Cisco Sg3008 Manual
Have a look at the manual Cisco Sg3008 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Quality of Service Managing QoS Statistics 523 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 25
Quality of Service Managing QoS Statistics Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 524 25
26 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 521 SNMP This section describes the Simple Network Management Protocol (SNMP) feature that provides a method for managing network devices. It covers the following topics: •SNMP Versions and Workflow •Model OIDs •SNMP Engine ID •Configuring SNMP Views •Creating SNMP Groups •Managing SNMP Users •Defining SNMP Communities •Defining Trap Settings •Notification Recipients •SNMP Notification Filters SNMP Versions and Workflow The device functions as SNMP agent and supports SNMPv1, v2, and v3. It also reports system events to trap receivers using the traps defined in the supported MIBs (Management Information Base).
SNMP SNMP Versions and Workflow Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 522 26 SNMPv1 and v2 To control access to the system, a list of community entries is defined. Each community entry consists of a community string and its access privilege. The system responds only to SNMP messages specifying the community which has the correct permissions and correct operation. SNMP agents maintain a list of variables that are used to manage the device. These variables are defined in the Management Information Base (MIB). NOTEDue to the security vulnerabilities of other versions, it is recommended to use SNMPv3. SNMPv3 In addition to the functionality provided by SNMPv1 and v2, SNMPv3 applies access control and new trap mechanisms to SNMPv1 and SNMPv2 PDUs. SNMPv3 also defines a User Security Model (USM) that includes: •Authentication—Provides data integrity and data origin authentication. •Privacy—Protects against disclosure message content. Cipher Block- Chaining (CBC-DES) is used for encryption. Either authentication alone can be enabled on an SNMP message, or both authentication and privacy can be enabled on an SNMP message. However, privacy cannot be enabled without authentication. •Timeliness—Protects against message delay or playback attacks. The SNMP agent compares the incoming message time stamp to the message arrival time. •Key Management—Defines key generation, key updates, and key use. The device supports SNMP notification filters based on Object IDs (OID). OIDs are used by the system to manage device features. SNMP Workflow NOTEFor security reasons, SNMP is disabled by default. Before you can manage the device via SNMP, you must turn on SNMP on the Security >TCP/ UDP Services page.
SNMP SNMP Versions and Workflow 523 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 26 The following is the recommended series of actions for configuring SNMP: If you decide to use SNMPv1 or v2: STEP 1Navigate to the SNMP -> Communities page and click Add. The community can be associated with access rights and a view in Basic mode or with a group in Advanced mode. There are two ways to define access rights of a community: •Basic mode—The access rights of a community can configure with Read Only, Read Write, or SNMP Admin. In addition, you can restrict the access to the community to only certain MIB objects by selecting a view (defined in the Views page) . •Advanced Mode—The access rights of a community are defined by a group (defined in the Groups page). You can configure the group with a specific security model. The access rights of a group are Read, Write, and Notify. STEP 2Choose whether to restrict the SNMP management station to one address or allow SNMP management from all addresses. If you choose to restrict SNMP management to one address, then input the address of your SNMP Management PC in the IP Address field. STEP 3Input the unique community string in the Community String field. STEP 4Optionally, enable traps by using the Trap Settings page. STEP 5Optionally, define a notification filter(s) by using the Notification Filter page. STEP 6Configure the notification recipients on the Notification Recipients SNMPv1,2 page. If you decide to use SNMPv3: STEP 1Define the SNMP engine by using the Engine ID page. Either create a unique Engine ID or use the default Engine ID. Applying an Engine ID configuration clears the SNMP database. STEP 2Optionally, define SNMP view(s) by using the Views page. This limits the range of OIDs available to a community or group. STEP 3Define groups by using the Groups page. STEP 4Define users by using the SNMP Users page, where they can be associated with a group. If the SNMP Engine ID is not set, then users may not be created.
