SNMP Configuration Guide

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
© 2021 Cisco Systems, Inc. All rights reserved.
 CONTENTS

CHAPTER 1 Read Me First 1

Short Description 2

CHAPTER 2 Configuring SNMP Support 3

Finding Feature Information 3

Information About Configuring SNMP Support 3
Components of SNMP 3
SNMP Manager 4
SNMP Agent 4
SNMP MIB 4
SNMP Operations 4
SNMP Get 4
SNMP SET 5
SNMP Notifications 5
MIBs and RFCs 7
Versions of SNMP 7
Detailed Interface Registration Information 9
Interface Index 9
Interface Alias 9
Interface Name 9
SNMP Support for VPNs 10
Interface Index Persistence 10
Benefits of Interface Index Persistence 11
Event MIB 11
Events 11
Object List 11

SNMP Configuration Guide

iii
Contents

Trigger 11
Trigger Test 12
Expression MIB 12
Absolute Sampling 12
Delta Sampling 12
Changed Sampling 12
SNMP Notification Logging 12
How to Configure SNMP Support 13
Configuring System Information 13
Configuring SNMP Versions 1 and 2 14

Prerequisites 14
Creating or Modifying an SNMP View Record 15
Creating or Modifying Access Control for an SNMP Community 16
Configuring a Recipient of an SNMP Trap Operation 17
Configuring SNMP Version 3 19

Specifying SNMP-Server Group Names 19

Configuring SNMP Server Users 21
Configuring a Device as an SNMP Manager 23
Enabling the SNMP Manager 25
Enabling the SNMP Agent Shutdown Mechanism 28
Defining the Maximum SNMP Agent Packet Size 28
Limiting the Number of TFTP Servers Used via SNMP 29
Troubleshooting Tips 30
Disabling the SNMP Agent 30
Configuring SNMP Notifications 31
Configuring the Device to Send SNMP Notifications 31
Enabling Syslog Trap Messages 33
Changing Notification Operation Values 34
Controlling Individual RFC 1157 SNMP Traps 35
Configuring SNMP Notification Log Options 37
Configuring Interface Index Display and Interface Indexes and Long Name Support 38
Configuring Interface Index Persistence 41
Enabling and Disabling IfIndex Persistence Globally 41
Enabling and Disabling IfIndex Persistence on Specific Interfaces 43

SNMP Configuration Guide

iv
 Contents

Configuring SNMP Support for VPNs 44

Configuring Event MIB Using SNMP 45
Setting the Trigger in the Trigger Table 46
Creating an Event in the Event Table 47
Setting and Activating the Trigger Threshold in the Trigger Table 47
Activating the Trigger 48
Monitoring and Maintaining Event MIB 48
Configuring Event MIB Using Command Line Interface 48
Configuring Scalar Variables 49
Configuring Event MIB Object List 49
Configuring Event 51
Configuring Event Action 52
Configuring Event Trigger 54
Configuring Existence Trigger Test 55
Configuring Boolean Trigger Test 56
Configuring Threshold Trigger Test 57
Configuring Expression MIB Using SNMP 59
Configuring Expression MIB Using the CLI 61
Configuring Expression MIB Scalar Objects 61
Configuring Expressions 62
Configuration Examples for SNMP Support 65
Example Configuring SNMPv1, SNMPv2c and SNMPv3 65
Example Configuring IfAlias Long Name Support 67
Example Configuring SNMP Support for VPNs 68
Example Configuring Event MIB 68
Example Configuring Expression MIB 69
Additional References 70
Feature Information for Configuring SNMP Support 72
Glossary 74

CHAPTER 3 SNMP Support over VPNs—Context-Based Access Control 75

Finding Feature Information 75

Restrictions for SNMP Support over VPNs—Context-Based Access Control 75
Information About SNMP Support over VPNs—Context-Based Access Control 76

