CLI Operations and Configuration Example for SNMPv2c

The commands to configure SNMPv2c are as follows:

  • snmp-server community string [view view-name] [ro | rw] [access-list number] sets up the community access string to permit access to Simple Network Management Protocol (SNMP) via SNMPv1 and SNMPv2c. The view-name restricts the available objects to the community string. ro stands for read-only, and rw stands for read-write. Finally, an access list uses the community string to restrict access to the SNMP agent.

  • snmp-server enable traps [notification-type] enables the SNMP notifications (traps or informs) available on your system.

  • snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type] [vrf vrf-name] specifies the recipient of the SNMP notification operations, defines how to send them (trap or inform), sets the SNMP version, and specifies the community string to be placed in the notification. Optional arguments include the specific UDP port on the management station where the notification is exported, the notification type for this specific host, and the Virtual Routing and Forwarding (VRF) in which the notification is sent.

SNMPv2c Configuration Example

Here is an example of the SNMPv2c configuration:

router(config)# snmp-server community not_public RO
router(config)# snmp-server community not_private RW
router(config)# snmp-server enable traps
router(config)# snmp-server host version 2c trap_community


Even if most of the SNMP examples in the literature use the community strings public for read-only and private for read-write, using different community strings in real configurations is strongly recommended. Too many devices in the Internet still use the public and private community strings, which implies serious security holes.

As already described, the first two commands enable both the SNMPv1 agent and the SNMPv2c agent on the router.

SNMPv2c Data Retrieval

To retrieve SNMPv2c data using the snmpget utility, enter the following:

SERVER % snmpget -v 1 -c not_public router sysObjectID.0
sysObjectID.0 = OID: CISCO-PRODUCTS-MIB::cisco2611
SERVER % snmpget -v 2c -c not_public router sysObjectID.0
sysObjectID.0 = OID: CISCO-PRODUCTS-MIB::cisco2611

Displaying SNMPv2c Statistics

The show snmp command displays all the SNMP statistics: number of input and output SNMP packets, number of community string violations (unknown community name), number of requested variables (with the SNMP get, getnext, or getbulk operations), number of altered variables (with the SNMP set operation). Here's an example:

Router# show snmp
Chassis: JAD0352065J (891283838)
637082 SNMP packets input
    0 Bad SNMP version errors
    465 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    6859663 Number of requested variables
    442 Number of altered variables
    537965 Get-request PDUs
    93444 Get-next PDUs
    257 Set-request PDUs
636841 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    640 No such name errors
    162 Bad values errors
    0 General errors
    636625 Response PDUs
    204 Trap PDUs
SNMP logging: enabled
    Logging to, 0/10, 0 sent, 0 dropped. The show snmp

Part II: Implementations on the Cisco Devices