Simple Network Management Protocol
This chapter is a reference for Simple Network Management Protocol (SNMP) commands.
SNMP provides a standardized framework and a common language for monitoring and managing devices in a network. The SNMP framework consists of three parts:
• An SNMP manager: The system used to control and monitor the activities of network devices. This is sometimes called a Network Management System (NMS).
• An SNMP agent: The component within a managed device that maintains the data for the device and reports these data SNMP managers.
• Management Information Base (MIB): SNMP exposes management data in the form of variables which describe the system configuration. These variables can be queried by SNMP managers.
In SNMP, administration groups are known as communities. SNMP communities consist of one agent and one or more SNMP managers. You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate.
A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.
SNMP access rights are organized by groups. Each group is defined with three accesses: read access, write access, and notification access. Each access can be enabled or disabled within each group.
The SNMP v3 security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The security levels are:
• noAuthNoPriv: No authentication or encryption
• authNoPriv: Authentication but no encryption
• authPriv: Both authentication and encryption.
SNMP is defined in RFCs 3411-3418.
Note: The commands below are supported on the “management” and default VRF.
This chapter contains these commands:
debug snmp-server
Use this command to display SNMP debugging information.
Use the no form of this command to stop displaying SNMP debugging information.
Command Syntax
debug snmp-server
no debug snmp-server
Parameters
None
Default
By default, disabled.
Command Mode
Exec and configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#debug snmp-server
show running-config snmp
Use this command to display the SNMP running configuration.
Command Syntax
show running-config snmp
Parameters
None
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show running-config snmp
snmp-server view all .1 included
snmp-server community abc group network-admin
snmp-server enable snmp
show snmp
Use this command to display the SNMP configuration, including session status, system contact, system location, statistics, communities, and users.
Command Syntax
show snmp
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp
SNMP Protocol:Enabled
sys Contact:
sys Location:
------------------------------------------------------------------------------
Community Group/Access Context acl_filter
------------------------------------------------------------------------------
public network-admin
______________________________________________________________________________
SNMP USERS
______________________________________________________________________________
User Auth Priv(enforce) Groups
______________________________________________________________________________
SNMP Tcp-session :Disabled
show snmp community
Use this command to display SNMP communities.
Command Syntax
show snmp community
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp community
-------------------------------------------------------------------------------------------------------
Community Group/Access view-name version
-------------------------------------------------------------------------------------------------------
test network-operator
testing network-operator ipi 2c
Table 16-24 explains the output fields.
Table 16-24: show snmp community fields
Entry | Description |
---|
Community | SNMP Community string. |
Group/Access | Community group name. |
View-name | Community view name. |
Version | Community version. |
show snmp context
Use this command to display SNMP server contexts and associated groups.
Command syntax
show snmp context
Parameters
None
Command Mode
Exec mode
Applicability
This command is introduced in OcNOS-SP version 5.1 MR
Example
OcNOS#show snmp context
---------------------------------------------------------------------
context groups
---------------------------------------------------------------------
ctx1 grp1,grp2
ctx2 grp3
show snmp engine-id
Use this command to exhibit the SNMP engine identifier.
The SNMP engine identifier is a distinctive string employed to recognize the device for administrative purposes. The default engine-id is formulated using the MAC address, but an option for user-configured engine-id is also provided. The show command should be employed to retrieve information about the presently configured SNMP engine-id on the device.
Command Syntax
show snmp engine-id
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced prior to OcNOS version 1.3 and its display in the show output was enhanced in OcNOS version 6.3.2.
Examples
Default SNMP engine-id:
#show snmp engine-id
SNMP ENGINE-ID Type: MAC address
SNMP ENGINE-ID : 80 00 1f 88 03 e8 c5 7a 1a 02 1c
User-Configured engine-id:
#show snmp engine-id
SNMP ENGINE-ID Type: User configured Text
SNMP ENGINE-ID Text: ipinfusion
SNMP ENGINE-ID : 80 00 1f 88 04 69 70 69 6e 66 75 73 69 6f 6e
Table 16-25 explains the output fields.