SNMP Configuration Guide

v
 Contents

SNMP Versions and Security 76

SNMPv1 or SNMPv2 Security 76
SNMP Notification Support over VPNs 76
VPN-Aware SNMP 77
VPN Route Distinguishers 77
SNMP Contexts 78
How to Configure SNMP Support over VPNs—Context-Based Access Control 78
Configuring an SNMP Context and Associating the SNMP Context with a VPN 78
Configuring SNMP Support and Associating an SNMP Context 80
Configuration Examples for SNMP Support over VPNs—Context-Based Access Control 82
Example: Configuring Context-Based Access Control 82
Additional References 83
Feature Information for SNMP Support over VPNs—Context-Based Access Control 85

CHAPTER 4 AES and 3-DES Encryption Support for SNMP Version 3 87

Finding Feature Information 87

Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3 87

Information About AES and 3-DES Encryption Support for SNMP Version 3 88

AES and 3-DES Encryption Support Overview 88

Encryption Key Support 89
MIB Support 89
How to Configure AES and 3-DES Encryption Support for SNMP Version 3 89

Adding a New User to an SNMP Group 89

Verifying the SNMP User Configuration 90
Additional References 91

Feature Information for AES and 3-DES Encryption Support for SNMP Version 3 92

CHAPTER 5 SNMP Support for VLAN Subinterfaces 93

Finding Feature Information 93

Information About SNMP Support for VLAN Subinterfaces 93
Benefits 93
Supported Platforms 93
How to SNMP Support for VLAN Subinterfaces 94
Enabling the SNMP Agent on VLAN Subinterfaces 94

SNMP Configuration Guide

vi
 Contents

Configuration Examples for SNMP Support for VLAN Subinterfaces 95

Example Enabling the SNMP Agent for VLAN Subinterfaces 95
Additional References 96
Feature Information for SNMP Support for VLAN Subinterfaces 97

CHAPTER 6 Memory Pool—SNMP Notification Support 99

Finding Feature Information 99

Prerequisites for Memory Pool—SNMP Notification Support 99
Restrictions for Memory Pool—SNMP Notification Support 100
Information About Memory Pool—SNMP Notification Support 100
How to Enable Memory Pool—SNMP Notification Support 100
Configuration Examples for Memory Pool—SNMP Notification Support 101
Enabling Memory Pool—SNMP Notification Support Example 101
Additional References 101
Feature Information for Memory Pool—SNMP Notification Support 103

CHAPTER 7 Periodic MIB Data Collection and Transfer Mechanism 105

Finding Feature Information 105

Prerequisites for Periodic MIB Data Collection and Transfer Mechanism 105
Restrictions for Periodic MIB Data Collection and Transfer Mechanism 106
Information About Periodic MIB Data Collection and Transfer Mechanism 106
SNMP Objects and Instances 106
Bulk Statistics Object Lists 106
Bulk Statistics Schemas 106
Bulk Statistics Transfer Options 107
Benefits of the Periodic MIB Data Collection and Transfer Mechanism 107
How to Configure Periodic MIB Data Collection and Transfer Mechanism 107
Configuring a Bulk Statistics Object List 107
Configuring a Bulk Statistics Schema 109
Configuring a Bulk Statistics Transfer Options 111
Troubleshooting Tips 114
Enabling Monitoring for Bulk Statistics Collection 114
Monitoring and Troubleshooting Periodic MIB Data Collection and Transfer Mechanism 116
Configuration Examples for Periodic MIB Data Collection and Transfer Mechanism 117

SNMP Configuration Guide

vii
Contents

Configuring Periodic MIB Data Collection and Transfer Mechanism Example 117
Transfer Parameters 117
Polling Requirements 118
Object List Configuration 118
Schema Definition Configuration 118
Transfer Parameter Configuration 119
Displaying Status 119
Bulk Statistics Output File 120
Additional References 121
Feature Information for Periodic MIB Data Collection and Transfer Mechanism 122

SNMP Configuration Guide

viii
 CHAPTER 1
Read Me First
Important Information

Note For CUBE feature support information in Cisco IOS XE Bengaluru 17.6.1a and later releases, see Cisco
Unified Border Element IOS-XE Configuration Guide.

