Chapter 30
Configuring SNMP
SNMPv2C includes a bulk retrieval mechanism and more detailed error message reporting to
management stations. The bulk retrieval mechanism retrieves tables and large quantities of information,
minimizing the number of round-trips required. The SNMPv2C improved error-handling includes
expanded error codes that distinguish different kinds of error conditions; these conditions are reported
through a single error code in SNMPv1. Error return codes in SNMPv2C report the error type.
SNMPv3 provides for both security models and security levels. A security model is an authentication
strategy set up for a user and the group within which the user resides. A security level is the permitted
level of security within a security model. A combination of the security level and the security model
determine which security mechanism is used when handling an SNMP packet. Available security models
are SNMPv1, SNMPv2C, and SNMPv3.
Table 30-1
Table 30-1
SNMP Security Models and Levels
Model
Level
SNMPv1
noAuthNoPriv
SNMPv2C
noAuthNoPriv
SNMPv3
noAuthNoPriv
SNMPv3
authNoPriv
SNMPv3
authPriv
(requires the
cryptographic
software image)
You must configure the SNMP agent to use the SNMP version supported by the management station.
Because an agent can communicate with multiple managers, you can configure the software to support
communications using SNMPv1, SNMPv2C, or SNMPv3.
SNMP Manager Functions
The SNMP manager uses information in the MIB to perform the operations described in
Table 30-2
SNMP Operations
Operation
Description
get-request
Retrieves a value from a specific variable.
get-next-request
Retrieves a value from a variable within a table.
OL-26520-01
identifies the characteristics of the different combinations of security models and levels.
Authentication
Encryption
Community string No
Community string No
Username
No
Message Digest 5
No
(MD5) or Secure
Hash Algorithm
(SHA)
MD5 or SHA
Data Encryption
Standard (DES)
or Advanced
Encryption
Standard (AES)
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
Result
Uses a community string match for authentication.
Uses a community string match for authentication.
Uses a username match for authentication.
Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms.
Provides authentication based on the HMAC-MD5 or
HMAC-SHA algorithms. Allows specifying the
User-based Security Model (USM) with these
encryption algorithms:
DES 56-bit encryption in addition to
•
authentication based on the CBC-DES (DES-56)
standard.
3DES 168-bit encryption
•
AES 128-bit, 192-bit, or 256-bit encryption
•
1
Understanding SNMP
Table
30-2.
30-3