CLI Operations and Configuration Example for SNMPv2c
The commands to configure SNMPv2c are as follows:
snmp-server community string [view view-name] [ro | rw] [access-list number] sets up the community access string to permit access to Simple Network Management Protocol (SNMP) via SNMPv1 and SNMPv2c. The view-name restricts the available objects to the community string. ro stands for read-only, and rw stands for read-write. Finally, an access list uses the community string to restrict access to the SNMP agent.
snmp-server enable traps [notification-type] enables the SNMP notifications (traps or informs) available on your system.
snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [notification-type] [vrf vrf-name] specifies the recipient of the SNMP notification operations, defines how to send them (trap or inform), sets the SNMP version, and specifies the community string to be placed in the notification. Optional arguments include the specific UDP port on the management station where the notification is exported, the notification type for this specific host, and the Virtual Routing and Forwarding (VRF) in which the notification is sent.
SNMPv2c Configuration Example
Here is an example of the SNMPv2c configuration:
router(config)# snmp-server community not_public RO router(config)# snmp-server community not_private RW router(config)# snmp-server enable traps router(config)# snmp-server host 10.10.10.10 version 2c trap_community
Note
Even if most of the SNMP examples in the literature use the community strings public for read-only and private for read-write, using different community strings in real configurations is strongly recommended. Too many devices in the Internet still use the public and private community strings, which implies serious security holes.
As already described, the first two commands enable both the SNMPv1 agent and the SNMPv2c agent on the router.
SNMPv2c Data Retrieval
To retrieve SNMPv2c data using the snmpget utility, enter the following:
SERVER % snmpget -v 1 -c not_public router sysObjectID.0 sysObjectID.0 = OID: CISCO-PRODUCTS-MIB::cisco2611 SERVER % snmpget -v 2c -c not_public router sysObjectID.0 sysObjectID.0 = OID: CISCO-PRODUCTS-MIB::cisco2611
Displaying SNMPv2c Statistics
The show snmp command displays all the SNMP statistics: number of input and output SNMP packets, number of community string violations (unknown community name), number of requested variables (with the SNMP get, getnext, or getbulk operations), number of altered variables (with the SNMP set operation). Here's an example:
Router# show snmp Chassis: JAD0352065J (891283838) 637082 SNMP packets input 0 Bad SNMP version errors 465 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 6859663 Number of requested variables 442 Number of altered variables 537965 Get-request PDUs 93444 Get-next PDUs 257 Set-request PDUs 636841 SNMP packets output 0 Too big errors (Maximum packet size 1500) 640 No such name errors 162 Bad values errors 0 General errors 636625 Response PDUs 204 Trap PDUs SNMP logging: enabled Logging to 10.10.10.10.162, 0/10, 0 sent, 0 dropped. The show snmp
