Cisco 2960 X Owners Manual

							DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
DisablestheSNMPagentoperation.nosnmp-server
Example:
Switch(config)#nosnmp-server
Step 2
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 3
Configuring Community Strings
YouusetheSNMPcommunitystringtodefinetherelationshipbetweentheSNMPmanagerandtheagent.
Thecommunitystringactslikeapasswordtopermitaccesstotheagentontheswitch.Optionally,youcan
specifyoneormoreofthesecharacteristicsassociatedwiththestring:
•AnaccesslistofIPaddressesoftheSNMPmanagersthatarepermittedtousethecommunitystringto
gainaccesstotheagent
•AMIBview,whichdefinesthesubsetofallMIBobjectsaccessibletothegivencommunity
•Readandwriteorread-onlypermissionfortheMIBobjectsaccessibletothecommunity
BeginninginprivilegedEXECmode,followthesestepstoconfigureacommunitystringontheswitch.
SUMMARY STEPS
1.configureterminal
2.snmp-servercommunitystring[viewview-name][ro|rw][access-list-number]
3.access-listaccess-list-number{deny|permit}source[source-wildcard]
4.end
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0151
Configuring Simple Network Management Protocol
Configuring Community Strings 
						

							DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
Configuresthecommunitystring.snmp-servercommunitystring
[viewview-name][ro|rw]
[access-list-number]
Step 2
[email protected]
the@symbolaspartoftheSNMPcommunitystringwhenconfiguring
thiscommand.
Note
Example:
Switch(config)#snmp-servercommunitycomaccessro4
•Forstring,specifyastringthatactslikeapasswordandpermitsaccesstothe
SNMPprotocol.Youcanconfigureoneormorecommunitystringsofany
length.
•(Optional)Forview-name,specifytheviewrecordaccessibletothecommunity.
•(Optional)Specifyeitherread-only(ro)ifyouwantauthorizedmanagement
stationstoretrieveMIBobjects,orspecifyread-write(rw)ifyouwant
authorizedmanagementstationstoretrieveandmodifyMIBobjects.By
default,thecommunitystringpermitsread-onlyaccesstoallobjects.
•(Optional)Foraccess-list-number,enteranIPstandardaccesslistnumbered
from1to99and1300to1999.
(Optional)IfyouspecifiedanIPstandardaccesslistnumberinStep2,thencreate
thelist,repeatingthecommandasmanytimesasnecessary.
access-listaccess-list-number{deny
|permit}source[source-wildcard]
Step 3
Example:
Switch(config)#access-list4denyany
•Foraccess-list-number,entertheaccesslistnumberspecifiedinStep2.
•Thedenykeyworddeniesaccessiftheconditionsarematched.Thepermit
keywordpermitsaccessiftheconditionsarematched.
•Forsource,entertheIPaddressoftheSNMPmanagersthatarepermittedto
usethecommunitystringtogainaccesstotheagent.
•(Optional)Forsource-wildcard,enterthewildcardbitsindotteddecimal
notationtobeappliedtothesource.Placeonesinthebitpositionsthatyou
wanttoignore.
Recallthattheaccesslistisalwaysterminatedbyanimplicitdenystatementfor
everything.
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 4
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
52OL-29044-01  
Configuring Simple Network Management Protocol
Configuring Community Strings 
						

