Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Download as PDF Print this page Share this page

Have a look at the manual Cisco Sg3008 Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

369

370

371

372

373

374

375

376

377

378

379

380

381

382

383

384

385

386

387

388

389

390

391

392

393

394

395

396

397

398

399

400

401

402

403

404

405

406

407

408

409

410

411

412

413

414

415

416

417

418

419

420

421

422

423

424

425

426

427

428

429

430

431

432

433

434

435

436

437

438

439

440

441

442

443

444

445

446

447

448

449

450

451

452

453

454

455

456

457

458

459

460

461

462

463

464

465

466

467

468

469

470

471

472

473

474

475

476

477

478

479

480

481

482

483

484

485

486

487

488

489

490

491

492

493

494

495

496

497

498

499

500

501

502

503

504

505

506

507

508

509

510

511

512

513

514

515

516

517

518

519

520

521

522

523

524

525

526

527

528

529

530

531

532

533

534

535

536

537

538

539

540

541

542

543

544

545

546

547

548

549

550

551

552

553

554

555

556

557

558

559

560

561

562

563

564

565

566

567

568

569

570

571

572

573

574

575

576

577

578

579

580

581

582

583

584

585

586

View all the pages

Add page 571 to Favourites

image text

Enable zoom

SNMP
Creating SNMP Groups
529 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
26
•Object ID Subtree View Type—Displays whether the defined subtree is
included or excluded in the selected SNMP view.
Creating SNMP Groups
In SNMPv1 and SNMPv2, a community string is sent along with the SNMP frames.
The community string acts as a password to gain access to an SNMP agent.
However, neither the frames nor the community string are encrypted. Therefore,
SNMPv1 and SNMPv2 are not secure.
In SNMPv3, the following security mechanisms can be configured.
•Authentication—The device checks that the SNMP user is an authorized
system administrator. This is done for each frame.
•Privacy—SNMP frames can carry encrypted data.
Thus, in SNMPv3, there are three levels of security:
•No security (No authentication and no privacy)
•Authentication (Authentication and no privacy)
•Authentication and privacy
SNMPv3 provides a means of controlling the content each user can read or write
and the notifications they receive. A group defines read/write privileges and a
level of security. It becomes operational when it is associated with an SNMP user
or community.
NOTETo associate a non-default view with a group, first create the view in the Views
page.
To create an SNMP group:
STEP 1Click SNMP > Groups.
This page contains the existing SNMP groups and their security levels.
STEP 2Click Add.
STEP 3Enter the parameters.
•Group Name—Enter a new group name.

Add page 572 to Favourites

image text

Enable zoom

SNMP
Creating SNMP Groups
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 530
26

•Security Model—Select the SNMP version attached to the group, SNMPv1,
v2, or v3.
Three types of views with various security levels can be defined. For each
security level, select the views for Read, Write and Notify by entering the following
fields:
•Enable—Select this field to enable the Security Level.
•Security Level—Define the security level attached to the group. SNMPv1
and SNMPv2 support neither authentication nor privacy. If SNMPv3 is
selected, choose one of the following:
-No Authentication and No Privacy—Neither the Authentication nor the
Privacy security levels are assigned to the group.
-Authentication and No Privacy—Authenticates SNMP messages, and
ensures the SNMP message origin is authenticated but does not encrypt
them.
-Authentication and Privacy—Authenticates SNMP messages, and
encrypts them.
•View—Associating a view with the read, write, and notify access privileges
of the group limits the scope of the MIB tree to which the group has read,
write, and notify access.
-View—Select a previously-defined view for Read, Write and Notify.
-Read—Management access is read-only for the selected view.
Otherwise, a user or a community associated with this group is able to
read all MIBs except those that control SNMP itself.
-Write—Management access is write for the selected view. Otherwise, a
user or a community associated with this group is able to write all MIBs
except those that control SNMP itself.
-Notify—Limits the available content of the traps to those included in the
selected view. Otherwise, there is no restriction on the contents of the
traps. This can only be selected for SNMPv3.
STEP 4Click Apply. The SNMP group is saved to the Running Configuration file.

