Enforcing Snmp Message Encryption; Assigning Snmpv3 Users To Multiple Roles; Creating Snmp Communities; Filtering Snmp Requests - Cisco Nexus 3548 series Configuration Manual

Configuring SNMP

Enforcing SNMP Message Encryption

You can configure SNMP to require authentication or encryption for incoming requests. By default, the SNMP
agent accepts SNMPv3 messages without authentication and encryption. When you enforce privacy, Cisco
NX-OS responds with an authorization error for any SNMPv3 PDU request that uses a security level parameter
of either noAuthNoPriv or authNoPriv.
Use the following command in global configuration mode to enforce SNMP message encryption for a specific
user:
Command
switch(config)# snmp-server user name enforcePriv
Use the following command in global configuration mode to enforce SNMP message encryption for all users:
Command
switch(config)# snmp-server globalEnforcePriv

Assigning SNMPv3 Users to Multiple Roles

After you configure an SNMP user, you can assign multiple roles for the user.
Note Only users who belong to a network-admin role can assign roles to other users.
Command
switch(config)# snmp-server user name group

Creating SNMP Communities

You can create SNMP communities for SNMPv1 or SNMPv2c.
Command
switch(config)# snmp-server community name group {ro | rw}

Filtering SNMP Requests

You can assign an access list (ACL) to a community to filter incoming SNMP requests. If the assigned ACL
allows the incoming request packet, SNMP processes the request. If the ACL denies the request, SNMP drops
the request and sends a system message.
Create the ACL with the following parameters:
• Source IP address
• Destination IP address
Cisco Nexus 3548 Switch NX-OS System Management Configuration Guide, Release 7.x
Enforcing SNMP Message Encryption
Purpose
Enforces SNMP message encryption for this user.
Purpose
Enforces SNMP message encryption for all users.
Purpose
Associates this SNMP user with the configured user role.
Purpose
Creates an SNMP community string.
97