							ThisexampleshowshowtoassignthecomaccessstringtoSNMP,toallowread-onlyaccess,andtospecify
thatIPaccesslist4canusethecommunitystringtogainaccesstotheswitchSNMPagent:
Switch(config)#snmp-servercommunitycomaccessro4
What to Do Next
TodisableaccessforanSNMPcommunity,setthecommunitystringforthatcommunitytothenullstring
(donotenteravalueforthecommunitystring).
Toremoveaspecificcommunitystring,usethenosnmp-servercommunitystringglobalconfiguration
command.
Youcanspecifyanidentificationname(engineID)forthelocalorremoteSNMPserverengineontheswitch.
YoucanconfigureanSNMPservergroupthatmapsSNMPuserstoSNMPviews,andyoucanaddnewusers
totheSNMPgroup.
Configuring SNMP Groups and Users
Youcanspecifyanidentificationname(engineID)forthelocalorremoteSNMPserverengineontheswitch.
YoucanconfigureanSNMPservergroupthatmapsSNMPuserstoSNMPviews,andyoucanaddnewusers
totheSNMPgroup.
BeginninginprivilegedEXECmode,followthesestepstoconfigureSNMPgroupsandusersontheswitch.
SUMMARY STEPS
1.configureterminal
2.snmp-serverengineID{localengineid-string|remoteip-address[udp-portport-number]engineid-string}
3.snmp-servergroupgroup-name{v1|v2c|v3{auth|noauth|priv}}[readreadview][writewriteview]
[notifynotifyview][accessaccess-list]
4.snmp-serveruserusernamegroup-name{remotehost[udp-portport]}{v1[accessaccess-list]|v2c
[accessaccess-list]|v3[encrypted][accessaccess-list][auth{md5|sha}auth-password]}[priv{des
|3des|aes{128|192|256}}priv-password]
5.end
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
ConfiguresanameforeitherthelocalorremotecopyofSNMP.snmp-serverengineID{local
engineid-string|remoteip-address
Step 2
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0153
Configuring Simple Network Management Protocol
Configuring SNMP Groups and Users 
						

							PurposeCommand or Action
•Theengineid-stringisa24-characterIDstringwiththenameofthecopyof
SNMP.Youneednotspecifytheentire24-characterengineIDifithastrailing[udp-portport-number]
engineid-string}zeros.SpecifyonlytheportionoftheengineIDuptothepointwhereonly
Example:
Switch(config)#snmp-serverengineIDlocal1234
zerosremaininthevalue.TheStepExampleconfiguresanengineIDof
123400000000000000000000.
•Ifyouselectremote,specifytheip-addressofthedevicethatcontainsthe
remotecopyofSNMPandtheoptionalUserDatagramProtocol(UDP)port
ontheremotedevice.Thedefaultis162.
ConfiguresanewSNMPgroupontheremotedevice.snmp-servergroupgroup-name{v1|
v2c|v3{auth|noauth|priv}}[read
Step 3
Forgroup-name,specifythenameofthegroup.readview][writewriteview][notify
notifyview][accessaccess-list]Specifyoneofthefollowingsecuritymodels:
Example:
Switch(config)#snmp-servergrouppublicv2caccesslmnop
•v1istheleastsecureofthepossiblesecuritymodels.
•v2cisthesecondleastsecuremodel.Itallowstransmissionofinformsand
integerstwicethenormalwidth.
•v3,themostsecure,requiresyoutoselectoneofthefollowingauthentication
levels:
auth—EnablestheMessageDigest5(MD5)andtheSecureHashAlgorithm
(SHA)packetauthentication.
noauth—EnablesthenoAuthNoPrivsecuritylevel.Thisisthedefaultifno
keywordisspecified.
priv—EnablesDataEncryptionStandard(DES)packetencryption(alsocalled
privacy).
(Optional)Enterreadreadviewwithastring(nottoexceed64characters)thatis
thenameoftheviewinwhichyoucanonlyviewthecontentsoftheagent.
(Optional)Enterwritewriteviewwithastring(nottoexceed64characters)thatis
thenameoftheviewinwhichyouenterdataandconfigurethecontentsoftheagent.
(Optional)Enternotifynotifyviewwithastring(nottoexceed64characters)that
isthenameoftheviewinwhichyouspecifyanotify,inform,ortrap.
(Optional)Enteraccessaccess-listwithastring(nottoexceed64characters)that
isthenameoftheaccesslist.
AddsanewuserforanSNMPgroup.snmp-serveruserusername
group-name{remotehost[udp-port
Step 4
Theusernameisthenameoftheuseronthehostthatconnectstotheagent.port]}{v1[accessaccess-list]|v2cThegroup-nameisthenameofthegrouptowhichtheuserisassociated.[accessaccess-list]|v3[encrypted]
[accessaccess-list][auth{md5|sha}EnterremotetospecifyaremoteSNMPentitytowhichtheuserbelongsandthe
hostnameorIPaddressofthatentitywiththeoptionalUDPportnumber.Thedefault
is162.
auth-password]}[priv{des|3des|aes
{128|192|256}}priv-password]
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
54OL-29044-01  
Configuring Simple Network Management Protocol
Configuring SNMP Groups and Users 
						

