Chapter 29
Configuring SNMP
Table 29-1
Table 29-1
SNMP Security Models and Levels
Model
Level
SNMPv1
noAuthNoPriv
SNMPv2C
noAuthNoPriv
SNMPv3
noAuthNoPriv
SNMPv3
authNoPriv
SNMPv3
authPriv
(requires the
cryptographic software
image)
You must configure the SNMP agent to use the SNMP version supported by the management station.
Because an agent can communicate with multiple managers, you can configure the software to support
communications using SNMPv1, SNMPv2C, or SNMPv3.
SNMP Manager Functions
The SNMP manager uses information in the MIB to perform the operations described in
Table 29-2
SNMP Operations
Operation
Description
get-request
Retrieves a value from a specific variable.
get-next-request
Retrieves a value from a variable within a table.
2
get-bulk-request
Retrieves large blocks of data, such as multiple rows in a table, that would otherwise require the
transmission of many small blocks of data.
get-response
Replies to a get-request, get-next-request, and set-request sent by an NMS.
set-request
Stores a value in a specific variable.
trap
An unsolicited message sent by an SNMP agent to an SNMP manager when some event has occurred.
1. With this operation, an SNMP manager does not need to know the exact variable name. A sequential search is performed to find the needed variable from
within a table.
2. The get-bulk command only works with SNMPv2 or later.
SNMP Agent Functions
The SNMP agent responds to SNMP manager requests as follows:
•
•
OL-13018-01
identifies the characteristics of the different combinations of security models and levels.
Authentication
Community string No
Community string No
Username
MD5 or SHA
MD5 or SHA
Get a MIB variable—The SNMP agent begins this function in response to a request from the NMS.
The agent retrieves the value of the requested MIB variable and responds to the NMS with that value.
Set a MIB variable—The SNMP agent begins this function in response to a message from the NMS.
The SNMP agent changes the value of the MIB variable to the value requested by the NMS.
Encryption
Result
Uses a community string match for authentication.
Uses a community string match for authentication.
No
Uses a username match for authentication.
No
Provides authentication based on the HMAC-MD5
or HMAC-SHA algorithms.
DES
Provides authentication based on the HMAC-MD5
or HMAC-SHA algorithms.
Provides DES 56-bit encryption in addition to
authentication based on the CBC-DES (DES-56)
standard.
1
Cisco IE 3000 Switch Software Configuration Guide
Understanding SNMP
Table
29-2.
29-3