Table of Contents
SNMP Software Configuration Guide for Cisco 1000 Series Connected Grid Routers (Cisco IOS)
Configuring Heartbeat Notifications
SNMP Software Configuration Guide for Cisco 1000 Series Connected Grid Routers (Cisco IOS)
This chapter describes how to configure Simple Network Management Protocol (SNMP) on the Cisco 1000 Series Connected Grid Router (hereafter referred to as the CGR 1000).
Information About SNMP
The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message format for communication between SNMP managers and agents. SNMP provides a standardized framework and a common language used for the monitoring and management of devices in a network.
This section includes the following topics:
SNMP Functional Overview
The SNMP framework consists of three parts:
- An SNMP manager—The system used to control and monitor the activities of network devices using SNMP.
- An SNMP agent—The software component within the managed device that maintains the data for the device and reports these data, as needed, to managing systems. To enable the SNMP agent, you must define the relationship between the manager and the agent.
- A managed information base (MIB)—The collection of managed objects on the SNMP agent.
The CGR 1000 supports SNMP over IPv4 and IPv6. You can configure the CGR 1000 as SNMP agent and SNMP manager.
SNMP Versions
The CGR 1000 software supports the following versions of SNMP:
- SNMPv1—Simple Network Management Protocol: a full Internet standard, defined in RFC 1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based on community strings.
- SNMPv2c—The community string-based Administrative Framework for SNMPv2. SNMPv2c (the “c” is for “community”) is an experimental Internet protocol defined in RFC 1901, RFC 1905, and RFC 1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic) and uses the community-based security model of SNMPv1.
- SNMPv3—Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs 3413 to 3415. SNMPv3 provides secure access to devices by authenticating and encrypting packets over the network. In SNMPv3, an authentication strategy is set up for a user and the group in which the user resides.
Security Models and Levels
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3.
The security level determines if an SNMP message needs to be protected from disclosure and if the message needs to be authenticated. The various security levels that exist within a security model are as follows:
- noAuthNoPriv—Security level that does not provide authentication or encryption.
- authNoPriv—Security level that provides authentication but does not provide encryption.
- authPriv—Security level that provides both authentication and encryption.
The security model combined with the security level determine the security mechanism applied when the SNMP message is processed.
Table 1 lists the combinations of security models and levels and their meanings.
User-Based Security Model
The SNMPv3 User-Based Security Model (USM) refers to SNMP message-level security and offers the following services:
- Message integrity—Ensures that messages have not been altered or destroyed in an unauthorized manner and that data sequences have not been altered to an extent greater than can occur non-maliciously.
- Message origin authentication—Ensures that the claimed identity of the user on whose behalf received data was originated is confirmed.
- Message confidentiality—Ensures that information is not made available or disclosed to unauthorized individuals, entities, or processes.
SNMPv3 authorizes management operations only by configured users and encrypts SNMP messages.
The CGR 1000 uses two authentication protocols for SNMPv3:
The CGR 1000 supports DES 56-bit, 3-DES, or AES as the privacy protocol for SNMPv3 message encryption.
SNMP Notifications
A key feature of SNMP is the ability to generate notifications from an SNMP agent. These notifications do not require that requests be sent from the SNMP manager. Notifications can indicate improper user authentication, restarts, the closing of a connection, loss of a connection to a neighbor router, or other significant events.
CGR 1000 generates SNMP notifications as either traps or informs. A trap is an asynchronous, unacknowledged message sent from the agent to the SNMP managers listed in the host receiver table. Informs are asynchronous messages sent from the SNMP agent to the SNMP manager which the manager must acknowledge receipt of.
Traps are less reliable than informs because the SNMP manager does not send any acknowledgment when it receives a trap. The CGR 1000 cannot determine if the trap was received. An SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the CGR 1000 never receives a response, it can send the inform request again.
You can configure the CGR 1000 to send notifications to multiple host receivers. See the section Configuring a Recipient of an SNMP Trap Operation in the SNMP Configuration Guide, Cisco IOS Release 15M&T for more information about host receivers.
