The SNMP framework consists of three parts:

• An SNMP manager—The system used to control and monitor the activities of network devices using SNMP.

• An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to manage systems. Cisco VSG supports the agent and MIB. To enable the SNMP agent, you must define the relationship between the manager and the agent.

• A managed information base (MIB)—The collection of managed objects on the SNMP agent.

• SNMP is defined in RFCs 3411 to 3418.

Note	SNMP role-based access control (RBAC) is not supported. Both SNMPv1 and SNMPv2c use a community-based form of security.

A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of a connection to a neighbor router, or other significant events.

SNMP notifications are generated as either traps or informs. A trap is an asynchronous, unacknowledged message sent from the agent to the SNMP managers listed in the host receiver table. Informs are asynchronous messages sent from the SNMP agent to the SNMP manager which the manager must acknowledge receipt of.

Traps are less reliable than informs because the SNMP manager does not send any acknowledgment when it receives a trap. The Intercloud Fabric Firewall (VSG) cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the ICF Firewall never receives a response, it can send the inform request again. You can configure the ICF FIrewall to send notifications to multiple host receivers.

Stateless restarts for SNMP are supported. After a reboot or supervisor switchover, the running configuration command is applied.