Send documentation comments to mdsfeedback-doc@cisco.com.
26-3
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-6965-03, Cisco MDS SAN-OS Release 2.x
Chapter 26 SNMP Configuration
About SNMP
In Cisco MDS SAN-OS Release 2.0(1b) or later, users present in the prior release are assigned set of roles
that is the union of both the CLI and the SNMP rules. Any configuration changes made to the user group,
role, or password, results in the database synchronization for both SNMP and AAA.
Note When the passphrase/password is specified in localized key/encrypted format, the password is not
synchronized.

Software Upgrade Synchronization

When you upgrade from an earlier release to Cisco MDS SAN-OS Release 2.0(1b) or later, the following
synchronization steps occur:
Existing SNMP users continue to retain the auth and priv information without any changes.
If a user is not present in one database and is present in other database, the CLI user is created
without any password (login is disabled) and the SNMP user is created with the noAuthNoPriv
security level. Subsequently, the passwords and roles for these users will be synchronized.
If the management station creates a SNMP user in the usmUserTable, this user is created without
any password (login is disabled) and will have the network-operator role.

Restricting Switch Access

You can restrict access to a Cisco MDS 9000 Family switch using IP Access Control Lists (IP-ACLs).
See the “IP-ACL Configuration Guidelines” section on page 28-1.

Adding a Community String

To add a community string, follow these steps:
Step 1 From Fabric Manager, choose Switches > Security->SNMP from the Physical Attributes pane and click
the Communities tab in the Information pane.
From Device Manager, choose Security > SNMP and click the Communities tab.
Step 2 Click Create in the Device Manager dialog box, or click the Create Row icon in Fabric Manager .
You see the Create Community string dialog box.
The dialog box in Fabric Manager also provides check boxes to specify one or more switches.
Step 3 Enter the community name in the Community field.
Step 4 Select the role from the check boxes in Device Manager or the drop-down list in Fabric Manager. In
Fabric Manager, you can enter a new role name in the field if you do not want to select one from the
drop-down list. If you do this, you must go back and configure this role appropriately (see the
“Configuring Common Roles” section on page 25-2).
Step 5 Click Create to create the new entry or click Close to create the entry and close the dialog box.