SNMP Model OIDs Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 524 26 STEP 5Optionally, enable or disable traps by using the Trap Settings page. STEP 6Optionally, define a notification filter(s) by using the Notification Filter page. STEP 7Define a notification recipient(s) by using the Notification Recipients SNMPv3 page. Supported MIBs For a list of supported MIBs, visit the following URL and navigate to the download area listed as Cisco MIBS: www.cisco.com/cisco/software/navigator.html Model OIDs The following are the device model Object IDs (OIDs): Model Name Description Object ID SG300-10 8 GE ports, and 2 special-purpose combo ports (GE/SFP)9.6.1.83.10.1 SG300-10MP 8 GE ports, and 2 special-purpose combo ports (GE/SFP)9.6.1.83.10.3 SG300-10P 8 GE ports, and 2 special-purpose combo ports (GE/SFP)9.6.1.83.10.2 SG300-20 16 GE ports, and 4 special purpose ports - 2 uplinks and 2 combo ports9.6.1.83.20.1 SG300-28 24 GE ports, and 4 special-purpose ports - 2 uplinks and 2 combo-ports9.6.1.83.28.1 SG300-28P 24 GE ports, and 4 special-purpose ports - 2 uplinks and 2 combo-ports.9.6.1.83.28.2 SG300-52 48 GE ports, and 4 special-purpose ports - 2 uplinks and 2 combo-ports9.6.1.83.52.1 SF300-08 8 FE ports. 9.6.1.82.08.4 SF302-08 8 FE ports plus 2 GE ports 9.6.1.82.08.1
SNMP Model OIDs 525 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 26 SF302-08MP 8 FE ports plus 2 GE ports 9.6.1.82.08.3 SF302-08P 8 FE ports plus 2 GE ports 9.6.1.82.08.2 SF300-24 24 FE ports plus 4 GE special-purpose ports - 2 uplinks and 2 combo-ports.9.6.1.82.24.1 SF300-24P 24 FE ports plus 4 GE special-purpose ports - 2 uplinks and 2 combo-ports.9.6.1.82.24.2 SF300-48 48 FE ports plus 4 GE special-purpose ports - 2 uplinks and 2 combo-ports9.6.1.82.48.1 SF300-48P 48 FE ports plus 4 GE special-purpose ports - 2 uplinks and 2 combo-ports9.6.1.82.48.2 SG300-52P 52-Port Gigabit PoE Managed Switch 9.6.1.83.52.2 SG300-52MP 52-Port Gigabit PoE Managed Switch 9.6.1.83.52.3 SG300-10SFP 10-Port Gigabit Managed SFP Switch 9.6.1.83.10.5 ESW2-350G- 5252-Port Gigabit Managed Switch 9.6.1.86.52.1 ESW2-350G- 52DC52-Port Gigabit Managed Switch 9.6.1.86.52.6 SF300-24MP 24-Port 10/100 PoE Managed Switch 9.6.1.82.24.3 SG300-28MP 28-Port Gigabit PoE Managed Switch 9.6.1.83.28.3 SF302-08P 8 FE ports plus 2 GE ports 9.6.1.82.08.2 SF302-08PP 8-Port 10/100 PoE Managed Switch 9.6.1.82.08.2 SF302-08MPP 8-Port 10/100 PoE Managed Switch 9.6.1.82.08.3 SG300-10PP 8-Port 10/100 PoE Managed Switch 9.6.1.83.10.2 SF300-24PP 8-Port 10/100 PoE Managed Switch 9.6.1.82.24.1 SG300-28PP 10-Port Gigabit PoE Managed Switch 9.6.1.83.28.2 SF300-24PP 24-Port 10/100 PoE Managed Switch 9.6.1.82.24.1 SG300-28PP 28-Port Gigabit PoE Managed Switch 9.6.1.83.28.2 SF300-48PP 48-Port 10/100 PoE Managed Switch 9.6.1.82.48.2 Model Name Description Object ID
SNMP SNMP Engine ID Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 526 26 The private Object IDs are placed under: enterprises(1).cisco(9).otherEnterprises(6).ciscosb(1).switch001(101). SNMP Engine ID The Engine ID is used by SNMPv3 entities to uniquely identify them. An SNMP agent is considered an authoritative SNMP engine. This means that the agent responds to incoming messages (Get, GetNext, GetBulk, Set) and sends trap messages to a manager. The agents local information is encapsulated in fields in the message. Each SNMP agent maintains local information that is used in SNMPv3 message exchanges. The default SNMP Engine ID is comprised of the enterprise number and the default MAC address. This engine ID must be unique for the administrative domain, so that no two devices in a network have the same engine ID. Local information is stored in four MIB variables that are read-only (snmpEngineId, snmpEngineBoots, snmpEngineTime, and snmpEngineMaxMessageSize). ! CAUTIONWhen the engine ID is changed, all configured users and groups