Hide Navigation Pane
Show Navigation Pane
Download
SHA1
SNMP Configuration Tasks
To configure the SNMP server:
- Enable the SNMP server.host1(config)#snmp-server
- Configure at least one authorized SNMP community (SNMPv1/v2c)
or user (SNMPv3), which provides SNMP client access.host1(config)#snmp-server community boston view everything rwhost1(config)#snmp-server user fred group private auth sha fred-password priv des password
- (Optional) Set the server parameters—contact name
and server location. host1(config)#snmp-server contact Bob Smithhost1(config)#snmp-server location 3rdfloor
- (Optional) Reconfigure the maximum SNMP packet size.host1(config)#snmp-server packetsize 1000
- (Optional) Configure memory warning parameters.host1(config)#memory warning 80 70
- (Optional) Configure the method the router uses to encode
the ifDescr and ifName objects.host1(config)#snmp interfaces description-format common
- (Optional) Manage the interface sublayers (compress interfaces
and control interface numbering).host1(config)#snmp-server interfaces compress atmAal5 host1(config)#snmp-server interface compress-restriction ifadminstatusdown host1(config)#snmp interfaces rfc1213 55000 100000
- (Optional) Configure the dynamic group parameters. host1(config)#snmp-server group grp1authpriv usm priv read grp1read write grp1write notify grp1notify
- (Optional) Configure the dynamic view parameters. host1(config)#snmp-server view view1 1.3.6.1 included non-volatile
You can also set up SNMP traps and set up the router to collect bulk statistics. See Configuring Traps and Collecting Bulk Statistics.
Enabling SNMP
To enable the SNMP server, use the following command.
snmp-server
- Use to enable SNMP server operation.
- Examplehost1(config)#snmp-server
- Use the no version to disable the SNMP server operation.
- See snmp-server.
Configuring SNMP v1/v2c Community
For SNMPv1/v2c, access to an SNMP server by an SNMP client is governed by a proprietary SNMP community table that identifies those communities that have read-only, read-write, or administrative permission to the SNMP MIB stored on a particular server.
When an SNMP server receives a request, the server extracts the client’s IP address and the community name. The SNMP community table is searched for a matching community. If a match is found, its access list name is used to validate the IP address. If the access list name is null, the IP address is accepted. A nonmatching community or an invalid IP address results in an SNMP authentication error.
Each entry in the community table identifies:
- An SNMP community name
- A user’s privilege level
- An IP access list
Community Name
The community name acts as a password and is used to authenticate messages sent between an SNMP client and a router containing an SNMP server. The community name is sent in every packet between the client and the server.
Privilege Levels
SNMP has three privilege levels:
- Read-only—Read-only access to the entire MIB except for SNMP configuration objects
- Read-write—Read-write access to the entire MIB except for SNMP configuration objects
- Admin—Read-write access to the entire MIB
IP Access List
The IP access list identifies those IP addresses of SNMP clients permitted to use a given SNMP community.
snmp-server community
- Use to configure an authorized SNMP community for access to the SNMP MIBs and to associate SNMPv1/v2c communities with SNMP MIB views.
- The community name serves as a password and permits access to an SNMP server. The name can be up to 31 characters, and it must be enclosed in quotation marks.
- The maximum number of communities in each virtual router is 32.
- By default, an SNMP community permits only read-only access.
- The view name allows configuration with available dynamic views.
- Examplehost1(config)#snmp-server community “ boston” view view1 rw
- Use the no version to delete a community from the SNMP community table.
- See snmp-server community.
Configuring SNMPv3 Users
To configure SNMPv3 users, use the following command.
snmp-server user
- Use to create and modify SNMPv3 users.
- Examplehost1(config)#snmp-server user fred auth sha fred-password priv des password group user
- Use the no version to delete users.
- See snmp-server user.
Configuring SNMP Dynamic Groups and Views
With dynamic configurable views and groups you can fine-tune application features to a specific group, You can have 32 view entries (with distinct names) per virtual router. Because there is no limit to the number of entries within a distinct view name, you can configure complex views. You can also have 32 access entries (with distinct names) per virtual router. All views are on a per-virtual-router basis; although static views are on a per-virtual-router basis, they cannot be altered. If you modify a view, the system deletes the original entry and creates the new view. Therefore, if the new view fails, the original view is no longer available.
SNMP v3 configurations are allowed only at the maximum CLI privilege level (15).
snmp-server group
- Use to dynamically configure server groups. You must access the CLI at privilege level 15 to view or use this command.
- Examplehost1(config-profile)#snmp-server group grp1authpriv usm priv read grp1read write grp1write notify grp1notify
- Use the no version to remove the dynamically created group.
- See snmp-server group.
snmp-server view
- Use to dynamically configure an SNMP server view. You must access the CLI at privilege level 15 to view or use this command.
- Examplehost1(config)#snmp-server view view1 1.3.6.1 included non-volatile
- Use the no version to remove the dynamically created view.
