API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n

161

162

163

164

165

166

167

168

169

170

In OS10, users are assigned SNMP access privielges according to the group they belong to. You configure each group for access

to SNMP MIB tree views.

SNMP views

In OS10, you configure views for each security model and level in an SNMP user group. Each type of view specifies the object ID

(OID) in the MIB tree hierarchy at which the view starts. You can also specify whether the rest of the MIB tree structure is

included or excluded from the view.

● A read view provides read-only access to the specified OID tree.

● A write view provides read-write access to the specified OID tree.

● A notify view allows SNMP notifications (traps and informs) from the specified OID tree to be sent to other members of the

group.

Configure SNMP

To set up communication with SNMP agents in your network:

● Configure the read-only, read-write, and notify access for SNMP groups.

● Configure groups with SNMP views for specified SNMP versions (security models).

● Assign users to groups and configure SNMPv3-specific authentication and encryption settings, and optionally, localized

security keys and ACL-based access.

Configuring SNMP consists of these tasks in any order:

● Configure SNMP engine ID

● Configure SNMP views

● Configure SNMP groups

● Configure SNMP users

Configure SNMP engine ID

The engine ID identifies the SNMP local agent on a switch. The engine ID is an octet colon-separated number; for example,

80:00:02:b8:04:61:62:63 .

The local engine ID is used to create a localized authentication and/or privacy key for greater security in SNMPv3 messages.

You generate a localized authentication and/or privacy key when you configure an SNMPv3 user.

Configure a remote device and its engine ID to allow a remote user to query the local SNMP agent. The remote engine ID is

included in the query and used to generate the authentication and privacy password keys to access the local agent. If you do not

configure the remote engine ID, remote users' attempts to access the local agent fail.

NOTE:

Create a remote engine ID with the snmp-server engineID command before you configure a remote user with

the snmp-server user command. If you change the configured engine ID for a remote device, you must reconfigure the

authentication and privacy passwords for all remote users associated with the remote engine ID.

snmp-server engineID [local engineID] [remote ip-address {[udp-port port-number] remote-

engineID}]

To display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show snmp engineID

local command.

Configure SNMP engineID

OS10(config)# snmp-server engineID local 80:00:02:b8:04:61:62:63

Display SNMP engineID

OS10# show snmp engineID local

Local default SNMP engineID: 0x800002a2036c2b59fbd8a0

System management

161