Cisco 2960 X Owners Manual
Have a look at the manual Cisco 2960 X Owners Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 62
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
Configuresthecommunitystring.snmp-servercommunitystring
[viewview-name][ro|rw]
[access-list-number]
Step 2
The@symbolisusedfordelimitingthecontextinformation.Avoidusing
the@symbolaspartoftheSNMPcommunitystringwhenconfiguring
thiscommand.
Note
Example:
Switch(config)#snmp-servercommunitycomaccessro4
•Forstring,specifyastringthatactslikeapasswordandpermitsaccesstothe...](http://img.usermanuals.tech/thumb/17/102385/w64_2960-x-owners-manual-1511197621_d-61.png "Page 62
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
Configuresthecommunitystring.snmp-servercommunitystring
[viewview-name][ro|rw]
[access-list-number]
Step 2
The@symbolisusedfordelimitingthecontextinformation.Avoidusing
the@symbolaspartoftheSNMPcommunitystringwhenconfiguring
thiscommand.
Note
Example:
Switch(config)#snmp-servercommunitycomaccessro4
•Forstring,specifyastringthatactslikeapasswordandpermitsaccesstothe...")
![Page 64
PurposeCommand or Action
•Theengineid-stringisa24-characterIDstringwiththenameofthecopyof
SNMP.Youneednotspecifytheentire24-characterengineIDifithastrailing[udp-portport-number]
engineid-string}zeros.SpecifyonlytheportionoftheengineIDuptothepointwhereonly
Example:
Switch(config)#snmp-serverengineIDlocal1234
zerosremaininthevalue.TheStepExampleconfiguresanengineIDof
123400000000000000000000.
•Ifyouselectremote,specifytheip-addressofthedevicethatcontainsthe...](http://img.usermanuals.tech/thumb/17/102385/w64_2960-x-owners-manual-1511197621_d-63.png "Page 64
PurposeCommand or Action
•Theengineid-stringisa24-characterIDstringwiththenameofthecopyof
SNMP.Youneednotspecifytheentire24-characterengineIDifithastrailing[udp-portport-number]
engineid-string}zeros.SpecifyonlytheportionoftheengineIDuptothepointwhereonly
Example:
Switch(config)#snmp-serverengineIDlocal1234
zerosremaininthevalue.TheStepExampleconfiguresanengineIDof
123400000000000000000000.
•Ifyouselectremote,specifytheip-addressofthedevicethatcontainsthe...")
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
DisablestheSNMPagentoperation.nosnmp-server
Example:
Switch(config)#nosnmp-server
Step 2
ReturnstoprivilegedEXECmode.end
Example:
Switch(config)#end
Step 3
Configuring Community Strings
YouusetheSNMPcommunitystringtodefinetherelationshipbetweentheSNMPmanagerandtheagent.
Thecommunitystringactslikeapasswordtopermitaccesstotheagentontheswitch.Optionally,youcan
specifyoneormoreofthesecharacteristicsassociatedwiththestring:
•AnaccesslistofIPaddressesoftheSNMPmanagersthatarepermittedtousethecommunitystringto
gainaccesstotheagent
•AMIBview,whichdefinesthesubsetofallMIBobjectsaccessibletothegivencommunity
•Readandwriteorread-onlypermissionfortheMIBobjectsaccessibletothecommunity
BeginninginprivilegedEXECmode,followthesestepstoconfigureacommunitystringontheswitch.