Table 16-25: show snmp engine-ip fields
Entry | Description |
---|
SNMP ENGINE-ID: 80 00 1f 88 04 69 70 69 6e 66 75 73 69 6f 6e | The SNMP engine identifier is a distinct string utilized to uniquely recognize the device for administrative purposes. |
show snmp group
Use this command to display SNMP server groups and associated views.
Command Syntax
show snmp group
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp group
-------------------------------------------------------------------------------------------------------------
community/user group version Read-View Write-view Notify-view
-------------------------------------------------------------------------------------------------------------
test network-operator 2c/1 all all all
kedar network-operator 3 all none all
tamil network-operator 3 all none all
Table 16-26 explains the output fields.
Table 16-26: show snmp group output
Entry | Description |
---|
Community/User | Displays the access type of the user for which the notification is generated. |
Group | The name of the SNMP group, or collection of users that have a common access policy. |
Version | SNMP version number. |
Read-View | A string identifying the read view of the group. For further information on the SNMP views, use the show snmp view command. |
Write-View | A string identifying the write view of the group. |
Notify-View | A string identifying the notify view of the group. The notify view indicates the group for SNMP notifications, and corresponds to the setting of the snmp-server group group-name version notify notify-view command. |
show snmp host
Use this command to display the SNMP trap hosts.
Command Syntax
show snmp host
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp host
---------------------------------------------------------------------------
Host Port Version Level Type SecName
---------------------------------------------------------------------------
10.10.26.123 162 2c noauth trap test
Table 16-27 explains the output fields.
Table 16-27: Show snmp host output
Entry | Description |
---|
Host | The IP address of the SNMP host server. |
Port | The port being used for SNMP traffic. |
Version | SNMP version number. |
Level | The security level being used. |
Type | The type of SNMP object being sent. |
SecName | Secure Name for this SNMP session. |
show snmp user
Use this command to display SNMP users and associated authentication, encryption, and group.
Command Syntax
show snmp user
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp user
SNMP USERS
_________________________________________________________________________
User Auth Priv(enforce) Groups
_________________________________________________________________________
ntwadmin MD5 AES network-admin
#
Table 16-28 explains the output fields.
Table 16-28: Show snmp user output
Entry | Description |
---|
User | The person attempting to use the SMNMP agent. |
Auth | The secure encryption scheme being used. |
Priv(enforce) | What enforcement privilege is being used (in this case, it is the Advance Encryption Standard). |
Group | The group to which the user belongs. |
show snmp view
Use this command to display SNMP views.
Command Syntax
show snmp view
Parameters
None
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#show snmp view
View : all
OID : .1
View-type : included
snmp context
Use this command to associate the SNMP context with the VRF.
Use the no form of this command to remove the SNMP context association from VRF.
Command Syntax
snmp context-name WORD
no snmp context-name
Parameters
WORD
SNMP context name (Maximum 32 alphanumeric characters)
Default
No default value is specified.
Command Mode
Configure VRF mode
Applicability
This command was introduced before OcNOS version 6.1.0.
Examples
OcNOS#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
OcNOS(config)#ip vrf red
OcNOS(config-vrf)#snmp context-name context1
snmp-server community
Use this command to create an SNMP community string and access privileges.
Use the no form of this command to remove an SNMP community string.
Command Syntax
snmp-server community WORD (| (view VIEW-NAME version (v1 | v2c ) ( ro)) |
(group (network-admin|network-operator)) |( ro) | (use-acl WORD) ) (vrf management|)
no snmp-server community COMMUNITY-NAME (vrf management|)
Parameters
WORD
Name of the community (Maximum 32 alphanumeric characters)
VIEW-NAME
Name of the snmp view (Maximum 32 alphanumeric characters)
version
Set community string and access privileges
v1
SNMP v1
v2c
SNMP v2c
ro
Read-only access
group
Community group
network-admin
System configured group for read-only
network-operator
System configured group for read-only(default)
ro
Read-only access
use-acl
Access control list (ACL) to filter SNMP requests
WORD
ACL name; maximum length 32 characters
management
Virtual Routing and Forwarding name
Default
No default value specified.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server community MyComm view MyView1 version v2c ro vrf management
snmp-server community-map
Use this command to map the community name with context and SNMPv2 user.