Note The documentation set for this product strives to use bias-free language. For purposes of this documentation
set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial
identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be
present in the documentation due to language that is hardcoded in the user interfaces of the product software,
language used based on standards documentation, or language that is used by a referenced third-party product.

Feature Information
Use Cisco Feature Navigator to find information about feature support, platform support, and Cisco software
image support. An account on Cisco.com is not required.

Related References
• Cisco IOS Command References, All Releases

Obtaining Documentation and Submitting a Service Request

• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
• To submit a service request, visit Cisco Support.
• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit
Cisco Marketplace.
• To obtain general networking, training, and certification titles, visit Cisco Press.
• To find warranty information for a specific product or product family, access Cisco Warranty Finder.

SNMP Configuration Guide

1
 Read Me First
Short Description

• Short Description, on page 2

Short Description
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and
other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/
legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use
of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)

SNMP Configuration Guide

2
 CHAPTER 2
Configuring SNMP Support
Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message
format for communication between SNMP managers and agents. SNMP provides a standardized framework
and a common language that is used for monitoring and managing devices in a network.
This document discusses how to enable an SNMP agent on a Cisco device and how to control the sending of
SNMP notifications from the agent. For information about using SNMP management systems, see the
appropriate documentation for your network management system (NMS) application.
• Finding Feature Information, on page 3
• Information About Configuring SNMP Support, on page 3
• How to Configure SNMP Support, on page 13
• Configuration Examples for SNMP Support, on page 65
• Additional References, on page 70
• Feature Information for Configuring SNMP Support, on page 72
• Glossary, on page 74

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Information About Configuring SNMP Support

Components of SNMP
The Simple Network Management Protocol (SNMP) is an application-layer protocol that provides a message
format for communication between SNMP managers and agents. SNMP provides a standardized framework
and a common language used for monitoring and managing devices in a network.
The SNMP framework has the following components, which are described in the following sections:

SNMP Configuration Guide

3
 Configuring SNMP Support
SNMP Manager

SNMP Manager
The Simple Network Management Protocol (SNMP) manager is a system that controls and monitors the
activities of network hosts using SNMP. The most common managing system is a network management
system (NMS). The term NMS can be applied either to a dedicated device used for network management or
to the applications used on such a device. Several network management applications are available for use with
SNMP and range from simple command line interface applications to applications such as the CiscoWorks2000
products that use GUIs.

SNMP Agent
The Simple Network Management Protocol (SNMP) agent is the software component within a managed
device that maintains the data for the device and reports this data, as needed, to managing systems. The agent
resides on the routing device (router, access server, or switch). To enable an SNMP agent on a Cisco routing
device, you must define the relationship between the manager and the agent.

Note Although many Cisco devices can be configured to be an SNMP agent, this practice is not recommended.
Commands that an agent needs to control the SNMP process are available through the Cisco command line
interface without additional configuration.

SNMP MIB
An SNMP agent contains MIB variables, whose values the SNMP manager can request or change through
Get or Set operations. A manager can get a value from an agent or store a value in that agent. The agent gathers
data from the SNMP MIB, the repository for information about device parameters and network data. The
agent can also respond to manager requests to get or set data.
The figure below illustrates the communications between the SNMP manager and agent. A manager sends
an agent requests to get and set the SNMP MIB values. The agent responds to these requests. Independent of
this interaction, the agent can send the manager unsolicited notifications (traps or informs) to notify the
manager about network conditions.
Figure 1: Communication Between an SNMP Agent and Manager

SNMP Operations
The Simple Network Management Protocol (SNMP) applications perform the following operations to retrieve
data, modify SNMP object variables, and send notifications:

SNMP Get
The Simple Network Management Protocol (SNMP) GET operation is performed by an Network Management
Server (NMS) to retrieve SNMP object variables. There are three types of GET operations:
• GET—Retrieves the exact object instance from the SNMP agent.