SUMMARY STEPS
1.configureterminal
2.snmp-servercommunitystring[viewview-name][ro|rw][access-list-number]
3.access-listaccess-list-number{deny|permit}source[source-wildcard]
4.end
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29044-0151
Configuring Simple Network Management Protocol
Configuring Community Strings
DETAILED STEPS PurposeCommand or Action Enterstheglobalconfigurationmode.configureterminal Example: Switch#configureterminal Step 1 Configuresthecommunitystring.snmp-servercommunitystring [viewview-name][ro|rw] [access-list-number] Step 2 [email protected] the@symbolaspartoftheSNMPcommunitystringwhenconfiguring thiscommand. Note Example: Switch(config)#snmp-servercommunitycomaccessro4 •Forstring,specifyastringthatactslikeapasswordandpermitsaccesstothe SNMPprotocol.Youcanconfigureoneormorecommunitystringsofany length. •(Optional)Forview-name,specifytheviewrecordaccessibletothecommunity. •(Optional)Specifyeitherread-only(ro)ifyouwantauthorizedmanagement stationstoretrieveMIBobjects,orspecifyread-write(rw)ifyouwant authorizedmanagementstationstoretrieveandmodifyMIBobjects.By default,thecommunitystringpermitsread-onlyaccesstoallobjects. •(Optional)Foraccess-list-number,enteranIPstandardaccesslistnumbered from1to99and1300to1999. (Optional)IfyouspecifiedanIPstandardaccesslistnumberinStep2,thencreate thelist,repeatingthecommandasmanytimesasnecessary. access-listaccess-list-number{deny |permit}source[source-wildcard] Step 3 Example: Switch(config)#access-list4denyany •Foraccess-list-number,entertheaccesslistnumberspecifiedinStep2. •Thedenykeyworddeniesaccessiftheconditionsarematched.Thepermit keywordpermitsaccessiftheconditionsarematched. •Forsource,entertheIPaddressoftheSNMPmanagersthatarepermittedto usethecommunitystringtogainaccesstotheagent. •(Optional)Forsource-wildcard,enterthewildcardbitsindotteddecimal notationtobeappliedtothesource.Placeonesinthebitpositionsthatyou wanttoignore. Recallthattheaccesslistisalwaysterminatedbyanimplicitdenystatementfor everything. ReturnstoprivilegedEXECmode.end Example: Switch(config)#end Step 4 Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 52OL-29044-01 Configuring Simple Network Management Protocol Configuring Community Strings
ThisexampleshowshowtoassignthecomaccessstringtoSNMP,toallowread-onlyaccess,andtospecify
thatIPaccesslist4canusethecommunitystringtogainaccesstotheswitchSNMPagent:
Switch(config)#snmp-servercommunitycomaccessro4
What to Do Next
TodisableaccessforanSNMPcommunity,setthecommunitystringforthatcommunitytothenullstring
(donotenteravalueforthecommunitystring).
Toremoveaspecificcommunitystring,usethenosnmp-servercommunitystringglobalconfiguration
command.
Youcanspecifyanidentificationname(engineID)forthelocalorremoteSNMPserverengineontheswitch.
YoucanconfigureanSNMPservergroupthatmapsSNMPuserstoSNMPviews,andyoucanaddnewusers
totheSNMPgroup.
Configuring SNMP Groups and Users
Youcanspecifyanidentificationname(engineID)forthelocalorremoteSNMPserverengineontheswitch.
YoucanconfigureanSNMPservergroupthatmapsSNMPuserstoSNMPviews,andyoucanaddnewusers
totheSNMPgroup.
BeginninginprivilegedEXECmode,followthesestepstoconfigureSNMPgroupsandusersontheswitch.
SUMMARY STEPS
1.configureterminal
2.snmp-serverengineID{localengineid-string|remoteip-address[udp-portport-number]engineid-string}
3.snmp-servergroupgroup-name{v1|v2c|v3{auth|noauth|priv}}[readreadview][writewriteview]
[notifynotifyview][accessaccess-list]
4.snmp-serveruserusernamegroup-name{remotehost[udp-portport]}{v1[accessaccess-list]|v2c
[accessaccess-list]|v3[encrypted][accessaccess-list][auth{md5|sha}auth-password]}[priv{des
|3des|aes{128|192|256}}priv-password]
5.end
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
ConfiguresanameforeitherthelocalorremotecopyofSNMP.snmp-serverengineID{local
engineid-string|remoteip-address
Step 2
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29044-0153
Configuring Simple Network Management Protocol
Configuring SNMP Groups and Users
PurposeCommand or Action
•Theengineid-stringisa24-characterIDstringwiththenameofthecopyof
SNMP.Youneednotspecifytheentire24-characterengineIDifithastrailing[udp-portport-number]
engineid-string}zeros.SpecifyonlytheportionoftheengineIDuptothepointwhereonly
Example:
Switch(config)#snmp-serverengineIDlocal1234
zerosremaininthevalue.TheStepExampleconfiguresanengineIDof
123400000000000000000000.