							PurposeCommand or Action
Example:
Switch(config)#snmp-serveruserPatpublicv2c
EntertheSNMPversionnumber(v1,v2c,orv3).Ifyouenterv3,youhavethese
additionaloptions:
•encryptedspecifiesthatthepasswordappearsinencryptedformat.This
keywordisavailableonlywhenthev3keywordisspecified.
•authisanauthenticationlevelsettingsessionthatcanbeeitherthe
HMAC-MD5-96(md5)ortheHMAC-SHA-96(sha)authenticationleveland
requiresapasswordstringauth-password(nottoexceed64characters).
Ifyouenterv3youcanalsoconfigureaprivate(priv)encryptionalgorithmand
passwordstringpriv-passwordusingthefollowingkeywords(nottoexceed64
characters):
•privspecifiestheUser-basedSecurityModel(USM).
•desspecifiestheuseofthe56-bitDESalgorithm.
•3desspecifiestheuseofthe168-bitDESalgorithm.
•aesspecifiestheuseoftheDESalgorithm.Youmustselecteither128-bit,
192-bit,or256-bitencryption.
(Optional)Enteraccessaccess-listwithastring(nottoexceed64characters)that
isthenameoftheaccesslist.
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 5
Configuring SNMP Notifications
Atrapmanagerisamanagementstationthatreceivesandprocessestraps.Trapsaresystemalertsthatthe
switchgenerateswhencertaineventsoccur.Bydefault,notrapmanagerisdefined,andnotrapsaresent.
SwitchesrunningthisCiscoIOSreleasecanhaveanunlimitednumberoftrapmanagers.
Manycommandsusethewordtrapsinthecommandsyntax.Unlessthereisanoptioninthecommand
toselecteithertrapsorinforms,thekeywordtrapsreferstotraps,informs,orboth.Usethesnmp-server
hostglobalconfigurationcommandtospecifywhethertosendSNMPnotificationsastrapsorinforms.
Note
Youcanusethesnmp-serverhostglobalconfigurationcommandforaspecifichosttoreceivethenotification
typeslistedinthefollowingtable.Youcanenableanyorallofthesetrapsandconfigureatrapmanagerto
receivethem.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0155
Configuring Simple Network Management Protocol
Configuring SNMP Notifications 
						

							Table 10: Device Notification Types
DescriptionNotification Type Keyword
GeneratesBorderGatewayProtocol(BGP)statechangetraps.This
optionisonlyavailablewhentheIPservicesfeaturesetisenabled.
bgp
GeneratesSTPbridgeMIBtraps.bridge
Generatesatrapwhentheclusterconfigurationchanges.cluster
GeneratesatrapforSNMPconfigurationchanges.config
GeneratesatrapforSNMPcopyconfigurationchanges.copy-config
AllowCPU-relatedtraps.cputhreshold
GeneratesatrapforSNMPentitychanges.entity
Generatesenvironmentalmonitortraps.Youcanenableanyorall
oftheseenvironmentaltraps:fan,shutdown,status,supply,
temperature.
envmon
GeneratesSNMPFLASHnotifications.Inaswitchstack,youcan
optionallyenablenotificationforflashinsertionorremoval,which
wouldcauseatraptobeissuedwheneveraswitchinthestackis
removedorinserted(physicalremoval,powercycle,orreload).
flash
Generatesentityfield-replaceableunit(FRU)controltraps.Inthe
switchstack,thistrapreferstotheinsertionorremovalofaswitch
inthestack.
fru-ctrl
GeneratesatrapforHotStandbyRouterProtocol(HSRP)changes.hsrp
GeneratesatrapforIPmulticastroutingchanges.ipmulticast
GeneratesatrapforMACaddressnotifications.mac-notification
GeneratesatrapforMulticastSourceDiscoveryProtocol(MSDP)
changes.
msdp
GeneratesatrapforOpenShortestPathFirst(OSPF)changes.You
canenableanyorallofthesetraps:Ciscospecific,errors,link-state
advertisement,ratelimit,retransmit,andstatechanges.
ospf
GeneratesatrapforProtocol-IndependentMulticast(PIM)changes.
Youcanenableanyorallofthesetraps:invalidPIMmessages,
neighborchanges,andrendezvouspoint(RP)-mappingchanges.
pim
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
56OL-29044-01  
Configuring Simple Network Management Protocol
Configuring SNMP Notifications 
						

