Cisco 2950G 24 Software Configuration Guide - Page 482
Default SNMP Configuration, SNMP Configuration Guidelines
UPC - 746320687711
View all Cisco 2950G 24 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 482 highlights
Configuring SNMP Chapter 24 Configuring SNMP Default SNMP Configuration Table 24-3 shows the default SNMP configuration. Table 24-3 Default SNMP Configuration Feature SNMP agent SNMP community strings SNMP trap receiver SNMP traps SNMP version SNMPv3 authentication SNMP notification type Default Setting Enabled Read-Only: Public Read-Write: Private Read-Write-all: Secret None configured None enabled If no version keyword is present, the default is version 1. If no keyword is entered, the default is the noauth (noAuthNoPriv) security level. If no type is specified, all notifications are sent. SNMP Configuration Guidelines An SNMP group is a table that maps SNMP users to SNMP views. An SNMP user is a member of an SNMP group. An SNMP host is the recipient of an SNMP trap operation. An SNMP engine ID is a name for the local or remote SNMP engine. When configuring SNMP, follow these guidelines: • When configuring an SNMP group, do not specify a notify view. The snmp-server host global configuration command autogenerates a notify view for the user and then adds it to the group associated with that user. Modifying the group's notify view affects all users associated with that group. Refer to the Cisco IOS Configuration Fundamentals Command Reference for Release 12.1 for information about when you should configure notify views. • To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. • Before you configure remote users for a particular agent, configure the SNMP engine ID, using the snmp-server engineID global configuration with the remote option. The remote agent's SNMP engine ID and user password are used to compute the authentication and privacy digests. If you do not configure the remote engine ID first, the configuration command fails. • When configuring SNMP informs, you need to configure the SNMP engine ID for the remote agent in the SNMP database before you can send proxy requests or informs to it. • Changing the value of the SNMP engine ID has important side effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest based on the password and the local engine ID. The command-line password is then destroyed, as required by RFC 2274. Because of this deletion, if the value of engineID changes, the security digests of SNMPv3 users become invalid, and you need to reconfigure SNMP users by using the snmp-server user username global configuration command. Similar restrictions require the reconfiguration of community strings when the engine ID changes. 24-6 Catalyst 2950 Desktop Switch Software Configuration Guide 78-14982-01