Note Many snmp-server commands use the keyword traps in their command syntax. Unless there is an option within the command to specify either traps or informs, the keyword traps should be taken to mean traps, informs, or both. Use the snmp-server host command to specify whether you want SNMP notifications to be sent as traps or informs. To use informs, the SNMP manager (also known as the SNMP proxy manager) must be available and enabled on a device.
Table 2 lists the notifications that the CGR 1000 supports, the associated MIBs, and the commands to enable the notifications.
Note The MIBs shown in Table 2 are supported only for the associated notification. The complete MIBs and associated notifications that the CGR 1000 supports are listed in Table 3.
snmp-server enable traps flash removal
Note When the flash is removed, ciscoFlashDeviceRemovedNotifRev1 is generated (if enabled) and the CGR 1000 reboots. Flash insertion notifications are not supported.snmp-server enable traps cisco-sys heartbeat
Note To enable heartbeat notifications, you must also configure the heartbeat interval and set the heartbeat state to active. See the “Configuring Heartbeat Notifications” section.Supported MIBs
Table 3 lists the MIBs that the CGR 1000 supports and the commands to enable notifications for the MIBs.
Prerequisites
- An established SNMP community string that defines the relationship between the SNMP manager and the agent.
- A host defined to be the recipient of SNMP notifications.
- The network management station (NMS) must support SNMP version 3 to be able to use SNMP version 3 encryption.
- SNMP version 3 encryption is available only in Cisco software images that support encryption algorithms.
- You should have an understanding of the security model used and how the security model interacts with the other subsystems in the SNMP architecture.
Guidelines and Limitations
- For the router that runs the SNMP agent, you must configure appropriate access control (for example, SNMP-server community) using the Cisco IOS CLI for the NMS and agent to work properly.
- It is strongly recommended that you configure SNMPv3 with authentication/privacy when implementing SNMP SET operation.
Default Settings
By default, SNMP is not enabled. Required traps must be enabled as described in the section Configuring SNMP Notifications in the SNMP Configuration Guide, Cisco IOS Release 15M&T . See Table 3 for the commands to enable notifications on the CGR 1000.
Configuring SNMP
There is no specific command that you use to enable SNMP. The first snmp-server command that you enter enables the supported versions of SNMP. All other configurations are optional.
To configure SNMP support on the CGR 1000, perform these tasks in the section How to Configure SNMP Support in the SNMP Configuration Guide, Cisco IOS Release 15M&T :
- Configuring System Information
- Configuring SNMP Versions 1 and 2
- Configuring SNMP Version 3
- Configuring a Device as an SNMP Manager
- Enabling the SNMP Agent Shutdown Mechanism
- Defining the Maximum SNMP Agent Packet Size
- Limiting the Number of TFTP Servers Used via SNMP
- Disabling the SNMP Agent
- Configuring SNMP Notifications
To configure heartbeat notifications on the CGR 1000, follow the procedure in the next section.
Configuring Heartbeat Notifications
Follow this procedure to configure the CGR 1000 to generate heartbeat notifications.
BEFORE YOU BEGIN
Review the information in the “SNMP Notifications” section.
Verifying Configuration
Displays information about the local SNMP engine and all remote engines that have been configured on the device.
Displays information about the configured characteristics of SNMP users.
To monitor SNMP trap activity in real time for the purposes of troubleshooting, use the SNMP debug commands, including the debug snmp packet EXEC command. For documentation of SNMP debug commands, see the Cisco IOS Debug Command Reference .
Configuration Example
See the section Example Configuring SNMPv1 SNMPv2c and SNMPv3 in the SNMP Configuration Guide, Cisco IOS Release 15M&T for SNMP configuration examples.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html .
Subscribe to What’s New in Cisco Product Documentation , which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
This document is to be used in conjunction with the documents listed in the “Related Documents” section.Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.