Use no form of this command to remove the community mapping.
Note: Community can be mapped with one context and user.
Command Syntax
snmp-server community-map WORD context WORD user WORD (vrf management|)
no snmp-server community-map WORD context WORD user WORD (vrf management|)
Parameters
WORD
SNMP community name
context
SNMP context name
WORD
Context string
user
SNMP user name
WORD
User string
management
Virtual Routing and Forwarding name
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS-SP version 5.1 MR.
Examples
OcNOS(config)#snmp-server community-map test context ctx2 user testing vrf management
snmp-server contact
Use this command to set the system contact information for the device (sysContact object).
Use the no form of this command to remove the system contact information.
Command Syntax
snmp-server contact (vrf management|) (TEXT|)
no snmp-server contact (vrf management|) (TEXT|)
Parameters
management
Virtual Routing and Forwarding name
TEXT
System contact information; maximum length 1024 characters without spaces
Default
No default value specified.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server contact vrf management Irving@555-0150
snmp-server context
Use this command to create SNMP context.
Use no form of this command to remove the context.
Command Syntax
snmp-server context WORD (vrf management|)
no snmp-server context WORD (vrf management|)
Parameters
context
SNMP context name
WORD
Context string (Maximum 32 alphanumeric characters)
management
Virtual Routing and Forwarding name
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 5.1MR.
Examples
OcNOS(config)#snmp-server context ctx1 vrf management
snmp-server disable default
Use this command to disable default instance which is running on OcNOS device. After configuring this command user should not be able to enable default snmp instance. Use no form of this command to unset this after that only user should be able to configure default instance.
Command Syntax
snmp-server disable-default
Parameters
None
Default
No default value specified.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 6.1.0.
Examples
#configure terminal
(config)#snmp-server disable-default
snmp-server enable snmp
Use this command to start the SNMP agent daemon over UDP.
Use the no form of this command to stop the SNMP agent daemon over UDP.
Command Syntax
snmp-server enable snmp (vrf management|)
no snmp-server enable snmp (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
No default value specified.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server enable snmp vrf management
snmp-server enable traps
Use this command to enable or disable SNMP traps and inform requests.
Note: For CMMD, Critical logs in the console are equivalent to Alert traps & Alert logs on the console is equivalent to critical trap in SNMP.
Command Syntax
snmp-server enable traps (link(|linkDown|linkUp|include-interface-name)|snmp(|authentication)| mpls|pw|pwdelete|ospf|bgp|isis|vxlan|vrrp|ospf6)
no snmp-server enable traps (link(|linkDown|linkUp|include-interface-name)|snmp(|authentication)| mpls|pw|pwdelete|ospf|bgp|isis|vxlan|vrrp|ospf6
Parameters
bgp
bgp notification trap
isis
isis notification trap
link
Module notifications enable
linkDown
IETF Link state down notification
linkUp
IETF Link state up notification
snmp
Enable RFC 1157 notifications
authentication
Send SNMP authentication failure notifications
mpls
mpls notification trap
mplsl3vpn
mpls-l3vpn notification trap
ospf
ospf notification trap
ospf6
ospf6 notification trap
pw
pw notification trap
pwdelete
pwdelete notification trap
rib
rib notification trap
rsvp
rsvp notification trap
vrrp
vrrp notification trap
vxlan
vxlan notification trap
linkDown
IETF link state down notification
linkup
IETF link state up notification
include-interface-name
Enable this option to include interface name in the Linkup/Linkdown trap's varbind
Default
By default, SNMP server traps are enabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3 and was updated in OcNOS version 4.0.
Examples
(config)#snmp-server enable traps snmp
(config)#snmp-server enable traps mpls
(config)#snmp-server enable traps mplsl3vpn
(config)#snmp-server enable traps rsvp
(config)#snmp-server enable traps ospf
(config)#snmp-server enable traps ospf6
(config)#snmp-server enable traps vrrp
(config)#snmp-server enable traps vxlan
(config)#snmp-server enable traps snmp authentication
snmp-server engineID
Use this command to establish the SNMPv3 engine ID.
