandresources.Ifitisimportantthatthe
SNMPmanagerreceiveeverynotification,useinformrequests.Iftrafficonthenetworkormemoryinthe
switchisaconcernandnotificationisnotrequired,usetraps.
SNMP ifIndex MIB Object Values
InanNMS,theIF-MIBgeneratesandassignsaninterfaceindex(ifIndex)objectvaluethatisauniquenumber
greaterthanzerotoidentifyaphysicaloralogicalinterface.Whentheswitchrebootsortheswitchsoftware
isupgraded,theswitchusesthissamevaluefortheinterface.Forexample,iftheswitchassignsaport2an
ifIndexvalueof10003,thisvalueisthesameaftertheswitchreboots.
TheswitchusesoneofthevaluesinthefollowingtabletoassignanifIndexvaluetoaninterface:
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
48OL-29044-01  
Configuring Simple Network Management Protocol
SNMP Notifications 
						

							Table 9: ifIndex Values
ifIndex RangeInterface Type
1–4999SVI4
5001–5048EtherChannel
5078–5142Tunnel
10000–14500Physical(suchasGigabitEthernetorSFP5-moduleinterfaces)basedontypeand
portnumbers
14501Null
24567+LoopbackandTunnel
4SVI=switchvirtualinterface5SFP=smallform-factorpluggable
Default SNMP Configuration
Default SettingFeature
Disabled6.SNMPagent
Noneconfigured.SNMPtrapreceiver
NoneenabledexceptthetrapforTCPconnections(tty).SNMPtraps
Ifnoversionkeywordispresent,thedefaultisVersion1.SNMPversion
Ifnokeywordisentered,thedefaultisthenoauth(noAuthNoPriv)security
level.
SNMPv3authentication
Ifnotypeisspecified,allnotificationsaresent.SNMPnotificationtype
6Thisisthedefaultwhentheswitchstartsandthestartupconfigurationdoesnothaveanysnmp-serverglobalconfigurationcommands.
SNMP Configuration Guidelines
Iftheswitchstartsandtheswitchstartupconfigurationhasatleastonesnmp-serverglobalconfiguration
command,theSNMPagentisenabled.
AnSNMPgroupisatablethatmapsSNMPuserstoSNMPviews.AnSNMPuserisamemberofanSNMP
group.AnSNMPhostistherecipientofanSNMPtrapoperation.AnSNMPengineIDisanameforthelocal
orremoteSNMPengine.
WhenconfiguringSNMP,followtheseguidelines:
•WhenconfiguringanSNMPgroup,donotspecifyanotifyview.Thesnmp-serverhostglobal
configurationcommandauto-generatesanotifyviewfortheuserandthenaddsittothegroupassociated
withthatuser.Modifyingthegroup'snotifyviewaffectsallusersassociatedwiththatgroup.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0149
Configuring Simple Network Management Protocol
Default SNMP Configuration 
						

							•Toconfigurearemoteuser,specifytheIPaddressorportnumberfortheremoteSNMPagentofthe
devicewheretheuserresides.
•Beforeyouconfigureremoteusersforaparticularagent,configuretheSNMPengineID,usingthe
snmp-serverengineIDglobalconfigurationcommandwiththeremoteoption.Theremoteagent's
SNMPengineIDanduserpasswordareusedtocomputetheauthenticationandprivacydigests.Ifyou
donotconfiguretheremoteengineIDfirst,theconfigurationcommandfails.
•WhenconfiguringSNMPinforms,youneedtoconfiguretheSNMPengineIDfortheremoteagentin
theSNMPdatabasebeforeyoucansendproxyrequestsorinformstoit.
•Ifalocaluserisnotassociatedwitharemotehost,theswitchdoesnotsendinformsfortheauth
(authNoPriv)andthepriv(authPriv)authenticationlevels.
•ChangingthevalueoftheSNMPengineIDhassignificantresults.Auser'spassword(enteredonthe
commandline)isconvertedtoanMD5orSHAsecuritydigestbasedonthepasswordandthelocal
engineID.Thecommand-linepasswordisthendestroyed,asrequiredbyRFC2274.Becauseofthis
deletion,ifthevalueoftheengineIDchanges,thesecuritydigestsofSNMPv3usersbecomeinvalid,
andyouneedtoreconfigureSNMPusersbyusingthesnmp-serveruserusernameglobalconfiguration
command.SimilarrestrictionsrequirethereconfigurationofcommunitystringswhentheengineID
changes.
How to Configure SNMP
Disabling the SNMP Agent
Thenosnmp-serverglobalconfigurationcommanddisablesallrunningversions(Version1,Version2C,
andVersion3)oftheSNMPagentonthedevice.YoureenableallversionsoftheSNMPagentbythefirst
snmp-serverglobalconfigurationcommandthatyouenter.ThereisnoCiscoIOScommandspecifically
designatedforenablingSNMP.
BeginninginprivilegedEXECmode,followthesestepstodisabletheSNMPagent.
Before You Begin
TheSNMPAgentmustbeenabledbeforeitcanbedisabled.TheSNMPagentisenabledbythefirst
snmp-serverglobalconfigurationcommandenteredonthedevice.
SUMMARY STEPS
1.configureterminal
2.nosnmp-server
3.end
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
50OL-29044-01  
Configuring Simple Network Management Protocol
How to Configure SNMP