60-66
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
SNMP on Cisco IOS Routers
SNMP on Cisco IOS Routers
Simple Network Management Protocol (SNMP) defines a standard way for network management
stations or workstations to monitor the health and status of many types of devices, including switches,
routers, and firewall devices. It comprises a protocol, a database-structure specification, and a set of
management data objects. Each SNMP device or member is part of a community, which determines the
access that each device has (read-only or read-write).
SNMP obtains information from the managed device through a Management Information Base (MIB).
The MIB is a database of code blocks called MIB objects, each of which controls one specific function.
The MIB object comprises MIB variables, which define the MIB object name, description, default value,
and so forth. MIB objects are structured hierarchically in a MIB tree.
SNMP policies enable you to configure the behavior of the SNMP agent running on the router. The agent
sends unsolicited information back to the SNMP host as events occur. These unsolicited messages, which
are generated in response to significant, predetermined events on the router, are called traps.
The following topics describe the tasks you perform to create SNMP policies on Cisco IOS routers:
Defining SNMP Agent Properties, page 60-67
RSA Key Pair The name of the RSA key pair to use for SSH connections.
If you do not enter a value, the router uses the RSA key pair generated
from its hostname and domain name. This is the default.
Tip Use the CLI command show crypto key mypubkey rsa to
display the names and values of each key pair configured on the
device. These are the valid names that can be entered in this
field.
Regenerate Key During
Deployment
When selected, regenerates the RSA key pair on the router during the
next deployment. This option is useful if you are concerned that the
secrecy of the keys might be compromised.
When deselected, a new key pair is not generated.
Note This check box is not deselected automatically after
deployment. If you do not return to this policy to deselect the
check box, the key is regenerated each time you deploy.
Note This option requires interaction with the device during
deployment. Therefore, you should use it only when deploying
to live devices, not when deploying to a file.
Note A key pair must already exist on the device before you select
this option; otherwise, deployment will fail. (This will typically
be the case, since IOS routers must have SSH enabled in order
to be added to Security Manager.)
Modulus Size Applies only when the Regenerate Key check box is selected.
The size of the modulus used to generate a new key pair. A larger
modulus is more secure but takes longer to generate. Valid values range
from 360 to 2048 bits. The default is 1024 bits.
Table60-28 Secure Shell Page (Continued)
Element Description