•Ifyouselectremote,specifytheip-addressofthedevicethatcontainsthe
remotecopyofSNMPandtheoptionalUserDatagramProtocol(UDP)port
ontheremotedevice.Thedefaultis162.
ConfiguresanewSNMPgroupontheremotedevice.snmp-servergroupgroup-name{v1|
v2c|v3{auth|noauth|priv}}[read
Step 3
Forgroup-name,specifythenameofthegroup.readview][writewriteview][notify
notifyview][accessaccess-list]Specifyoneofthefollowingsecuritymodels:
Example:
Switch(config)#snmp-servergrouppublicv2caccesslmnop
•v1istheleastsecureofthepossiblesecuritymodels.
•v2cisthesecondleastsecuremodel.Itallowstransmissionofinformsand
integerstwicethenormalwidth.
•v3,themostsecure,requiresyoutoselectoneofthefollowingauthentication
levels:
auth—EnablestheMessageDigest5(MD5)andtheSecureHashAlgorithm
(SHA)packetauthentication.
noauth—EnablesthenoAuthNoPrivsecuritylevel.Thisisthedefaultifno
keywordisspecified.
priv—EnablesDataEncryptionStandard(DES)packetencryption(alsocalled
privacy).
(Optional)Enterreadreadviewwithastring(nottoexceed64characters)thatis
thenameoftheviewinwhichyoucanonlyviewthecontentsoftheagent.
(Optional)Enterwritewriteviewwithastring(nottoexceed64characters)thatis
thenameoftheviewinwhichyouenterdataandconfigurethecontentsoftheagent.
(Optional)Enternotifynotifyviewwithastring(nottoexceed64characters)that
isthenameoftheviewinwhichyouspecifyanotify,inform,ortrap.
(Optional)Enteraccessaccess-listwithastring(nottoexceed64characters)that
isthenameoftheaccesslist.
AddsanewuserforanSNMPgroup.snmp-serveruserusername
group-name{remotehost[udp-port
Step 4
Theusernameisthenameoftheuseronthehostthatconnectstotheagent.port]}{v1[accessaccess-list]|v2cThegroup-nameisthenameofthegrouptowhichtheuserisassociated.[accessaccess-list]|v3[encrypted]
[accessaccess-list][auth{md5|sha}EnterremotetospecifyaremoteSNMPentitytowhichtheuserbelongsandthe
hostnameorIPaddressofthatentitywiththeoptionalUDPportnumber.Thedefault
is162.