Use the no form of this command to remove the SNMPv3 engine ID.
Command Syntax
snmp-server engineID ENGINE_ID_STR
no snmp-server engineID
Parameters
ENGINE_ID_STR
String of characters that uniquely identifies the SNMP engine ID.
Default
By Default the SNMP Server Engine ID value is automatically generated using the MAC address.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 6.3.2.
Examples
#configure terminal
(config)#snmp-server engineID ipinfusion
snmp-server group
Use this command to create a SNMP group.
Use the no form of this command to remove the groups.
Command syntax
snmp-server group WORD version (1|2c) (context (all|WORD)|) (vrf management|) snmp-server group WORD version 3 (auth|noauth|priv) (context (all|WORD)|) (vrf management|)
no snmp-server group WORD (context (all|WORD)|) (vrf management|)
Parameters
WORD
Specify the snmp group name (Maximum 32 alphanumeric characters)
version
SNMP Version
1
SNMP v1
2c
SNMP v2c
3
SNMP v3 security level
noauth
No authentication and no privacy (noAuthNoPriv) security model: messages transmitted as clear text providing backwards compatibility with earlier versions of SNMP
auth
Authentication and no privacy (authNoPriv) security model: use message digest algorithm (MD5) or Secure Hash Algorithm (SHA) for packet authentication; messages transmitted in clear text
priv
Authentication and privacy (authPriv) security model: use authNoPriv packet authentication with Data Encryption Standard (DES) Advanced Encryption Standard (AES) for packet encryption
context
SNMP context name
WORD
SNMP context string (Maximum 32 alphanumeric characters)
all
All context name’s allowed for this group.
management
Virtual Routing and Forwarding (VRF) name
Default
None
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS-SP version 5.1 MR.
Examples
OcNOS#con t
OcNOS(config)#snmp-server context ctx1 vrf management
OcNOS(config)#snmp-server group grp1 version 3 auth context ctx1 vrf management
OcNOS(config)#snmp-server group grp3 version 2c context ctx2 vrf management
snmp-server host
Use this command to configure an SNMP trap host. An SNMP trap host is usually a network management station (NMS) or an SNMP manager.
Use the no form of this command to remove an SNMP trap host.
Note: The maximum number of SNMP trap hosts is limited to 8.
Command Syntax
snmp-server host (A.B.C.D | X:X::X:X | HOSTNAME) ((traps version(( (1 | 2c) WORD ) | (3 (noauth | auth | priv) WORD))) |(informs version ((2c WORD ) | (3 (noauth | auth | priv) WORD))))(|udp-port <1-65535>) (vrf management|)
snmp-server host (A.B.C.D | X:X::X:X | HOSTNAME) WORD (|udp-port <1-65535>) (vrf management|)
snmp-server host (A.B.C.D | X:X::X:X | HOSTNAME) (version(( (1 | 2c) WORD ) | (3 (noauth | auth | priv) WORD)))(|udp-port <1-65535>) (vrf management|)
no snmp-server host (A.B.C.D|X:X::X:X|HOSTNAME) (vrf management|)
Parameters
A.B.C.D
IPv4 address
X:X::X:X
IPv6 address
HOSTNAME
DNS host name
WORD
SNMP community string or SNMPv3 user name (Maximum 32 alphanumeric characters)
informs
Send notifications as informs
version
SNMP Version. Default notification is traps
<1-65535>
Host UDP port number; the default is 162
management
Virtual Routing and Forwarding name
traps
Send notifications as traps
version
Version
1
SNMP v1
2c
SNMP v2c
WORD
SNMP community string (Maximum 32 alphanumeric characters)
3
SNMP v3 security level
noauth
No authentication and no privacy (noAuthNoPriv) security model: messages transmitted as clear text providing backwards compatibility with earlier versions of SNMP
auth
Authentication and no privacy (authNoPriv) security model: use message digest algorithm 5 (MD5) or Secure Hash Algorithm (SHA) for packet authentication; messages transmitted in clear text
priv
Authentication and privacy (authPriv) security model: use authNoPriv packet authentication with Data Encryption Standard (DES) Advanced Encryption Standard (AES) for packet encryption
WORD
SNMPv3 user name
Default
The default SNMP version is v2c and the default UDP port is 162.Simple Network Management Protocol.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server host 10.10.10.10 traps version 3 auth MyUser udp-port 512
vrf management
snmp-server location
Use this command to set the physical location information of the device (sysLocation object).
