SNMP

This section covers the Cisco Nexus 3550-F Fusion's (formerly ExaLINK Fusion) support for SNMP v2c. The MIB file for the Nexus 3550-F can be downloaded here.

Show configuration

The current status and configuration for SNMP can be obtained by issuing the following command:

admin@N3550-F> config show snmp
SNMP status    : disabled
Location       :
Contact        :
Community name :
Listen port    : 161 (default)
SNMP traps     : disabled

To view just the status of all services:

admin@N3550-F> show services
Service        Status
-------------- --------
telnet         enabled
remote-logging disabled
snmp           disabled
snmptrap       enabled
http           enabled

Configuring SNMP

Before SNMP can be used, the shared read community phrase should be set. This is shared between the Nexus 3550-F and the system making the SNMP requests. It can be set, for example:

admin@N3550-F> config snmp read community public
SNMP configuration updated

After which, the service may be enabled.

admin@N3550-F> config snmp enable
SNMP enabled

The location of the Nexus 3550-F can be set in the SNMP configuration. This is available to SNMP through the OID SNMPv2-MIB::sysLocation.0. Similarly, the configured contact details are available through SNMPv2-MIB::sysContact.0.

admin@N3550-F> config snmp location "server room, 6th floor"
SNMP configuration updated

admin@N3550-F> config snmp contact "The Sys Admin <sysadmin@company.org>"
SNMP configuration updated

admin@N3550-F> config show snmp
SNMP status    : enabled
Location       : server room, 6th floor
Contact        : The Sys Admin <sysadmin@company.org>
Community name : public
Listen port    : 161 (default)
SNMP traps     : disabled

SNMP traps

The Nexus 3550-F has the ability to send SNMP notifications on important events. To enable this feature, use the command:

admin@N3550-F> config snmp trap enable
SNMP Trap enabled

To specify where the SNMP notifications should be sent, one or more trap targets must be configured using the snmp trap target command:

admin@N3550-F> config snmp trap target 192.168.220.11 public
SNMP Trap configuration updated

To clear SNMP trap targets use the no form of the command:

admin@N3550-F> config no snmp trap
Reset SNMP Trap configuration

The current SNMP trap configuration is visible via the show snmp command:

admin@N3550-F> config show snmp
SNMP status    : enabled
Location       : server room, 6th floor
Contact        : The Sys Admin <sysadmin@company.org>
Community name : public
Listen port    : 161 (default)
SNMP traps     : enabled

Target address Community
-------------- ---------
192.168.220.11   public
192.168.220.12   public

SNMP v3

SNMP v3 can be configured to operate on the Nexus 3550-F. If an administrator chooses to specify SNMP v3 users then this will change the behaviour of the SNMP system, providing the ability to authentic users,encrypt traffic and generate secure traps.

SNMP v3 requires users to be configured as part of the SNMP configuration. When the operator is adding these users they can decide whether the user should require no authentication, authentication only or authentication and encryption.

A SNMP v3 user can be added to the Nexus 3550-F with the configure snmp user command. This follows the usage:

admin@N3550-F> configure snmp user
Usage: configure snmp user <name> [{md5-auth|sha-auth} <auth_password> [{aes-encrypt|des-encrypt} <privacy_phrase>]]

For example to add a user with no authentication and no encryption run:

configure snmp user tim

To configure a user with MD5 authentication but not encryption run:

configure snmp user tom md5-auth mypassword1

To configure a user with SHA authentication and AES encryption run:

configure snmp user jim sha-auth mypassword2 aes-encrypt mypassphrase3

To view the configured SNMP users run the show snmp command which will include a table of the configured users:

User auth-type auth-password encrypt-type encrypt-phrase
---- --------- ------------- ------------ --------------
tim  (none)    (none)        (none)       (none)
tom  MD5       mypassword1   (none)       (none)
jim  SHA       mypassword2    AES          mypassphrase3

If no SNMP v3 users are configured show snmp will instead contain:

No SNMP v3 users configured

If an administrator has configured SNMP v3 users then when a TRAP is generated the SNMP v3 TRAP functionality will be enforced. The TRAP notifications will be sent to the specified targets using the configured authentication and encryption methods. The TRAP target will need to be configured in a similar manner to observe or act on the SNMP v3 TRAPS.

Before a TRAP target can configure the valid users, the operator will need to identify the engine ID of the SNMP source. This can be done by querying the SNMP OID for the snmpEngineID.

$ snmpget -v 3 -l noAuthNoPriv -u tim EXALINK SNMP-FRAMEWORK-MIB::snmpEngineID.0
SNMP-FRAMEWORK-MIB::snmpEngineID.0 = Hex-STRING: 80 00 A9 20 03 64 3F 5F 80 C4 00

An example snmptrapd.conf file that would allow an operator to view SNMP v3 TRAPs raised from the users defined on the Nexus 3550-F above would then be:

createUser -e 0x8000A92003643F5F80C400 tim
authuser log tim
createUser -e 0x8000A92003643F5F80C400 tom MD5 mypassword1
authuser log tom
createUser -e 0x8000A92003643F5F80C400 jim SHA mypassword1 AES mypassphrase3
authuser log jim

This page was last updated on Mar-08-2021.