auth-password]}[priv{des|3des|aes
{128|192|256}}priv-password]
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
54OL-29044-01
Configuring Simple Network Management Protocol
Configuring SNMP Groups and Users
PurposeCommand or Action Example: Switch(config)#snmp-serveruserPatpublicv2c EntertheSNMPversionnumber(v1,v2c,orv3).Ifyouenterv3,youhavethese additionaloptions: •encryptedspecifiesthatthepasswordappearsinencryptedformat.This keywordisavailableonlywhenthev3keywordisspecified. •authisanauthenticationlevelsettingsessionthatcanbeeitherthe HMAC-MD5-96(md5)ortheHMAC-SHA-96(sha)authenticationleveland requiresapasswordstringauth-password(nottoexceed64characters). Ifyouenterv3youcanalsoconfigureaprivate(priv)encryptionalgorithmand passwordstringpriv-passwordusingthefollowingkeywords(nottoexceed64 characters): •privspecifiestheUser-basedSecurityModel(USM). •desspecifiestheuseofthe56-bitDESalgorithm. •3desspecifiestheuseofthe168-bitDESalgorithm. •aesspecifiestheuseoftheDESalgorithm.Youmustselecteither128-bit, 192-bit,or256-bitencryption. (Optional)Enteraccessaccess-listwithastring(nottoexceed64characters)that isthenameoftheaccesslist. ReturnstoprivilegedEXECmode.end Example: Switch(config)#end Step 5 Configuring SNMP Notifications Atrapmanagerisamanagementstationthatreceivesandprocessestraps.Trapsaresystemalertsthatthe switchgenerateswhencertaineventsoccur.Bydefault,notrapmanagerisdefined,andnotrapsaresent. SwitchesrunningthisCiscoIOSreleasecanhaveanunlimitednumberoftrapmanagers. Manycommandsusethewordtrapsinthecommandsyntax.Unlessthereisanoptioninthecommand toselecteithertrapsorinforms,thekeywordtrapsreferstotraps,informs,orboth.Usethesnmp-server hostglobalconfigurationcommandtospecifywhethertosendSNMPnotificationsastrapsorinforms. Note Youcanusethesnmp-serverhostglobalconfigurationcommandforaspecifichosttoreceivethenotification typeslistedinthefollowingtable.Youcanenableanyorallofthesetrapsandconfigureatrapmanagerto receivethem. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29044-0155 Configuring Simple Network Management Protocol Configuring SNMP Notifications
Table 10: Device Notification Types DescriptionNotification Type Keyword GeneratesBorderGatewayProtocol(BGP)statechangetraps.This optionisonlyavailablewhentheIPservicesfeaturesetisenabled. bgp GeneratesSTPbridgeMIBtraps.bridge Generatesatrapwhentheclusterconfigurationchanges.cluster GeneratesatrapforSNMPconfigurationchanges.config GeneratesatrapforSNMPcopyconfigurationchanges.copy-config AllowCPU-relatedtraps.cputhreshold GeneratesatrapforSNMPentitychanges.entity Generatesenvironmentalmonitortraps.Youcanenableanyorall oftheseenvironmentaltraps:fan,shutdown,status,supply, temperature. envmon GeneratesSNMPFLASHnotifications.Inaswitchstack,youcan optionallyenablenotificationforflashinsertionorremoval,which wouldcauseatraptobeissuedwheneveraswitchinthestackis removedorinserted(physicalremoval,powercycle,orreload). flash Generatesentityfield-replaceableunit(FRU)controltraps.Inthe switchstack,thistrapreferstotheinsertionorremovalofaswitch inthestack. fru-ctrl GeneratesatrapforHotStandbyRouterProtocol(HSRP)changes.hsrp GeneratesatrapforIPmulticastroutingchanges.ipmulticast GeneratesatrapforMACaddressnotifications.mac-notification GeneratesatrapforMulticastSourceDiscoveryProtocol(MSDP) changes. msdp GeneratesatrapforOpenShortestPathFirst(OSPF)changes.You canenableanyorallofthesetraps:Ciscospecific,errors,link-state advertisement,ratelimit,retransmit,andstatechanges. ospf GeneratesatrapforProtocol-IndependentMulticast(PIM)changes. Youcanenableanyorallofthesetraps:invalidPIMmessages, neighborchanges,andrendezvouspoint(RP)-mappingchanges. pim Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 56OL-29044-01 Configuring Simple Network Management Protocol Configuring SNMP Notifications
