Configuring SNMP
Enforcing SNMP Message Encryption
You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP
agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco
NX-OS responds with an authorization error for any SNMPv3 PDU request that uses a security level parameter
of either noAuthNoPriv or authNoPriv.
Use the following command in global configuration mode to enforce SNMP message encryption for a specific
user:
Command
switch(config)# snmp-server user name enforcePriv
Use the following command in global configuration mode to enforce SNMP message encryption for all users:
Command
switch(config)# snmp-server globalEnforcePriv
Assigning SNMPv3 Users to Multiple Roles
After you configure an SNMP user, you can assign multiple roles for the user.
Note
Only users who belong to a network-admin role can assign roles to other users.
Command
switch(config)# snmp-server user name group
Creating SNMP Communities
You can create SNMP communities for SNMPv1 or SNMPv2c.
Command
switch(config)# snmp-server community name group {ro | rw}
Filtering SNMP Requests
You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL
allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops
the request and sends a system message.
Create the ACL with the following parameters:
• Source IP address
• Destination IP address
Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 7.x
Enforcing SNMP Message Encryption
Purpose
Enforces SNMP message encryption for this user.
Purpose
Enforces SNMP message encryption for all users.
Purpose
Associates this SNMP user with the configured user role.
Purpose
Creates an SNMP community string.
97