Cisco Systems DOC-7814982 Default SNMP Configuration, SNMP Configuration Guidelines

24-6

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 24 Configuring SNMP

Configuring SNMP

Default SNMP Configuration

Table 24-3 shows the de fault SNM P c onfiguratio n.

An SNMP group is a t abl e that ma ps SNM P use rs to SN MP v iews. An SNM P user is a member of an

SNMP group. An SNMP host is the recipie nt of an SNMP tr ap operati on. An SNMP engin e I D is a nam e

for th e lo cal o r remot e SN MP en g ine.

When configur ing SNMP, follow thes e guidel ines:

•When configuri ng an SNMP group , do not specif y a notify view. The snmp- s erver h o st global

configurat ion c omma nd au toge ne rat es a no tif y v iew for the u ser and the n a dd s it to t he g rou p

associated with that user. Modifying the group's notify view affects all users associated with that

group. R ef er to t he Ci sco IOS Con figuration Fundamen tals Comma nd Reference for Release 12 .1

for in for matio n about wh en yo u shoul d configure no tify v iews.

•To configure a remote user , specify the IP address or port number for the remote SNMP agent of the

device wher e the us er reside s.

•Befo re you co nfigure remote us e rs fo r a par ticul ar ag en t, co n figur e th e SNMP en gin e I D , using the

snmp-server engineID global con figurati on with the remote op tion . The re mote agen t's S NMP

engine ID an d use r passwo rd are used t o co mput e t h e aut hent ic ation a nd privacy digests . If you do

not configur e the rem ote engi ne ID first, the configu ration com mand fail s.

•When co n figur in g SNMP in fo rm s, you n eed t o co nfigure the SNMP en gine ID f or th e re mo te ag en t

in the SNMP da tabase bef ore you can send pro xy request s or inform s to it.

•Changing the value of the SNMP engine ID has important side effects. A user's password (entered

on the command line) is con verted to an MD5 or SHA security digest based on the password and the

local engine ID. The command-line password is then destroyed, as required by RFC 2274. Because

of this deletion, if the value of engineID changes, the security digests of SNMPv3 users become

invalid, and you need t o reconfigu re SN MP us ers by using t he sn mp-se rver user username global

configuration command. Similar restrictions require the reconfiguration of community strings when

the engine ID changes.

Table 24-3 Default SNMP Configuration

Feature Default Setting

SNMP agent Enabled

SNMP community strings Read-Only: Public

Read-Write: Private

Read-Write-all: Secret

SNMP trap receiver None configured

SNMP traps None enabled

SNMP vers ion If no version keyword is present, the default is version 1.

SNMPv3 authentication If no keyword is entered, the default is the noauth (noAuthNoPriv)

security level.

SNMP notification type If no type is specified, all notifications are sent.