- See snmp-server view.
Setting Server Parameters
Setting the server’s contact person and location provides helpful identifiers for the SNMP server. These identifiers are arbitrary and do not affect the server’s function, but they are useful to have.
snmp-server contact
- Use these commands to configure the SNMP server’s contact person and the server’s location.
- The contact is the person who manages the server.
- The location is the server’s physical location.
- Each of these parameters can be up to 64 characters.
- Examplehost1(config)#snmp-server contact Bob Smithhost1(config)#snmp-server location 3rdfloor
- Use the no version of these commands to clear the contact or location identifier from the SNMP configuration.
- See snmp-server contact.
Configuring SNMP Packet Size
The SNMP server must support a PDU with an upper limit of 484 bytes or greater. There is no need to coordinate the maximum packet size across the entire network. Many requests and responses tend to be smaller than the maximum value.
snmp-server packetsize
- Use to set the SNMP server’s maximum packet size.
- Increase this value to improve the efficiency of the GetBulk operation.
- Examplehost1(config)#snmp-server packetsize 1000
- Use the no version to set the SNMP packet size to the default maximum size, 1500 bytes.
- See snmp-server packetsize.
Configuring Memory Warning
You can set up the router to send memory warning messages when memory utilization reaches a specified value.
memory
- Use to configure memory warning parameters. You set a high memory utilization value and an abated memory utilization value. When the system reaches the high utilization value, it sends warning messages. When memory usage falls to the abated utilization value, the system stops sending warning messages.
- Examplehost1(config)#memory warning 80 70
- Use the no version to return to the default values, 85 for high utilization and 75 for abated memory utilization.
- See memory.
Configuring Encoding Method
You can control how the router encodes the ifDescr and ifName objects in the SNMP agent’s interface table and in the bulkstats application.
There are two choices of encoding schemes: an E Series router proprietary method and a conventional industry method.
- The proprietary method identifies each interface sublayer with its type.
- The industry method bases the type information for each interface sublayer on the lowest layer 1 or layer 2 interface type.
For example a PPP interface configured on top of an ATM interfaces is:
- PPP3/0.1—Proprietary method
- ATM3/0.1—Industry method
snmp-server interfaces description-format
- Use to set the encoding scheme of the ifDescr and ifName
objects. Include one of the following keywords:
- common—Sets the encoding scheme to the conventional industry method and provides compatibility with software that uses the industry encoding scheme.
- legacy—Sets the encoding scheme for legacy E Series routers.
- proprietary—Sets the encoding scheme to the E Series router proprietary method.
- Examplehost1(config)#snmp-server interfaces description-format common
- Use the no version to return to the default, the legacy encoding scheme.
- See snmp-server interfaces description-format.
Managing Interface Sublayers
You can set up the SNMP agent to compress the number of interface instances in the standard interface and stack tables. You can also control the interface numbering method used in the interface tables.
Compressing Interfaces
You can compress interfaces by interface type, table type, and the administrative status of the interface.
Compressing interfaces without specifying a table type removes them from the interface tables (ifTable, ifXTable, and juniIfTable), the interface stack tables (ifStackTable, ifInvStackTable, and juniIfInvStackTable), the ipAddrTable, and the ipNetToMedia table, which increases table retrieval performance. For example, if you want statistics kept only on IP interfaces, then you can compress all interfaces except IP; subsequently, only IP interfaces will appear in the interface tables, interface stack tables, ipAddrTable, and ipNetToMedia table.
Compressing a table type in an interface removes the interface from the specified table type. For example, if you want to compress an interface only in interface tables, you can specify the table-type keyword and interface-tables as the TableType value.
To compress interfaces that have an administrative status of down, use the snmp-server interfaces compress-restriction command.
To compress interfaces according to type, use the snmp-server interfaces compress command. To see the list of interfaces that you can remove, use the CLI help:
SonetVT SonetVT interface layer VlanMajor VlanMajor interface layer VlanSub VlanSub interface layer <cr>
If you enter the snmp-server interfaces compress command without keywords, the following interface types are removed from the interface tables:
- ip
- ppp
- ethernetSubinterface
- hdlc
- ipLoopback
- ipVirtual
- pppLinkInterface
- pppoeInterface
- slepInterface/ciscoHdlc
snmp-server interfaces compress
- Use to remove interface sublayers either from all interface tables or from specific table types, such as interface tables and interface stack tables, in the SNMP interface configuration. If you use the snmp-server interfaces compress command on an interface without specifying a table type, it compresses the interface in all the tables. If you compress an interface using the table-type keyword for the first time, subsequent uses of the snmp-server interfaces compress command without the table-type keyword compress the interface only in the ipNetToMediaTable (not in interface tables or interface stack tables).