are erased. To define the SNMP engine ID: STEP 1Click SNMP > Engine ID. STEP 2Choose which to use for Local Engine ID. •Use Default—Select to use the device-generated engine ID. The default engine ID is based on the device MAC address, and is defined per standard as: -First 4 octets—First bit = 1, the rest is the IANA enterprise number. -Fifth octet—Set to 3 to indicate the MAC address that follows. -Last 6 octets—MAC address of the device. •None—No engine ID is used. •User Defined—Enter the local device engine ID. The field value is a hexadecimal string (range: 10 - 64). Each byte in the hexadecimal character strings is represented by two hexadecimal digits.
SNMP Configuring SNMP Views 527 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 26 All remote engine IDs and their IP addresses are displayed in the Remote Engine ID table. STEP 3Click Apply. The Running Configuration file is updated. The Remote Engine ID table shows the mapping between IP addresses of the engine and Engine ID. To add the IP address of an engine ID: STEP 4Click Add. Enter the following fields: •Server Definition—Select whether to specify the Engine ID server by IP address or name. •IP Version—Select the supported IP format. •IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The options are: -Link Local—The IPv6 address uniquely identifies hosts on a single network link. A link local address has a prefix of FE80, is not routable, and can be used for communication only on the local network. Only one link local address is supported. If a link local address exists on the interface, this entry replaces the address in the configuration. -Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. •Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. •Server IP Address/Name—Enter the IP address or domain name of the log server. •Engine ID—Enter the Engine ID. STEP 5Click Apply. The Running Configuration file is updated. Configuring SNMP Views A view is a user-defined label for a collection of MIB subtrees. Each subtree ID is defined by the Object ID (OID) of the root of the relevant subtrees. Either well- known names can be used to specify the root of the desired subtree or an OID can be entered (see Model OIDs).
SNMP Configuring SNMP Views Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 528 26 Each subtree is either included or excluded in the view being defined. The Views page enables creating and editing SNMP views. The default views (Default, DefaultSuper) cannot be changed. Views can be attached to groups in the Groups page or to a community which employs basic access mode through the Communities page. To define SNMP views: STEP 1Click SNMP > Views. STEP 2Click Add to define new views. STEP 3Enter the parameters. •View Name—Enter a view name between 0-30 characters) •Object ID Subtree—Select the node in the MIB tree that is included or excluded in the selected SNMP view. The options to select the object are as follows : -Select from list—Enables you to navigate the MIB tree. Press the Up arrow to go to the level of the selected nodes parent and siblings; press the Down arrow to descend to the level of the selected nodes children. Click nodes in the view to pass from one node to its sibling. Use the scrollbar to bring siblings in view. -User Defined—Enter an OID not offered in the Select from list option. STEP 4Select or deselect Include in view. If this is selected, the selected MIBs are included in the view, otherwise they are excluded. STEP 5Click Apply. STEP 6In order to verify your view configuration, select the user-defined views from the Filter: View Name list. The following views exist by default: •Default—Default SNMP view for read and read/write views. •DefaultSuper—Default SNMP view for administrator views. Other views can be added. •Object ID Subtree—Displays the subtree to be included or excluded in the SNMP view.