Configuring SNMPv3 notifications (CLI)

The SNMPv3 notification process allows messages that are passed via SNMP between the switch and a network management station to be authenticated and encrypted.

Procedure
  1. Enable SNMPv3 operation on the switch by entering the snmpv3 enable command.
    When SNMPv3 is enabled, the switch supports:

    • Reception of SNMPv3 notification messages (traps and informs)

    • Configuration of initial users

    • (Optional) Restriction of non-SNMPv3 messages to "read only"

  2. Configure SNMPv3 users by entering the snmpv3 user command. Each SNMPv3 user configuration is entered in the User Table.
  3. Assign SNMPv3 users to security groups according to their level of access privilege by entering the snmpv3 group command.
  4. Define the name of an SNMPv3 notification configuration by entering the snmpv3 notify command.

    Syntax: 

    no snmpv3 notify <notify_name> tagvalue <tag_name> type {inform|trap}

    Associates the name of an SNMPv3 notification configuration with a tag name used (internally) in SNMPv3 commands. To delete a notification-to-tag mapping, enter no snmpv3 notify notify_name .

    notify <notify_name>

    Specifies the name of an SNMPv3 notification configuration.

    tagvalue <tag_name>

    Specifies the name of a tag value used in other SNMPv3 commands, such as snmpv3 targetaddress params taglist tag_name in Step 5.

    type Specifies the notification type as inform or trap. By default, the notification type is trap.
  5. Configure the target address of the SNMPv3 management station to which SNMPv3 informs and traps are sent by entering the snmpv3 targetaddress command.

    Syntax: 

    no snmpv3 targetaddress <ASCII-STR> params <ASCII-STR> <IP-ADDR> taglist <ASCII-STR>

    Configures the IPv4 or IPv6 address, name, and configuration filename of the SNMPv3 management station to which notification messages are sent.

    params <ASCII-STR>

    Name of the SNMPv3 station's parameters file. The parameters filename configured with params <ASCII-STR> must match the params <ASCII-STR> value entered with the snmpv3 params command in Step 6.

    The <IP-ADDR> sets the IP address of the destination.

    taglist <ASCII-STR> [ASCII-STR] …

    Specifies the SNMPv3 notifications (identified by one or more ASCII-STR values) to be sent to the IP address of the SNMPv3 management station.

    You can enter more than one ASCII-STR value. Each ASCII-STR value must be already associated with the name of an SNMPv3 notification configuration entered with the snmpv3 notify command in Step 4.Use a blank space to separate values.

    ASCII-STR

    You can enter up to 103 characters in ASCII-STR entries following the taglist keyword.

    [filter {<none | debug | all | not-info | critical>}]

    (Optional) Configures the type of messages sent to a management station.(Default: none.)

    [udp-port < port >]

    (Optional) Specifies the UDP port to use.(Default: 162.)

    [port-mask < mask >]

    (Optional) Specifies a range of UDP ports. (Default: 0.)

    [addr-mask < mask >]

    (Optional) Specifies a range of IP addresses as destinations for notification messages.(Default: 0.)

    [retries < value >]

    (Optional) Number of times a notification is retransmitted if no response is received. Range: 1-255.(Default: 3.)

    [timeout < value >]

    (Optional) Time (in millisecond increments) allowed to receive a response from the target before notification packets are retransmitted. Range: 0-2147483647.[Default: 1500 (15 seconds).]

    [max-msg-size < size >]

    (Optional) Maximum number of bytes supported in a notification message to the specified target. (Default: 1472)

  6. Create a configuration record for the target address with the snmpv3 params command.

    Syntax: 

    no snmpv3 params <ASCII-STR> user <user_name> sec-model <security_model> 
message-processing <security_model> <security_service>

    Applies the configuration parameters and IP address of an SNMPv3 management station (from the params <ASCII-STR> value configured with the snmpv3 targetaddress command in Step 5) to a specified SNMPv3 user (from the user <user_name> value configured with the snmpv3 user command in Step 2).

    If you enter the snmpv3 params user command, you must also configure a security model ( sec_model) and message processing algorithm ( message-processing).

    {<sec_model [ver1 | ver2c | ver3>]}

    Configures the security model used for SNMPv3 notification messages sent to the management station configured with the snmpv3 targetaddress command in Step 5.

    If you configure the security model as ver3, you must also configure the message processing value as ver3.

    {msg-processing {<ver1 | ver2c | ver3>} [noaut | auth | priv]}

    Configures the algorithm used to process messages sent to the SNMPv3 target address.

    If you configure the message processing value as ver3 and the security model as ver3, you must also configure a security services level ( noauth, auth, or priv).

    Example:

    An example to how to configure SNMPv3 notification in the following image:

    Figure 31: Example: SNMPv3 notification configuration