Use the no form of this command to remove the system location information.
Command Syntax
snmp-server location (vrf management|) (TEXT|)
no snmp-server location (vrf management|) (TEXT|)
Parameters
management
Virtual Routing and Forwarding name
TEXT
Physical location information; maximum length 1024 characters
Default
No system location string is set.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server location vrf management Bldg. 5, 3rd floor, northeast
snmp-server smux-port-disable
Use this CLI to disable the SMUX open port.
Command Syntax
snmp-server smux-port-disable
Parameters
None
Default
None
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 5.1 release.
Examples
#configure terminal
#snmp-server smux-port-disable
snmp-server tcp-session
Use this command to start the SNMP agent daemon over TCP.
Use the no form of this command to close the SNMP agent daemon over TCP.
Command Syntax
snmp-server tcp-session (vrf management|)
no snmp-server tcp-session (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
By default, snmp server tcp session is disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server tcp-session vrf management
snmp-server user
Use this command to create an SNMP server user.
Use the no form of this command to remove an SNMP server user.
Command Syntax
snmp-server user WORD ((network-operator|network-admin| WORD|) ((auth (md5 | sha
)(encrypt|) AUTH-PASSWORD) ((priv (des | aes) PRIV-PASSWORD) |) |) (vrf management|)
no snmp-server user USER-NAME (vrf management|)
Parameters
WORD
Specify the snmp user name (Min 5 to Max 32 alphanumeric characters)
network-operator|network-admin
Name of the group to which the user belongs.
WORD
User defined group-name
auth
Packet authentication type
md5
Message Digest Algorithm 5 (MD5)
sha
Secure Hash Algorithm (SHA)
AUTH-PASSWORD
Authentication password; length 8-32 characters
priv
Packet encryption type (“privacy”)
des
Data Encryption Standard (DES)
aes
Advanced Encryption Standard (AES)
PRIV-PASSWORD
Encryption password; length 8-33 characters
management
Virtual Routing and Forwarding name
encrypt
Specify authentication-password and/or privilege-password in encrypted form. This option is provided for reconfiguring a password using an earlier encrypted password that was available in running configuration display or get-config payload. Users are advised not to use this option for entering passwords generated in any other method.
Default
By default, snmp server user word is disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#snmp-server user Fred auth md5 J@u-b;l2e`n,9p_ priv des t41VVb99i8He{Jt vrf management
snmp-server view
Use this command to create or update a view entry
Use the no from of this command to remove a view entry.
Note: OIDs to be excluded or included need to be specifically mentioned while configuring the SNMP view. Only when the OIDs are included will they be displayed in SNMP-Walk. When an OID is excluded, other OIDs must be explicitly included for the system to function.
Command Syntax
snmp-server view VIEW-NAME OID-TREE (included | excluded) (vrf management|)
no snmp-server view VIEW-NAME (vrf management|)
Parameters
VIEW-NAME
Name of the snmp view (Maximum 32 alphanumeric characters)
OID-TREE
Object identifier of a subtree to include or exclude from the view; specify a text string consisting of numbers and periods, such as 1.3.6.2.4
included
Include OID-TREE in the SNMP view
excluded
Exclude OID-TREE from the SNMP view
management
Virtual Routing and Forwarding name
Default
By default, snmp-server view VIEW-NAME OID-TREE is disabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
The following example creates a view named myView3 that excludes the snmpCommunityMIB object (1.3.6.1.6.3.18).
#configure terminal
(config)#snmp-server view myView3 1.3.6.1.6.3.18 excluded vrf management