Enabling SNMP
By default, SNMP is disabled on Cisco vEdge devices. To enable it and provide support for SNMP Versions 1, 2, and 3:
vEdge(config)# snmp
vEdge(config-snmp)# no shutdown
Enabling SNMP allows the device to use MIBs, generate traps, and respond to requests from an SNMP walk application.
Configuring an SNMP View
To create an SNMP view, along with an OID, so that SNMP information is available to the SNMP server, configure an SNMP view
and its corresponding OID subtree:
vEdge(config-snmp)# view string
vEdge(config-snmp)# oid oid-subtree
In the OID subtree, you can use the wildcard * (asterisk) in any position to match any value at that position.
The following example creates a view of the Internet portion of the SNMP MIB:
vEdge(config)# snmp view v2 oid 1.3.6.1
The following example creates a view of the private portion of the Cisco SD-WAN MIB:
vEdge(config)# snmp view vEdge-private oid 1.3.6.1.4.1.41916
Configuring Access to an SNMP View
To require authentication privileges to access an SNMP view, configure SNMPv3. To do this, you configure authentication credentials
for SNMPv3 users, and you configure groups of SNMP views and the authentication credentials required to access the views.
To configure authentication credentials for an SNMPv3 user, create a user and assign them an authentication level and a privacy
level, depending on the authentication type you configure for the SNMP group (with the snmp group command, described below):
vEdge(config)# snmp user username
vEdge(config-user)# auth authentication
vEdge(config-user)# auth-password password
vEdge(config-user)# priv privacy
vEdge(config-user)# priv-password password
The username can be a string from 1 to 32 characters.
The authentication commands enable authentication privileges for the user. You can enter the password as a cleartext string
or as an AES-encrypted key.
The privacy commands enable a privacy mechanism for the user. You can enter the password as a cleartext string or as an AES-encrypted
key.
Then associate the SNMPv3 user with an SNMP group:
vEdge(config-user)# group group-name
group-name is the name of a group of views that you configure with the snmp group command.
To configure a group of views:
vEdge(config)# snmp group group-name authentication
vEdge(config-group)# view view-name
The group name can be a string from 1 to 32 characters.
The authentication to use for the group can be one of the following:
-
auth-no-priv —Authenticate using the selected authentication algorithm. When you configure this authentication, users in this group must
be configured with an authentication and an authentication password (with the snmp user auth and auth-password commands).
-
auth-priv —Authenticate using the selected authentication algorithm. When you configure this authentication, users in this group must
be configured with an authentication and an authentication password (with the snmp user auth and auth-password commands) and a privacy and privacy password (with the snmp user priv and priv-password commands).
-
no-auth-no-priv —Authenticate based on a username. When you configure this authentication, you do not need to configure authentication or
privacy credentials.
Note |
Use two separate transactions to move an SNMP user to a new group and to delete the old group. Moving an SNMP user to a new
group and deleting the old group in the same transaction is not supported.
|
The view name is the name of an SNMP view that you configure with the snmp view command.
Configuring Contact Parameters
For each Cisco vEdge device, you can configure its SNMP node name, physical location, and contact information for the person or entity responsible for
the device:
vEdge(config)# snmp
vEdge(config-snmp)# name string
vEdge(config-snmp)# location string
vEdge(config-snmp)# contact string
If any of the strings include spaces, enclose the entire string in quotation marks (" ").
Configuring an SNMP Community
The SNMP community string defines the relationship between an SNMP server system and the client systems. This string acts
like a password to control the clients' access to the server. To configure a community string, use the community command:
vEdge(config-snmp)# community name
vEdge(config-community-name)# authorization read-only
vEdge(config-community-name)# view string
The community name can be 1 through 32 characters long. It can include angle brackets (< and >). If the name includes spaces,
enclose the entire name in quotation marks (" ").
Use the view command to specify the portion of the MIB tree to view. string is the name of a view record configured with the snmp view command, as described below.
The Cisco SD-WAN software supports the standard interfaces, MIB, IF-MIB, and the system MIB (SNMPv2-MIB), which are automatically loaded onto
the Cisco vEdge device when you install the Cisco SD-WAN software. For a list of enterprise MIBs, see Supported SNMP MIBs. The MIBs supported by the Cisco SD-WAN software do not allow write operations, so you can configure only read-only authorization (which is the default authorization).
Configuring View Records
To configure a portion of an SNMP MIB to view, use the view command:
vEdge(config-snmp)# view string
vEdge(config-view)# oid oid-subtree [exclude]
For example, to view the internet portion of the SNMP MIB, configure the OID 1.3.6.1:
vEdge(config-snmp)# view v2 oid 1.3.6.1
To view the private portion of the Cisco SD-WAN MIB, configure the OID 1.3.6.1.4.1.41916.
SNMP Configuration Commands
Use the following commands to configure SNMP:
snmp
community name
authorization (read-only | read-write)
view string
contact string
group group-name authentication
view string
location string
name string
[no] shutdown
trap
group group-name
trap-type
level severity
target vpn vpn-id ip-address udp-port
community-name community-name
group-name group-name
source-interface interface-name
user username
auth authentication
auth-password password
group group-name
priv privacy
priv-password password
SNMP Monitoring Commands
Use the following command to monitor SNMP:
Use the show running-config snmp command to monitor SNMP. The command output shows the active configuration that is running on the Cisco vEdge device.