The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted.
Procedure
Enable SNMPv3 operation on the switch by entering the
snmpv3 enable command.
When SNMPv3 is enabled, the switch supports:
Reception of SNMPv3 notification messages (traps and informs)
Configuration of initial users
(Optional) Restriction of non-SNMPv3 messages to "read only"
Configure SNMPv3 users by entering the
snmpv3 user command. Each SNMPv3 user configuration is entered in the User Table.
Assign SNMPv3 users to security groups according to their level of access privilege by entering the
snmpv3 group command.
Define the name of an SNMPv3 notification configuration by entering the
snmpv3 notify command.
Syntax:
no snmpv3 notify <notify_name> tagvalue <tag_name> type {inform|trap}
Associates the name of an SNMPv3 notification configuration with a tag name used (internally) in SNMPv3 commands. To delete a notification-to-tag mapping, enter
no snmpv3 notify
notify_name.
notify <notify_name>
Specifies the name of an SNMPv3 notification configuration.
tagvalue <tag_name>
Specifies the name of a tag value used in other SNMPv3 commands, such as
snmpv3 targetaddress params taglist
tag_name in Step 5.
type
Specifies the notification type as
inform or
trap. By default, the notification type is
trap.
Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the
snmpv3 targetaddress command.
Syntax:
no snmpv3 targetaddress <ASCII-STR> params <ASCII-STR><IP-ADDR> taglist <ASCII-STR>
Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.
params
<ASCII-STR>
Name of the SNMPv3 station's parameters file. The parameters filename configured with
params
<ASCII-STR> must match the
params
<ASCII-STR> value entered with the
snmpv3 params command in Step 6.
The
<IP-ADDR> sets the IP address of the destination.
taglist
<ASCII-STR> [ASCII-STR] …
Specifies the SNMPv3 notifications (identified by one or more
ASCII-STR values) to be sent to the IP address of the SNMPv3 management station.
You can enter more than one
ASCII-STR value. Each
ASCII-STR value must be already associated with the name of an SNMPv3 notification configuration entered with the
snmpv3 notify command in Step 4.Use a blank space to separate
values.
ASCII-STR
You can enter up to 103 characters in
ASCII-STR entries following the
taglist keyword.
[filter {<none | debug | all | not-info | critical>}]
(Optional) Configures the type of messages sent to a management station.(Default: none.)
[udp-port <
port >]
(Optional) Specifies the UDP port to use.(Default: 162.)
[port-mask <
mask >]
(Optional) Specifies a range of UDP ports. (Default: 0.)
[addr-mask <
mask >]
(Optional) Specifies a range of IP addresses as destinations for notification messages.(Default: 0.)
[retries <
value >]
(Optional) Number of times a notification is retransmitted if no response is received. Range: 1-255.(Default: 3.)
[timeout <
value >]
(Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted. Range: 0-2147483647.[Default: 1500 (15 seconds).]
[max-msg-size <
size >]
(Optional) Maximum number of bytes supported in a notification message to the specified target. (Default: 1472)
Create a configuration record for the target address with the
snmpv3 params command.
Syntax:
no snmpv3 params <ASCII-STR> user <user_name> sec-model <security_model>
message-processing <security_model><security_service>
Applies the configuration parameters and IP address of an SNMPv3 management station (from the
params
<ASCII-STR> value configured with the
snmpv3 targetaddress command in Step 5) to a specified SNMPv3 user (from the
user
<user_name> value configured with the
snmpv3 user command in Step 2).
If you enter the
snmpv3 params user command, you must also configure a security model (
sec_model) and message processing algorithm (
message-processing).
{<sec_model [ver1 | ver2c | ver3>]}
Configures the security model used for SNMPv3 notification messages sent to the management station configured with the
snmpv3 targetaddress command in Step 5.
If you configure the security model as
ver3, you must also configure the message processing value as
ver3.
Configures the algorithm used to process messages sent to the SNMPv3 target address.
If you configure the message processing value as
ver3 and the security model as
ver3, you must also configure a security services level (
noauth,
auth, or
priv).
Example:
An example to how to configure SNMPv3 notification in the following image: