29-8
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 29 Configuring SNMP
Configuring SNMP
Configuring Community Strings
You use the SNMP community string to define the relationship between the SNMP manager and the
agent. The community string acts like a password to permit access to the agent on the switch. Optionally,
you can specify one or more of these characteristics associated with the string:
•
An access list of IP addresses of the SNMP managers that are permitted to use the community string
to gain access to the agent
•
A MIB view, which defines the subset of all MIB objects accessible to the given community
•
Read and write or read-only permission for the MIB objects accessible to the community
Beginning in privileged EXEC mode, follow these steps to configure a community string on the switch:
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
snmp-server community
string
[
view
view-name
]
[
ro
|
rw
] [
access-list-number
]
Configure the community string.
•
For
string
, specify a string that acts like a password and
permits access to the SNMP protocol. You can configure one
or more community strings of any length.
•
(Optional) For
view
, specify the view record accessible to the
community.
•
(Optional) Specify either read-only (
ro
) if you want
authorized management stations to retrieve MIB objects, or
specify read-write (
rw
) if you want authorized management
stations to retrieve and modify MIB objects. By default, the
community string permits read-only access to all objects.
•
(Optional) For
access-list-number
, enter an IP standard access
list numbered from 1 to 99 and 1300 to 1999.
Step 3
access-list
access-list-number
{
deny
|
permit
}
source
[
source-wildcard
]
(Optional) If you specified an IP standard access list number in
Step 2, then create the list, repeating the command as many times
as necessary.
•
For
access-list-number
, enter the access list number specified
in Step 2.
•
The
deny
keyword denies access if the conditions are
matched. The
permit
keyword permits access if the conditions
are matched.
•
For
source
, enter the IP address of the SNMP managers that
are permitted to use the community string to gain access to the
agent.
•
(Optional) For
source-wildcard
, enter the wildcard bits in
dotted decimal notation to be applied to the source. Place ones
in the bit positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step 4
end
Return to privileged EXEC mode.