Add page 573 to Favourites

image text

Enable zoom

SNMP
Managing SNMP Users
531 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
26
Managing SNMP Users
An SNMP user is defined by the login credentials (username, passwords, and
authentication method) and by the context and scope in which it operates by
association with a group and an Engine ID.
The configured user have the attributes of its group, having the access privileges
configured within the associated view.
Groups enable network managers to assign access rights to a group of users
instead of to a single user.
A user can only belong to a single group.
To create an SNMPv3 user, the following must first exist:
•An engine ID must first be configured on the device. This is done in the
Engine ID page.
•An SNMPv3 group must be available. An SNMPv3 group is defined in the
Groups page.
To display SNMP users and define new ones:
STEP 1Click SNMP > Users.
This page contains existing users.
STEP 2Click Add.
This page provides information for assigning SNMP access control privileges to
SNMP users.
STEP 3Enter the parameters.
•User Name—Enter a name for the user.
•Engine ID—Select either the local or remote SNMP entity to which the user
is connected. Changing or removing the local SNMP Engine ID deletes the
SNMPv3 User Database. To receive inform messages and request
information, you must define both a local and remote user.
-Local—User is connected to the local device.
-Remote IP Address—User is connected to a different SNMP entity
besides the local device. If the remote Engine ID is defined, remote
devices receive inform messages, but cannot make requests for

Add page 574 to Favourites

image text

Enable zoom

SNMP
Managing SNMP Users
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 532
26

information.
Enter the remote engine ID.
•Group Name—Select the SNMP group to which the SNMP user belongs.
SNMP groups are defined in the Add Group page.
NOTEUsers, who belong to groups which have been deleted, remain, but
they are inactive.
•Authentication Method—Select the Authentication method that varies
according to the Group Name assigned. If the group does not require
authentication, then the user cannot configure any authentication. The
options are:
-None—No user authentication is used.
-MD5 Password—A password that is used for generating a key by the
MD5 authentication method.
-SHA Password—A password that is used for generating a key by the
SHA (Secure Hash Algorithm) authentication method.
•Authentication Password—If authentication is accomplished by either a
MD5 or a SHA password, enter the local user password in either Encrypted
or Plaintext. Local user passwords are compared to the local database. and
can contain up to 32 ASCII characters.
•Privacy Method—Select one of the following options:
-None—Privacy password is not encrypted.
-DES—Privacy password is encrypted according to the Data Encryption
Standard (DES).
•Privacy Password—16 bytes are required (DES encryption key) if the DES
privacy method was selected. This field must be exactly 32 hexadecimal
characters. The Encrypted or Plaintext mode can be selected.
STEP 4Click Apply to save the settings.

Add page 575 to Favourites

image text

Enable zoom

SNMP
Defining SNMP Communities
533 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
26
Defining SNMP Communities
Access rights in SNMPv1 and SNMPv2 are managed by defining communities in
the Communities page. The community name is a type of shared password
between the SNMP management station and the device. It is used to authenticate
the SNMP management station.
Communities are only defined in SNMPv1 and v2 because SNMPv3 works with
users instead of communities. The users belong to groups that have access rights
assigned to them.
The Communities page associates communities with access rights, either directly
(Basic mode) or through groups (Advanced mode):
•Basic mode—The access rights of a community can configure with Read
Only, Read Write, or SNMP Admin. In addition, you can restrict the access to
the community to only certain MIB objects by selecting a view (defined in the
SNMP Views page).
•Advanced Mode—The access rights of a community are defined by a group
(defined in the Groups page). You can configure the group with a specific
security model. The access rights of a group are Read, Write, and Notify.
To define SNMP communities:
STEP 1Click SNMP > Communities.
This page contains a table of configured SNMP communities and their properties.
STEP 2Click Add.
This page enables network managers to define and configure new SNMP
communities.
STEP 3SNMP Management Station—Click User Defined to enter the management
station IP address that can access the SNMP community. Click All to indicate that
any IP device can access the SNMP community.
•IP Version—Select either IPv4 or IPv6.
•IPv6 Address Type—Select the supported IPv6 address type if IPv6 is
used. The options are:

