API Guide
● Configure SNMP views.
OS10(config)# snmp-server view view-name oid-tree [included | excluded]
○ view-name—Enter the name of a read-only, read/write, or notify view. A maximum of 32 characters.
○ oid-tree—Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format.
○ included—(Optional) Include the MIB family in the view.
○ excluded—(Optional) Exclude the MIB family from the view.
● Configure SNMP groups.
OS10(config)# snmp-server group group-name v3 security-level [read view-name] [write
view-name] [notify view-name]
○ group-name—Enter the name of the group. A maximum of 32 alphanumeric characters.
○ v3 security-level—SNMPv3 provides optional user authentication and encryption for SNMP messages, configured
with the snmp-server user command.
○ security-level—(SNMPv3 only) Configure the security level for SNMPv3 users:
■ auth—Authenticate users in SNMP messages.
■ noauth—Do not authenticate users or encrypt SNMP messages; send messages in plain text.
■ priv—Authenticate users and encrypt or decrypt SNMP messages.
○ access acl-name—(Optional) Enter the name of an IPv4 or IPv6 access list to filter SNMP requests received on the
switch. A maximum of 16 characters.
○ read view-name—(Optional) Enter the name of a read-only view. A maximum of 32 characters maximum.
○ write view-name—(Optional) Enter the name of a read/write view. A maximum of 32 characters maximum.
○ notify view-name—(Optional) Enter the name of a notification view. A maximum of 32 characters maximum.
● Configure SNMP users.
OS10(config)# snmp-server user user-name group-name security-model localized auth sha
auth-password priv aes priv-password
OS10(config)# exit
OS10# write memory
○ user-name—Enter the name of the user. A maximum of 32 alphanumeric characters.
○ group-name—Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters.
○ security-model—Enter an SNMP version that sets the security level for SNMP messages:
■ 3—SNMPv3 provides user authentication and encryption for SNMP messages.
○ auth—(SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user:
■ sha—Generate an authentication key using the SHA algorithm.
■ auth-password—Enter the encrypted string.
○ priv—Configure encryption for SNMPv3 messages sent to the user:
■ aes—Encrypt messages using AES 128-bit algorithm.
■ priv-password—Enter the encrypted string.
○ localized—Generate an SNMPv3 authentication and/or privacy key in localized key format.
Check what SNMP rules are running
OS10# show running-configuration snmp
!
snmp-server community public ro acl snmp-read-only-acl
18
OS10 security best practices