							DescriptionNotification Type Keyword
GeneratesSNMPportsecuritytraps.Youcanalsosetamaximum
trapratepersecond.Therangeisfrom0to1000;thedefaultis0,
whichmeansthatthereisnoratelimit.
Whenyouconfigureatrapbyusingthenotificationtype
port-security,configuretheportsecuritytrapfirst,and
thenconfiguretheportsecuritytraprate:
Note
1snmp-serverenabletrapsport-security
2snmp-serverenabletrapsport-securitytrap-raterate
port-security
GeneratesatrapfortheSNMPResponseTimeReporter(RTR).rtr
GeneratesatrapforSNMP-typenotificationsforauthentication,
coldstart,warmstart,linkuporlinkdown.
snmp
GeneratesatrapforSNMPstorm-control.Youcanalsoseta
maximumtraprateperminute.Therangeisfrom0to1000;the
defaultis0(nolimitisimposed;atrapissentateveryoccurrence).
storm-control
GeneratesSNMPSTPExtendedMIBtraps.stpx
GeneratesSNMPsyslogtraps.syslog
GeneratesatrapforTCPconnections.Thistrapisenabledbydefault.tty
GeneratesatrapforSNMPVLANmembershipchanges.vlan-membership
GeneratesSNMPVLANcreatedtraps.vlancreate
GeneratesSNMPVLANdeletedtraps.vlandelete
GeneratesatrapforVLANTrunkingProtocol(VTP)changes.vtp
BeginninginprivilegedEXECmode,followthesestepstoconfiguretheswitchtosendtrapsorinformstoa
host.
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0157
Configuring Simple Network Management Protocol
Configuring SNMP Notifications 
						

							SUMMARY STEPS
1.configureterminal
2.snmp-serverengineIDremoteip-addressengineid-string
3.snmp-serveruserusernamegroup-name{remotehost[udp-portport]}{v1[accessaccess-list]|v2c
[accessaccess-list]|v3[encrypted][accessaccess-list][auth{md5|sha}auth-password]}
4.snmp-servergroupgroup-name{v1|v2c|v3{auth|noauth|priv}}[readreadview][writewriteview]
[notifynotifyview][accessaccess-list]
5.snmp-serverhosthost-addr[informs|traps][version{1|2c|3{auth|noauth|priv}}]
community-string[notification-type]
6.snmp-serverenabletrapsnotification-types
7.snmp-servertrap-sourceinterface-id
8.snmp-serverqueue-lengthlength
9.snmp-servertrap-timeoutseconds
10.end
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
SpecifiestheengineIDfortheremotehost.snmp-serverengineIDremoteip-address
engineid-string
Step 2
Example:Switch(config)#snmp-serverengineIDremote192.180.1.2700000063000100a1c0b4011b
ConfiguresanSNMPusertobeassociatedwiththeremotehost
createdinStep2.
snmp-serveruserusernamegroup-name{remote
host[udp-portport]}{v1[accessaccess-list]|
Step 3
v2c[accessaccess-list]|v3[encrypted][access
access-list][auth{md5|sha}auth-password]}Youcannotconfigurearemoteuserforanaddresswithout
firstconfiguringtheengineIDfortheremotehost.
Otherwise,youreceiveanerrormessage,andthecommand
isnotexecuted.
Note
Example:Switch(config)#snmp-serveruserPatpublicv2c
ConfiguresanSNMPgroup.snmp-servergroupgroup-name{v1|v2c|v3
{auth|noauth|priv}}[readreadview][write
writeview][notifynotifyview][accessaccess-list]
Step 4
Example:Switch(config)#snmp-servergrouppublicv2caccesslmnop
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
58OL-29044-01  
Configuring Simple Network Management Protocol
Configuring SNMP Notifications 
						