Add page 576 to Favourites

image text

Enable zoom

SNMP
Defining SNMP Communities
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 534
26

-Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
•Link Local Interface—If the IPv6 address type is Link Local, select whether
it is received through a VLAN or ISATAP.
•IP Address—Enter the SNMP management station IP address.
•Community String—Enter the community name used to authenticate the
management station to the device.
•Basic—Select this mode for a selected community. In this mode, there is no
connection to any group. You can only choose the community access level
(Read Only, Read Write, or SNMP Admin) and, optionally, further qualify it for
a specific view. By default, it applies to the entire MIB. If this is selected, enter
the following fields:
-Access Mode—Select the access rights of the community. The options
are:
Read Only—Management access is restricted to read-only. Changes
cannot be made to the community.
Read Write—Management access is read-write. Changes can be made
to the device configuration, but not to the community.
SNMP Admin—User has access to all device configuration options, as
well as permissions to modify the community. SNMP Admin is equivalent
to Read Write for all MIBs except for the SNMP MIBs. SNMP Admin is
required for access to the SNMP MIBs.
-View Name—Select an SNMP view (a collection of MIB subtrees to
which access is granted).
•Advanced—Select
this mode for a selected community.
-Group Name—Select an SNMP group that determines the access rights.
STEP 4Click Apply. The SNMP Community is defined, and the Running Configuration is
updated.

Add page 577 to Favourites

image text

Enable zoom

SNMP
Defining Trap Settings
535 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
26
Defining Trap Settings
The Trap Settings page enables configuring whether SNMP notifications are sent
from the device, and for which cases. The recipients of the SNMP notifications can
be configured in the Notification Recipients SNMPv1,2 page, or the Notification
Recipients SNMPv3 page.
To d e f i n e t r a p s e t t i n g s :
STEP 1Click SNMP > Trap Set tings.
STEP 2Select Enable for SNMP Notifications to specify that the device can send SNMP
notifications.
STEP 3Select Enable for Authentication Notifications to enable SNMP authentication
failure notification.
STEP 4Click Apply. The SNMP Trap settings are written to the Running Configuration file.
Notification Recipients
Trap messages are generated to report system events, as defined in RFC 1215.
The system can generate traps defined in the MIB that it supports.
Trap receivers (aka Notification Recipients) are network nodes where the trap
messages are sent by the device. A list of notification recipients are defined as the
targets of trap messages.
A trap receiver entry contains the IP address of the node and the SNMP
credentials corresponding to the version that is included in the trap message.
When an event arises that requires a trap message to be sent, it is sent to every
node listed in the Notification Recipient Table.
The Notification Recipients SNMPv1,2 page and the Notification Recipients
SNMPv3 page enable configuring the destination to which SNMP notifications are
sent, and the types of SNMP notifications that are sent to each destination (traps
or informs). The Add/Edit pop-ups enable configuring the attributes of the
notifications.
An SNMP notification is a message sent from the device to the SNMP
management station indicating that a certain event has occurred, such as a link up/
down.

Add page 578 to Favourites

image text

Enable zoom

SNMP
Notification Recipients
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 536
26

It is also possible to filter certain notifications. This can be done by creating a filter
in the Notification Filter page and attaching it to an SNMP notification recipient.
The notification filter enables filtering the type of SNMP notifications that are sent
to the management station based on the OID of the notification that is about to be
sent.
Defining SNMPv1,2 Notification Recipients
To define a recipient in SNMPv1,2:
STEP 1Click SNMP > Notification Recipients SNMPv1,2.
This page displays recipients for SNMPv1,2.
STEP 2Enter the following fields:
•Informs IPv4 Source Interface—Select the source interface whose IPv4
address will be used as the source IPv4 address in inform messages for
communication with IPv4 SNMP servers.
•Traps IPv4 Source Interface—Select the source interface whose IPv6
address will be used as the source IPv6 address in trap messages for
communication with IPv6 SNMP servers.
•Informs IPv6 Source Interface—Select the source interface whose IPv4
address will be used as the source IPv4 address in inform messages for
communication with IPv4 SNMP servers.
•Traps IPv6 Source Interface—Select the source interface whose IPv6
address will be used as the source IPv6 address in trap messages for
communication with IPv6 SNMP servers.
NOTEIf the Auto option is selected, the system takes the source IP address
from the IP address defined on the outgoing interface.
STEP 3Click Add.
STEP 4Enter the parameters.
•Server Definition—Select whether to specify the remote log server by IP
address or name.
•IP Version—Select either IPv4 or IPv6.
•IPv6 Address Type—Select either Link Local or Global.