- Example 1—To compress all interfaces on an interface
layer, PPP, use the following command: host1(config)#snmp-server interfaces compress ppp
- Example 2—If you use the snmp-server
interfaces compress command with the table-type keyword to compress an interface, issuing the same command the next
time without specifying a table type compresses the interface only
in the ipNetToMediaTable. In the following example, the command is
used with the table-type keyword for the
first time on a router to compress the Ds1 interface in interface stack tables:host1(config)#snmp-server interfaces compress Ds1 table-type interface-stack-tables
Subsequent use of the same command on any interface (in the following example, Atm) on the same router without the table-type keyword compresses the interface only in the ipNetToMedia table (not in interface or interface stack tables):
host1(config)#snmp-server interfaces compress Atm - Example 3—To compress interfaces based on the table
types, interface-tables and interface-stack-tables, use the following CLI example.
In this example, the Atm interface is compressed
in interface tables (ifTables) and the Ds1 interface is compressed in interface stack tables (ifStackTables),
but none of the interfaces are compressed in the ipNetToMediaTable.host1(config)#snmp-server interfaces compress ?[interfaceList]
table-type Category of SNMP tables from which to remove
< cr >
host1(config)#snmp-server interfaces compress atm table-type ?interface-stack-tables Compression will be applicable to
ifStackTable/ifInvStackTable/juniIfStackTable
interface-tables Compression will be applicable to
ifTable/ifXtable/juniIfTable
host1(config)#snmp-server interfaces compress atm table-type interface-tableshost1(config)#snmp-server interfaces compress Ds1 table-type interface-stack-tablesRouter#show snmp interfacesCompressed(Removed) Interface Types :
From ipNetToMediaTable:
From ifTables : Atm
From ifStackTables : Ds1
Armed Interface Numbering Mode: Sparse ifIndex
Interface Description Setting: Proprietary
- Use the no version to add interface sublayers to the interface tables.
- See snmp-server interfaces compress.
snmp-server interfaces compress-restriction
- Use to exclude interfaces from the ifTable, the ifStackTable, and the ipAddrTable if the administrative status of the interface is down.
- Examplehost1(config)#snmp-server interfaces compress-restriction ifadminstatusdown
- Use the no version to remove the restriction and allow interfaces with an administrative status of down in the ifTable, the ifStackTable, and the ipAddrTable.
- See snmp-server interfaces compress-restriction.
Controlling Interface Numbering
Each interface in the ifTable is assigned an ifIndex number. RFC 1213 required that ifIndexes use contiguous integers and that the ifIndex be less than the value of the total number of interfaces (ifNumber). More recent RFCs—1573, 2232, and 2863—removed these restrictions to accommodate interface sublayers. The E Series router implementation of SNMP derives index numbers in 32-bit values that are unique on a given router. This numbering scheme can result in large gaps in the ifIndex.
Legacy network management software that was designed to work with RFC 1213 implementations expects contiguous integers and can fail when the software encounters large gaps in the ifIndex.
By default, the router uses a numbering scheme based on RFC 2863. For compatibility with RFC 1213, you can set up the router to use contiguous numbers and to limit the values of the ifIndex and the ifNumber.
snmp-server interfaces rfc1213
- Use to set up the interface numbering method in the IfTable to use contiguous integers, which provides compatibility with versions of SNMP that are based on RFC 1213.
- The maxIfIndex option sets the maximum value of the ifIndex field that the system will allocate.
- The maxIfNumber option sets the maximum
number of interfaces allowed in the interface tables.
Caution: Reducing the value of the maxIfIndex or maxIfNumber causes the router to automatically reboot to factory default settings.
- When the IfIndex and IfNumber maximums are reached, the system logs the event and ignores the creation of additional interfaces, which means that new interfaces are not visible in the interface table.
- Examplehost1(config)#snmp-server interfaces rfc1213 55000 100000 WARNING: Execution of this command will cause all configuration settings to revert to factory defaults upon the next system reboot.Proceed with 'snmp interfaces rfc1213'? [confirm]
- Use the no version to return to the default method of interface numbering.
- See snmp-server interfaces rfc1213.
Monitoring Interface Tables
Use the following command to view the configuration of your interface tables.
show snmp interfaces
- Use to display a list of interface types that are compressed in the interface tables and the interface numbering method configured on the router.
- Field descriptions
- Compressed(Removed) Interface Types—List of interface types that are removed from the ifTable and ifStackTable
- Armed Interface Numbering Mode—Interface numbering method configured on the router: RFC1213, RFC2863
- maxIfIndex—Maximum value that the system will allocate to the ifIndex field
- maxIfNumber—Maximum number of interfaces allowed in the ifTable
- Interface Description Setting—Method used to encode the ifDescr and ifName objects: common, legacy, proprietary
- Example
host1#show snmp interfaces Compressed(Removed) Interface Types: HDLC, FT1, ATM, ATM1483 Armed Interface Numbering Mode: RFC1213, maxIfIndex=65535, maxIfNumber=65535 Interface Description Setting: proprietary
- See show snmp interfaces.
