Monday, November 30, 2009

SNMP configuration on Cisco IOS for routers and switches

SkyHi @ Monday, November 30, 2009

SNMP helps monitoring your network devices wherein it can help a Monitoring System to query the device about various system health and/or modify configurations based on the permission it has on the device or on the other hand, allow the device itself to send alerts (known as trap in SNMP) to the management system of any system issues like a PSU failure.

The SNMP versions available are v1,v2 and v3 with SNMP v3 being the most secure than the formers. Most of todays SNMP configurations use V2 or the secure V3.

To do a basic SNMP configuration on a Cisco device, please do the following in the global config mode:

Setup the SNMP Community

MyRouter(config)#snmp-server community COMMUNITYNAME RW 10

MyRouter(config)#access-list 10 permit


COMMUNITYNAME (default is public) is like a password shared between the SNMP Management system and the device. With the above any SNMP Manager system can query the device for various health monitoring or can write device config changes

RW is the permission. R implies a READ permission, W implies a WRITE permission.

NOTE: Write permissions need care as can allow the monitoring system to make config changes. It can also cause a security issue where the management system be compromised, you gave away the access to your cisco device.

10 in the end specifies the Access-Control List which here only allows Managament station alone query/write to the device. This adds a layer of security to the SNMP config.

Setup Chasssis-id,location and contact details (Optional)

MyRouter(config)# snmp-server chassis-id Cisco2821
MyRouter(config)# snmp-server location London,UK
MyRouter(config)# snmp-server contact NetworkAdmin-123456789

Setup the SNMP Trap

Now that SNMP is enabled. It is important and more proactive to send alert messages also known as SNMP traps to the manager so the Network manager can be alerted. This is mostly the case of most of the SNMP Management/Monitoring system.

MyRouter(config)# snmp-server host version 2c COMMUNITYNAME

sets up the Management server to which the trap messages needs to be sent.

MyRouter(config)# snmp-server enable traps snmp linkup linkdown coldstart warmstart

sets up the traps and the type of traps to be sent. Here Link up/down status and system reboot traps are sent to the management server.