1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Switch
  5. Catalyst 2000
  6. Configuration handbook

Cisco Catalyst 2000 Configuration Handbook page 222

Catalyst series lan switching
Hide thumbs
Table of Contents

Advertisement

Optional standard IP access list acc-list can be given to further limit access
only to SNMP managers with permitted IP addresses. Access can be defined
for read-only and read-write SNMP modes. Refer to section "11-6: Access
Class" in Chapter 11, "Controlling Traffic and Switch Access," for more infor-
mation about the IP permit command.
Tip You should strongly consider changing the default SNMP community strings on all
switches. Leaving the default values active can make it easier for unauthorized people to
gain access to your switch's activity and configuration. After you change the community
strings to unique values, restrict SNMP access to only the IP addresses of the network
management hosts under your control.
(SNMPv3 only) Define names for the engine IDs.
To specify the local engine ID name, enter the following commands:
(global) snmp-server engineID [local id-string] | [remote ip-address
udp-port port id-string]
SNMPv3 uses authentication and encryption based on several parameters.
Each end of the SNMP trust relationship must be defined, in the form of
engine ID text strings, id-string. These values are 24-character strings but can
be specified with shorter strings that are filled to the right with zeros. The
local switch running SNMP must be defined with the local keyword and id-
string.
To specify the remote SNMP engine ID name, enter the following command:
(global) snmp-server engineID remote ip-address [udp-port port] id-string
The remote SNMP engine (an SNMP instance on a remote host or
management station) is defined with an ip-address and a text string name id-
string. An optional UDP port to use for the remote host can be given with the
udp-port keyword (default 161).
Note If either local or remote engine ID names change after these commands are used,
the authentication keys become invalid, and users must be reconfigured. MD5 and SHA
keys are based on user passwords and the engine IDs.
(Optional) Define a group access template for SNMP users:
(global) snmp-server group [groupname {v1 | v2c | v3 {auth | noauth}}] [read
readview] [write writeview] [notify notifyview] [access acc-list]
The template groupname defines the security policy to be used for groups of
SNMP users. The SNMP version used by the group is set by the v1, v2c, and
v3 keywords. For SNMPv3, the security level must also be specified as auth
Chapter 12: Switch Management 201
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Cisco Catalyst 2000

Related Products for Cisco Catalyst 2000

This manual is also suitable for:

Catalyst 3000Catalyst 3560-eCatalyst 2940Catalyst 2975Catalyst 2960Catalyst 4948 ... Show all

Table of Contents