SNMP over IPv6
Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6.
Simple Network Management Protocol (SNMP) can be configured over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running IPv6 software. The SNMP agent and related MIBs have been enhanced to support IPv6 addressing. This feature uses the data encryption standard (3DES) and advanced encryption standard (AES) message encryption.
Use an SNMP community string to define the relationship between the SNMP manager and the agent. The community string acts like a password to regulate access to the agent on the device. Optionally, you can specify one or more of the following characteristics associated with the string:
An access list of IP addresses of the SNMP managers that are permitted to use the community string to gain access to the agent.
A MIB view, which defines the subset of all MIB objects accessible to the given community.
Read and write or read-only permission for the MIB objects accessible to the community.
You can configure one or more community strings. To remove a specific community string, use the no snmp-server community command.
The snmp-server host command specifies which hosts will receive SNMP notifications, and whether you want the notifications sent as traps or inform requests. The snmp-server enable traps command globally enables the production mechanism for the specified notification types (such as Border Gateway Protocol [BGP] traps, config traps, and entity traps).
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode.
|
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
snmp-server community string [view view-name ] [ro | rw ] [ipv6 nacl ] [access-list-number ] Example:
|
Defines the community access string. |
||
Step 4 |
snmp-server engineID remote {ipv4-ip-address | ipv6-address } [udp-port udp-port-number ] [vrf vrf-name ] engineid-string Example:
|
(Optional) Specifies the name of the remote SNMP engine (or copy of SNMP). |
||
Step 5 |
snmp-server group group-name {v1 | v2c | v3 {auth | noauth | priv }} [context context-name ] [read read-view ] [write write-view ] [notify notify-view ] [access [ipv6 named-access-list ] {acl-number | acl-name }] Example:
|
(Optional) Configures a new SNMP group, or a table that maps SNMP users to SNMP views. |
||
Step 6 |
snmp-server host {hostname | ip-address } [vrf vrf-name ] [traps | informs ] [version {1 | 2c | 3 [auth | noauth | priv ]}] community-string [udp-port port ] [notification-type ] Example:
|
Specifies the recipient of an SNMP notification operation.
|
||
Step 7 |
snmp-server user username group-name [remote host [udp-port port ]] {v1 | v2c | v3 [encrypted ] [auth {md5 | sha } auth-password ]} [access [ipv6 nacl ] [priv {des | 3des | aes {128 | 192 | 256 }} privpassword ] {acl-number | acl-name } ] Example:
|
(Optional) Configures a new user to an existing SNMP group.
|
||
Step 8 |
snmp-server enable traps [notification-type ] [vrrp ] Example:
|
Enables sending of traps or informs, and specifies the type of notifications to be sent.
|
The following example permits any SNMP to access all objects with read-only permission using the community string named public. The device also will send SNMP FLASH traps to the IPv4 host 172.16.1.111 and IPv6 host 3ffe:b00:c18:1::3/127 using SNMPv1 and to the host 172.16.1.27 using SNMPv2c. The community string named public will be sent with the traps.
Device(config)# snmp-server community public
Device(config)# snmp-server enable traps flash
Device(config)# snmp-server host 172.16.1.27 version 2c public
Device(config)# snmp-server host 172.16.1.111 version 1 public
Device(config)# snmp-server host 3ffe:b00:c18:1::3/127 public
In the following example, the SNMP context A is associated with the views in SNMPv2c group GROUP1 and the IPv6 named access list public2:
Device(config)# snmp-server context A
Device(config)# snmp mib community-map commA context A target-list commAVpn
Device(config)# snmp mib target list commAVpn vrf CustomerA
Device(config)# snmp-server view viewA ciscoPingMIB included
Device(config)# snmp-server view viewA ipForward included
Device(config)# snmp-server group GROUP1 v2c context A read viewA write viewA notify access ipv6 public2
The following example configures the IPv6 host as the notification server:
Device> enable
Device# configure terminal
Device(config)# snmp-server community mgr view restricted rw ipv6 mgr2
Device(config)# snmp-server engineID remote 3ffe:b00:c18:1::3/127 remotev6
Device(config)# snmp-server group public v2c access ipv6 public2
Device(config)# snmp-server host host1.com 2c vrf trap-vrf
Device(config)# snmp-server user user1 bldg1 remote 3ffe:b00:c18:1::3/127 v2c access ipv6 public2
Device(config)# snmp-server enable traps bgp
Device(config)# exit