							PurposeCommand or Action
SpecifiestherecipientofanSNMPtrapoperation.snmp-serverhosthost-addr[informs|traps]
[version{1|2c|3{auth|noauth|priv}}]
community-string[notification-type]
Step 5
Forhost-addr,specifythenameorInternetaddressofthehost(the
targetedrecipient).
Example:Switch(config)#snmp-serverhost203.0.113.1comaccesssnmp
(Optional)Specifytraps(thedefault)tosendSNMPtrapstothehost.
SpecifyinformstosendSNMPinformstothehost.
(Optional)SpecifytheSNMPversion(1,2c,or3).SNMPv1does
notsupportinforms.
(Optional)ForVersion3,selectauthenticationlevelauth,noauth,
orpriv.
Forcommunity-string,whenversion1orversion2cisspecified,
enterthepassword-likecommunitystringsentwiththenotification
operation.Whenversion3isspecified,entertheSNMPv3username.
[email protected]
usingthe@symbolaspartoftheSNMPcommunitystringwhen
configuringthiscommand.
(Optional)Fornotification-type,usethekeywordslistedinthetable
above.Ifnotypeisspecified,allnotificationsaresent.
Enabletheswitchtosendtrapsorinformsandspecifythetypeof
notificationstobesent.Foralistofnotificationtypes,seethetable
above,orentersnmp-serverenabletraps?
snmp-serverenabletrapsnotification-types
Example:Switch(config)#snmp-serverenabletrapssnmp
Step 6
Toenablemultipletypesoftraps,youmustenteraseparate
snmp-serverenabletrapscommandforeachtraptype.
Whenyouconfigureatrapbyusingthenotificationtype
port-security,configuretheportsecuritytrapfirst,andthen
configuretheportsecuritytraprate:
Note
1snmp-serverenabletrapsport-security
2snmp-serverenabletrapsport-securitytrap-raterate
(Optional)Specifythesourceinterface,whichprovidestheIPaddress
forthetrapmessage.ThiscommandalsosetsthesourceIPaddress
forinforms.
snmp-servertrap-sourceinterface-id
Example:Switch(config)#snmp-servertrap-sourceGigabitEthernet1/0/1
Step 7
(Optional)Establishthemessagequeuelengthforeachtraphost.The
rangeis1to1000;thedefaultis10.
snmp-serverqueue-lengthlength
Example:Switch(config)#snmp-serverqueue-length20
Step 8
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX    
   OL-29044-0159
Configuring Simple Network Management Protocol
Configuring SNMP Notifications 
						

							PurposeCommand or Action
(Optional)Definehowoftentoresendtrapmessages.Therangeis1
to1000;thedefaultis30seconds.
snmp-servertrap-timeoutseconds
Example:Switch(config)#snmp-servertrap-timeout60
Step 9
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 10
What to Do Next
Thesnmp-serverhostcommandspecifieswhichhostsreceivethenotifications.Thesnmp-serverenable
trapcommandgloballyenablesthemethodforthespecifiednotification(fortrapsandinforms).Toenable
ahosttoreceiveaninform,youmustconfigureansnmp-serverhostinformscommandforthehostand
globallyenableinformsbyusingthesnmp-serverenabletrapscommand.
Toremovethespecifiedhostfromreceivingtraps,usethenosnmp-serverhosthostglobalconfiguration
command.Thenosnmp-serverhostcommandwithnokeywordsdisablestraps,butnotinforms,tothehost.
Todisableinforms,usethenosnmp-serverhostinformsglobalconfigurationcommand.Todisableaspecific
traptype,usethenosnmp-serverenabletrapsnotification-typesglobalconfigurationcommand.
Setting the Agent Contact and Location Information
BeginninginprivilegedEXECmode,followthesestepstosetthesystemcontactandlocationoftheSNMP
agentsothatthesedescriptionscanbeaccessedthroughtheconfigurationfile.
SUMMARY STEPS
1.configureterminal
2.snmp-servercontacttext
3.snmp-serverlocationtext
4.end
   Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
60OL-29044-01  
Configuring Simple Network Management Protocol
Setting the Agent Contact and Location Information