5-42
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring and Managing the SNMP Interface
Configuring SNMP Community Strings
•
How to Define a Community String, page 5-42
•
How to Remove a Community String, page 5-43
•
How to Display the Configured Community Strings, page 5-43
To enable SNMP management, you must configure SNMP community strings to define the relationship
between the SNMP manager and the agent.
After receiving an SNMP request, the SNMP agent compares the community string in the request to the
community strings that are configured for the agent. The requests are valid under the following
circumstances:
•
SNMP
Get,
Get-next,
and
Get-bulk
requests are valid if the community string in the request matches
the read-only community.
•
SNMP Get
,
Get-next,
Get-bulk
and
Set
requests are valid if the community string in the request
matches the agent’s read-write community.
How to Define a Community String
•
Options, page 5-42
•
Defining a Community String: Example, page 5-42
Options
The following options are available:
•
community-string
— a security string that identifies a community of managers who are permitted
to access the SNMP server
•
acl-number
— ID number if the Access Control List to be assigned to the SNMP interface. It should
list the IP addresses of the SNMP managers permitted to use the community string to gain access to
the agent.
If no ACL is specified, all IP addresses can access the agent using the defined community string.
For more information about ACLs, see
Configuring Access Control Lists (ACLs), page 5-26
The following keywords are available:
•
ro
— read only (default accessibility)
•
rw
— read and write
Step 1
From the SCE(config)# prompt, type
snmp-server community
community-string
ro|rw
acl-number
and press
Enter
.
Repeat the command as necessary to define all community strings.
Defining a Community String: Example
This example shows how to configure a community string called “mycommunity” with read-only rights
and access list number “1”.
Since read-only is the default, it does not need to be defined explicitly.
SCE(config)#snmp-server community mycommunity 1