Cisco Support Community
Simple Network Management Protocol (SNMP) is used to manage certain aspects of a network such as maintenance, troubleshooting, users, and groups. SNMP uses Management Information Bases (MIBs) which defines what information the system offers as well as stores the data that is sent to the system through SNMP. SNMP users can be created with different authentication and access levels. SNMP groups can be created to sort the SNMP users into specific groups that can be managed more easily.
SNMP User and Group Configuration
SNMP Group Configuration
Step 1. Log in to the web configuration utility on the switch and choose System > SNMP > Security > Groups. The SNMP Groups page opens:
Step 2. Click Add. The Add SNMP Group Profile window appears:
Step 3. Enter a name for the new SNMP group in the Group Name field.
Step 4. Choose an SNMP version for switch security from the Security Model drop-down list.
• SNMPv1 — The first version of SNMP. SNMPv1 does not require authentication and only requires the use of a community password. This version has the least amount of security.
• SNMPv2 — Improves upon the security and performance of SNMPv1. SNMPv2 is more complex but does not require extra authentication.
• SNMPv3 — Has the best security of all 3 SNMP versions and implements extra security features such as confidentiality and integrity to further protect information sent via SNMP. SNMPv3 can require extra authentication.
Note: If you choose SNMPv1 or SNMPv2, skip to Step 6.
Step 5. If you chose SNMPv3 in the previous step, choose the desired level of security for SNMP from the Security Level drop-down list.
• No Authentication — The group requires no extra authentication for SNMP messages.
• Authentication — SNMP messages and the SNMP message origin are authenticated.
• Privacy — SNMP messages are encrypted to maximize security.
Step 6. Check the check boxes that correspond to the type of authorization you would like the SNMP group to have in the Operation field.
• Read — The group access is read-only. Changes cannot be made to the SNMP view that is assigned to the group.
• Write — The group access is read-write. Changes can be made to the SNMP view that is assigned to the group.
• Notify — Traps are sent for the SNMP view that is assigned to the group.
Step 7. Choose the action for the desired operation from the adjacent drop-down lists.
• Default — The default group access rights.
• DefaultSuper — The default group access rights for the administrator.
Step 8. Click Apply. The new SNMP group is added to the Groups table.
SNMP User Configuration
Step 1. Use the web configuration utility to choose System > SNMP > Security > Users. The SNMP Users page opens:
Step 2. Click Add. The Add SNMP Group Membership window appears.
Step 3. Enter a name for the new SNMP user in the User Name field.
Step 4. Click the radio button that corresponds to the engine ID you would like to associate the user with in the Engine ID field.
• Local — The user connects to the local device.
• Remote — The user connects to an SNMP engine other than the local device. Enter a remote engine ID in the adjacent field.
Step 5. Choose the group that the new user belongs to from the Group Name drop-down list.
Step 6. Choose the method of user authentication from the Authentication Method drop-down list.
• None — No user authentication is used.
• MD5 Password — Users are authenticated via an MD5 password.
• SHA Password — Users are authenticated via an SHA password.
• MD5 Key — Users are authenticated via a HMAC-MD5 key.
• SHA Key — Users are authenticated via a HMAC-SHA-96 key.
Step 7. If you chose MD5 Password or SHA Password in Step 6, enter the password for the SNMP user in the Password field.
Step 8. If you chose MD5 Key or SHA Key in Step 6, enter the Authentication Key and Privacy Key in their respective fields.
Step 9. Click Apply. The new SNMP user is added to the Users table.