Configuring SNMP
To configure a community string on the switch, perform this task:
Command
Step 1
Switch# configure terminal
Step 2
Switch(config)# [no] snmp-server
community string [view view-name] [ro |
rw] [access-list-number]
Step 3
Switch(config)# access-list
access-list-number
[source-wildcard]
Step 4
Switch(config)# end
Step 5
Switch# show running-config
Step 6
Switch# copy running-config
startup-config
To disable access for an SNMP community, set the community string for that community to the null
Note
string (do not enter a value for the community string).
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
72-8
{
}
deny | permit
source
Purpose
Enters global configuration mode.
Configures the community string.
For string, specify a string that acts like a password and
•
permits access to the SNMP protocol. You can configure one
or more community strings up to 117 characters.
•
(Optional) For view, specify the view record accessible to the
community.
(Optional) Specify either read-only (ro) if you want
•
authorized management stations to retrieve MIB objects, or
specify read-write (rw) if you want authorized management
stations to retrieve and modify MIB objects. By default, the
community string permits read-only access to all objects.
•
(Optional) For access-list-number, enter an IP standard access
list numbered from 1 to 99 and 1300 to 1999.
To remove a specific community string, use the
no snmp-server community string global configuration
command.
(Optional) If you specified an IP standard access list number in
Step 2, create the list, repeating the command as many times as
necessary.
For access-list-number, enter the access list number specified
•
in Step 2.
The deny keyword denies access if the conditions are
•
matched. The permit keyword permits access if the conditions
are matched.
For source, enter the IP address of the SNMP managers that
•
are permitted to use the community string to gain access to the
agent.
•
(Optional) For source-wildcard, enter the wildcard bits in
dotted decimal notation to be applied to the source. Place ones
in the bit positions that you want to ignore.
Recall that the access list is always terminated by an implicit deny
statement for everything.
Returns to privileged EXEC mode.
Verifies your entries.
(Optional) Saves your entries in the configuration file.
Chapter 72
Configuring SNMP