Snmp Traps And Informs; Snmpv3 Cli User Management And Aaa Integration - Cisco 4700M Administration Manual

Chapter 7 Configuring SNMP
•

SNMP Traps and Informs

You can configure the ACE to send notifications (such as traps or inform requests) to SNMP managers
when particular events occur. In some instances, traps can be unreliable because the receiver does not
send any acknowledgment when it receives a trap and the sender cannot determine if the trap was
received. However, an SNMP manager that receives inform requests acknowledges the message with an
SNMP Response PDU. If the sender never receives a Response, the inform request is usually
retransmitted. Inform requests are more likely to reach their intended destination.
Notifications may contain a list of MIB variable bindings that clarify the status being relayed by the
notification. The list of variable bindings associated with a notification is included in the notification
definition in the MIB. For standard MIBs, Cisco has enhanced some notifications with additional
variable bindings that further clarify the cause of the notification.
The clogOriginID and clogOriginIDType variable bindings appended with each notification can be used
Note
by the NMS application to uniquely identify the device originating the trap. You can configure the values
for clogOriginID and clogOriginIDType varbind to uniquely identify the device by using the logging
device-id configuration mode command. For details on the logging device-id command, see the Cisco
4700 Series Application Control Engine Appliance System Message Guide.
Use the SNMP-TARGET-MIB to obtain more information on trap destinations and inform requests.
For details on SNMP notifications supported by the ACE, see the
section.

SNMPv3 CLI User Management and AAA Integration

The ACE implements RFC 3414 and RFC 3415, including the SMNPv3 User-based Security Model
(USM) for message security and role-based access control. SNMP v3 user management can be
centralized at the authentication and accounting (AAA) server level (as described in the Cisco 4700
Series Application Control Engine Appliance Security Configuration Guide). This centralized user
management allows the ACE SNMP agent to use the user authentication service of an AAA server. After
user authentication is verified, the SNMP protocol data units (PDUs) further processed. The AAA server
is also used to store user group names. SNMP uses the group names to apply the user access and role
policy that is locally available in the ACE.
OL-20823-01
Retrieve the value immediately after the variable that you name (a get-next operation). A
–
get-next operation retrieves a group of values from a MIB by issuing a sequence of commands.
By performing a get-next operation, you do not need to know the exact MIB object instance that
you are looking for; the SNMP manager takes the variable that you name and then uses a
sequential search to find the desired variables.
Retrieve a number of values (a get-bulk operation). The get-bulk operation retrieves large
–
blocks of data, such as multiple rows in a table, which would otherwise require the transmission
of many small blocks of data.The SNMP manager performs a number of get-next operations
that you specify.
An agent can send an unsolicited message to the SNMP manager at any time if a significant,
predetermined event takes place on the agent. This message is called an event notification. SNMP
event notifications (traps or inform requests) are included in many MIBs and help to alleviate the
need for the NMS to frequently poll (gather information through a get operation) the managed
devices. For details on MIB objects and SNMP notifications supported by the ACE, see the
"Supported MIBs and Notifications"
Cisco 4700 Series Application Control Engine Appliance Administration Guide
section.
"Supported MIBs and Notifications"
Information About SNMP
7-3