33-9
Cisco IE 3000 Switch Software Configuration Guide
OL-13018-03
Chapter 33 Configuring SNMP
Configuring SNMP
Note
To disable access for an SNMP community, set the community string for that community to the null
string (do not enter a value for the community string).
To remove a specific community string, use the
no snmp-server community
string
global configuration
command.
This example shows how to assign the string
comaccess
to SNMP, to allow read-only access, and to
specify that IP access list 4 can use the community string to gain access to the switch SNMP agent:
Switch(config)#
snmp-server community comaccess ro 4
Configuring SNMP Groups and Users
You can specify an identification name (engine ID) for the local or remote SNMP server engine on the
switch. You can configure an SNMP server group that maps SNMP users to SNMP views, and you can
add new users to the SNMP group.
Step 3
access-list
access-list-number
{
deny
|
permit
}
source
[
source-wildcard
]
(Optional) If you specified an IP standard access list number in
Step 2, then create the list, repeating the command as many times
as necessary.
•
For
access-list-number
, enter the access list number specified
in Step 2.
•
The
deny
keyword denies access if the conditions are
matched. The
permit
keyword permits access if the conditions
are matched.
•
For
source
, enter the IP address of the SNMP managers that
are permitted to use the community string to gain access to the
agent.
•
(Optional) For
source-wildcard
, enter the wildcard bits in
dotted decimal notation to be applied to the source. Place ones
in the bit positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose