Chapter 33 Configuring SNMP

Configuring SNMP

Beginning in privileged EXEC mode, follow these steps to configure a community string on the switch:

 

Command

Purpose

Step 1

 

 

configure terminal

Enter global configuration mode.

Step 2

 

 

snmp-server community string [view

Configure the community string.

 

view-name] [ro rw] [access-list-number]

For string, specify a string that acts like a password and

 

 

 

 

permits access to the SNMP protocol. You can configure one

 

 

or more community strings of any length.

 

 

(Optional) For view, specify the view record accessible to the

 

 

community.

 

 

(Optional) Specify either read-only (ro) if you want

 

 

authorized management stations to retrieve MIB objects, or

 

 

specify read-write (rw) if you want authorized management

 

 

stations to retrieve and modify MIB objects. By default, the

 

 

community string permits read-only access to all objects.

 

 

(Optional) For access-list-number, enter an IP standard access

 

 

list numbered from 1 to 99 and 1300 to 1999.

Step 3

 

 

access-listaccess-list-number {deny

(Optional) If you specified an IP standard access list number in

 

permit} source [source-wildcard]

Step 2, then create the list, repeating the command as many times

 

 

as necessary.

 

 

For access-list-number, enter the access list number specified

 

 

in Step 2.

 

 

The deny keyword denies access if the conditions are

 

 

matched. The permit keyword permits access if the conditions

 

 

are matched.

 

 

For source, enter the IP address of the SNMP managers that

 

 

are permitted to use the community string to gain access to the

 

 

agent.

 

 

(Optional) For source-wildcard, enter the wildcard bits in

 

 

dotted decimal notation to be applied to the source. Place ones

 

 

in the bit positions that you want to ignore.

 

 

Recall that the access list is always terminated by an implicit deny

 

 

statement for everything.

Step 4

 

 

end

Return to privileged EXEC mode.

Step 5

 

 

show running-config

Verify your entries.

Step 6

 

 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

 

 

 

Note To disable access for an SNMP community, set the community string for that community to the null string (do not enter a value for the community string).

To remove a specific community string, use the no snmp-server community string global configuration command.

Catalyst 3750-E and 3560-E Switch Software Configuration Guide

 

OL-9775-02

33-9

 

 

 

Page 689
Image 689
Cisco Systems 3750E Snmp-server community string view, View-name ro rw access-list-number, Permit source source-wildcard