DescriptionNotification Type Keyword GeneratesSNMPportsecuritytraps.Youcanalsosetamaximum trapratepersecond.Therangeisfrom0to1000;thedefaultis0, whichmeansthatthereisnoratelimit. Whenyouconfigureatrapbyusingthenotificationtype port-security,configuretheportsecuritytrapfirst,and thenconfiguretheportsecuritytraprate: Note 1snmp-serverenabletrapsport-security 2snmp-serverenabletrapsport-securitytrap-raterate port-security GeneratesatrapfortheSNMPResponseTimeReporter(RTR).rtr GeneratesatrapforSNMP-typenotificationsforauthentication, coldstart,warmstart,linkuporlinkdown. snmp GeneratesatrapforSNMPstorm-control.Youcanalsoseta maximumtraprateperminute.Therangeisfrom0to1000;the defaultis0(nolimitisimposed;atrapissentateveryoccurrence). storm-control GeneratesSNMPSTPExtendedMIBtraps.stpx GeneratesSNMPsyslogtraps.syslog GeneratesatrapforTCPconnections.Thistrapisenabledbydefault.tty GeneratesatrapforSNMPVLANmembershipchanges.vlan-membership GeneratesSNMPVLANcreatedtraps.vlancreate GeneratesSNMPVLANdeletedtraps.vlandelete GeneratesatrapforVLANTrunkingProtocol(VTP)changes.vtp BeginninginprivilegedEXECmode,followthesestepstoconfiguretheswitchtosendtrapsorinformstoa host. Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX OL-29044-0157 Configuring Simple Network Management Protocol Configuring SNMP Notifications
SUMMARY STEPS
1.configureterminal
2.snmp-serverengineIDremoteip-addressengineid-string
3.snmp-serveruserusernamegroup-name{remotehost[udp-portport]}{v1[accessaccess-list]|v2c
[accessaccess-list]|v3[encrypted][accessaccess-list][auth{md5|sha}auth-password]}
4.snmp-servergroupgroup-name{v1|v2c|v3{auth|noauth|priv}}[readreadview][writewriteview]
[notifynotifyview][accessaccess-list]
5.snmp-serverhosthost-addr[informs|traps][version{1|2c|3{auth|noauth|priv}}]
community-string[notification-type]
6.snmp-serverenabletrapsnotification-types
7.snmp-servertrap-sourceinterface-id
8.snmp-serverqueue-lengthlength
9.snmp-servertrap-timeoutseconds
10.end
DETAILED STEPS
PurposeCommand or Action
Enterstheglobalconfigurationmode.configureterminal
Example:
Switch#configureterminal
Step 1
SpecifiestheengineIDfortheremotehost.snmp-serverengineIDremoteip-address
engineid-string
Step 2
Example:Switch(config)#snmp-serverengineIDremote192.180.1.2700000063000100a1c0b4011b
ConfiguresanSNMPusertobeassociatedwiththeremotehost
createdinStep2.
snmp-serveruserusernamegroup-name{remote
host[udp-portport]}{v1[accessaccess-list]|
Step 3
v2c[accessaccess-list]|v3[encrypted][access
access-list][auth{md5|sha}auth-password]}Youcannotconfigurearemoteuserforanaddresswithout
firstconfiguringtheengineIDfortheremotehost.
Otherwise,youreceiveanerrormessage,andthecommand
isnotexecuted.
Note
Example:Switch(config)#snmp-serveruserPatpublicv2c
ConfiguresanSNMPgroup.snmp-servergroupgroup-name{v1|v2c|v3
{auth|noauth|priv}}[readreadview][write
writeview][notifynotifyview][accessaccess-list]
Step 4
Example:Switch(config)#snmp-servergrouppublicv2caccesslmnop
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
58OL-29044-01
Configuring Simple Network Management Protocol
Configuring SNMP Notifications
PurposeCommand or Action
SpecifiestherecipientofanSNMPtrapoperation.snmp-serverhosthost-addr[informs|traps]
[version{1|2c|3{auth|noauth|priv}}]
community-string[notification-type]
Step 5
Forhost-addr,specifythenameorInternetaddressofthehost(the
targetedrecipient).
