Connectivity Guide
• Assign users to groups and congure SNMPv3-specic authentication and encryption settings, and optionally, localized security keys
and ACL-based access.
Conguring SNMP consists of these tasks in any order:
• Congure SNMP engine ID
• Congure SNMP views
• Congure SNMP groups
• Congure SNMP users
Congure SNMP engine ID
The engine ID identies the SNMP local agent on a switch. The engine ID is an octet colon-separated number; for example,
80:00:02:b8:04:61:62:63 .
The local engine ID is used to create a localized authentication and/or privacy key for greater security in SNMPv3 messages. You generate
a localized authentication and/or privacy key when you congure an SNMPv3 user.
Congure a remote device and its engine ID to allow a remote user to query the local SNMP agent. The remote engine ID is included in the
query and used to generate the authentication and privacy password keys to access the local agent. If you do not congure the remote
engine ID, remote users' attempts to access the local agent fail.
NOTE: Be sure to create a remote engine ID with the snmp-server engineID command before you congure a remote user
with the snmp-server user command. If you change the congured engine ID for a remote device, you must recongure the
authentication and privacy passwords for all remote users associated with the remote engine ID.
snmp-server engineID [local engineID] [remote ip-address {[udp-port port-number] remote-
engineID}]
To display the localized authentication and privacy keys in an SNMPv3 user conguration, enter the show snmp engineID local
command.
Generate SNMPv3 localized keys
OS10(config)# snmp-server engineID local 80:00:02:b8:04:61:62:63
OS10(config)# snmp-server engineID remote 1.1.1.2 udp-port 432 0xabeecc
Display localized keys
OS10# show snmp-server engineID local
Local default SNMP engineID: 80:00:02:b8:04:61:62:63
Congure SNMP views
Congure a read-only, read-write, or notify view of the MIB tree structure in the SNMP agent on the switch.
The oid-tree value species the OID in the MIB tree hierarchy at which a view starts. Enter included or excluded to include or
exclude the rest of the sub-tree MIB contents in the view. If necessary, re-enter the command to exclude tree entries in the included
content.
snmp-server view view-name oid-tree [included | excluded]
Congure read-only view
OS10(config)# snmp-server view readonly 1.3.6.1.2.1.31.1.1.1.6 included
System management
105