Add page 579 to Favourites

image text

Enable zoom

SNMP
Notification Recipients
537 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)
26
-Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
•Link Local Interface—If the IPv6 address type is Link Local, select whether
it is received through a VLAN or ISATAP.
•Recipient IP Address/Name—Enter the IP address or server name of
where the traps are sent.
•UDP Port—Enter the UDP port used for notifications on the recipient device.
•Notification Type—Select whether to send Traps or Informs. If both are
required, two recipients must be created.
•Ti m e o u t—Enter the number of seconds the device waits before re-sending
informs.
•Retries—Enter the number of times that the device resends an inform
request .
•Community String—Select from the pull-down the community string of the
trap manager. Community String names are generated from those listed in
the Community page.
•Notification Version—Select the trap SNMP version.
Either SNMPv1 or SNMPv2 may be used as the version of traps, with only a
single version enabled at a time.
•Notification Filter—Select to enable filtering the type of SNMP notifications
sent to the management station. The filters are created in the Notification
Filter page.
•Filter Name—Select the SNMP filter that defines the information contained
in traps (defined in the Notification Filter page).
STEP 5Click Apply. The SNMP Notification Recipient settings are written to the Running
Configuration file.

Add page 580 to Favourites

image text

Enable zoom

SNMP
Notification Recipients
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 538
26

Defining SNMPv3 Notification Recipients
To define a recipient in SNMPv3:
STEP 1Click SNMP > Notification Recipients SNMPv3.
This page displays recipients for SNMPv3.
•Informs IPv4 Source Interface—Select the source interface whose IPv4
address will be used as the source IPv4 address in inform messages for
communication with IPv4 SNMP servers.
•Traps IPv4 Source Interface—Select the source interface whose IPv6
address will be used as the source IPv6 address in trap messages for
communication with IPv6 SNMP servers.
•Informs IPv6 Source Interface—Select the source interface whose IPv4
address will be used as the source IPv4 address in inform messages for
communication with IPv4 SNMP servers.
•Traps IPv6 Source Interface—Select the source interface whose IPv6
address will be used as the source IPv6 address in trap messages for
communication with IPv6 SNMP servers.
STEP 2Click Add.
STEP 3Enter the parameters.
•Server Definition—Select whether to specify the remote log server by IP
address or name.
•IP Version—Select either IPv4 or IPv6.
•IPv6 Address Type—Select the IPv6 address type (if IPv6 is used). The
options are:
-Link Local—The IPv6 address uniquely identifies hosts on a single
network link. A link local address has a prefix of FE80, is not routable, and
can be used for communication only on the local network. Only one link
local address is supported. If a link local address exists on the interface,
this entry replaces the address in the configuration.
-Global—The IPv6 address is a global Unicast IPV6 type that is visible and
reachable from other networks.
•Link Local Interface—Select the link local interface (if IPv6 Address Type
Link Local is selected) from the pull-down list.

All Cisco manuals Comments (0)

Related Manuals for Cisco Sg3008 Manual

Cisco 2960 C User Manual
24 pages | Cisco Switch
Cisco 2960s User Manual
30 pages | Cisco Switch
Cisco Wsc2960c8pcl Manual
24 pages | Cisco Switch
Cisco 2960g24tcl Manual
24 pages | Cisco Switch
Cisco 1812j Manual
82 pages | Cisco Switch
Cisco 3750 X User Manual
22 pages | Cisco Switch
Cisco 2960 X Owners Manual
108 pages | Cisco Switch
Cisco Sg2008 Manual
175 pages | Cisco Switch