Example:Switch(config)#snmp-serverhost203.0.113.1comaccesssnmp
(Optional)Specifytraps(thedefault)tosendSNMPtrapstothehost.
SpecifyinformstosendSNMPinformstothehost.
(Optional)SpecifytheSNMPversion(1,2c,or3).SNMPv1does
notsupportinforms.
(Optional)ForVersion3,selectauthenticationlevelauth,noauth,
orpriv.
Forcommunity-string,whenversion1orversion2cisspecified,
enterthepassword-likecommunitystringsentwiththenotification
operation.Whenversion3isspecified,entertheSNMPv3username.
[email protected]
usingthe@symbolaspartoftheSNMPcommunitystringwhen
configuringthiscommand.
(Optional)Fornotification-type,usethekeywordslistedinthetable
above.Ifnotypeisspecified,allnotificationsaresent.
Enabletheswitchtosendtrapsorinformsandspecifythetypeof
notificationstobesent.Foralistofnotificationtypes,seethetable
above,orentersnmp-serverenabletraps?
snmp-serverenabletrapsnotification-types
Example:Switch(config)#snmp-serverenabletrapssnmp
Step 6
Toenablemultipletypesoftraps,youmustenteraseparate
snmp-serverenabletrapscommandforeachtraptype.
Whenyouconfigureatrapbyusingthenotificationtype
port-security,configuretheportsecuritytrapfirst,andthen
configuretheportsecuritytraprate:
Note
1snmp-serverenabletrapsport-security
2snmp-serverenabletrapsport-securitytrap-raterate
(Optional)Specifythesourceinterface,whichprovidestheIPaddress
forthetrapmessage.ThiscommandalsosetsthesourceIPaddress
forinforms.
snmp-servertrap-sourceinterface-id
Example:Switch(config)#snmp-servertrap-sourceGigabitEthernet1/0/1
Step 7
(Optional)Establishthemessagequeuelengthforeachtraphost.The
rangeis1to1000;thedefaultis10.
snmp-serverqueue-lengthlength
Example:Switch(config)#snmp-serverqueue-length20
Step 8
Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX
OL-29044-0159
Configuring Simple Network Management Protocol
Configuring SNMP Notifications
PurposeCommand or Action (Optional)Definehowoftentoresendtrapmessages.Therangeis1 to1000;thedefaultis30seconds. snmp-servertrap-timeoutseconds Example:Switch(config)#snmp-servertrap-timeout60 Step 9 ReturnstoprivilegedEXECmode.end Example: Switch(config)#end Step 10 What to Do Next Thesnmp-serverhostcommandspecifieswhichhostsreceivethenotifications.Thesnmp-serverenable trapcommandgloballyenablesthemethodforthespecifiednotification(fortrapsandinforms).Toenable ahosttoreceiveaninform,youmustconfigureansnmp-serverhostinformscommandforthehostand globallyenableinformsbyusingthesnmp-serverenabletrapscommand. Toremovethespecifiedhostfromreceivingtraps,usethenosnmp-serverhosthostglobalconfiguration command.Thenosnmp-serverhostcommandwithnokeywordsdisablestraps,butnotinforms,tothehost. Todisableinforms,usethenosnmp-serverhostinformsglobalconfigurationcommand.Todisableaspecific traptype,usethenosnmp-serverenabletrapsnotification-typesglobalconfigurationcommand. Setting the Agent Contact and Location Information BeginninginprivilegedEXECmode,followthesestepstosetthesystemcontactandlocationoftheSNMP agentsothatthesedescriptionscanbeaccessedthroughtheconfigurationfile. SUMMARY STEPS 1.configureterminal 2.snmp-servercontacttext 3.snmp-serverlocationtext 4.end Catalyst 2960-X Switch Network Management Configuration Guide, Cisco IOS Release 15.0(2)EX 60OL-29044-01 Configuring Simple Network Management Protocol Setting the Agent Contact and Location Information