29-7
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 29 Configuring SNMP
Configuring SNMP
SNMP Configuration Guidelines
If the switch starts and the witch startup configuration has at least one
snmp-server
global configuration
command, the SNMP agent is enabled.
An SNMP
group
is a table that maps SNMP users to SNMP views. An SNMP
user
is a member of an
SNMP group. An SNMP
host
is the recipient of an SNMP trap operation. An SNMP
engine ID
is a name
for the local or remote SNMP engine.
When configuring SNMP, follow these guidelines:
•
When configuring an SNMP group, do not specify a notify view. The
snmp-server host
global
configuration command autogenerates a notify view for the user and then adds it to the group
associated with that user. Modifying the group's notify view affects all users associated with that
group. See the
Cisco IOS Configuration Fundamentals Command Reference
for information about
when you should configure notify views.
•
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the
device where the user resides.
•
Before you configure remote users for a particular agent, configure the SNMP engine ID, using the
snmp-server engineID
global configuration with the
remote
option. The remote agent's SNMP
engine ID and user password are used to compute the authentication and privacy digests. If you do
not configure the remote engine ID first, the configuration command fails.
•
When configuring SNMP informs, you need to configure the SNMP engine ID for the remote agent
in the SNMP database before you can send proxy requests or informs to it.
•
If a local user is not associated with a remote host, the switch does not send informs for the
auth
(authNoPriv) and the
priv
(authPriv) authentication levels.
•
Changing the value of the SNMP engine ID has important side effects. A user's password (entered
on the command line) is converted to an MD5 or SHA security digest based on the password and the
local engine ID. The command-line password is then destroyed, as required by RFC 2274. Because
of this deletion, if the value of the engine ID changes, the security digests of SNMPv3 users become
invalid, and you need to reconfigure SNMP users by using the
snmp-server user
username
global
configuration command. Similar restrictions require the reconfiguration of community strings when
the engine ID changes.
Disabling the SNMP Agent
Beginning in privileged EXEC mode, follow these steps to disable the SNMP agent:
The
no snmp-server
global configuration command disables all running versions (Version 1,
Version 2C, and Version 3) on the device. No specific Cisco IOS command exists to enable SNMP. The
first
snmp-server
global configuration command that you enter enables all versions of SNMP.
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
no snmp-server
Disable the SNMP agent operation.
Step 3
end
Return to privileged EXEC mode.
Step 4
show running-config
Verify your entries.
Step 5
copy running-config startup-config
(Optional) Save your entries in the configuration file.