SNMP Configuration Guide

4
 Configuring SNMP Support
SNMP SET

• GETNEXT—Retrieves the next object variable, which is a lexicographical successor to the specified
variable.
• GETBULK—Retrieves a large amount of object variable data, without the need for repeated GETNEXT
operations.

SNMP SET
The Simple Network Management Protocol (SNMP) SET operation is performed by a Network Management
Server (NMS) to modify the value of an object variable.

SNMP Notifications
A key feature of Simple Network Management Protocol (SNMP) is its capability to generate unsolicited
notifications from an SNMP agent.

Traps and Informs

Unsolicited (asynchronous) notifications can be generated as traps or inform requests (informs). Traps are
messages alerting the Simple Network Management Protocol (SNMP) manager to a condition on the network.
Informs are traps that include a request for confirmation of receipt from the SNMP manager. Notifications
can indicate improper user authentication, restarts, the closing of a connection, loss of connection to a neighbor
device, or other significant events.
Traps are less reliable than informs because the receiver does not send an acknowledgment when it receives
a trap. The sender does not know if the trap was received. An SNMP manager that receives an inform
acknowledges the message with an SNMP response protocol data unit (PDU). If the sender never receives a
response, the inform can be sent again. Thus, informs are more likely to reach their intended destination.
Traps are often preferred even though they are less reliable because informs consume more resources in the
device and the network. Unlike a trap, which is discarded as soon as it is sent, an inform must be held in
memory until a response is received or the request times out. Also, traps are sent only once, whereas an inform
may be resent several times. The retries increase traffic and contribute to higher overhead on the network.
Use of traps and informs requires a trade-off between reliability and resources. If it is important that the SNMP
manager receives every notification, use informs. However, if traffic volume or memory usage are concerns
and receipt of every notification is not required, use traps.
The figures below illustrate the differences between traps and informs.
The figure below shows that an agent successfully sends a trap to an SNMP manager. Although the manager
receives the trap, it does not send an acknowledgment. The agent has no way of knowing that the trap reached
its destination.
Figure 2: Trap Successfully Sent to SNMP Manager

SNMP Configuration Guide

5
 Configuring SNMP Support
Traps and Informs

In the figure below, the agent successfully sends an inform to the manager. When the manager receives the
inform, a response is sent to the agent, and the agent knows that the inform reached its destination. Note that
in this example, the traffic generated is twice as much as in the interaction shown in the figure above.
Figure 3: Inform Request Successfully Sent to SNMP Manager

The figure below shows an agent sending a trap to a manager that the manager does not receive. The agent
has no way of knowing that the trap did not reach its destination. The manager never receives the trap because
traps are not resent.
Figure 4: Trap Unsuccessfully Sent to SNMP Manager

The figure below shows an agent sending an inform to a manager that does not reach the manager. Because
the manager did not receive the inform, it does not send a response. After a period of time, the agent resends
the inform. The manager receives the inform from the second transmission and replies. In this example, more
traffic is generated than in the scenario shown in the figure above, but the notification reaches the SNMP
manager.
Figure 5: Inform Unsuccessfully Sent to SNMP Manager

SNMP Configuration Guide

6
 Configuring SNMP Support
MIBs and RFCs

Note Whenever an SNMP process comes up, the reserved ports 161 and 162 are used. In addition to these two
reserved ports, a dynamic port is also opened to run the SNMP proxy forwarder application.

MIBs and RFCs

MIB modules typically are defined in RFC documents submitted to the IETF, an international standards body.
RFCs are written by individuals or groups for consideration by the Internet Society and the Internet community
as a whole, usually with the intention of establishing a recommended Internet standard. Before being given
RFC status, recommendations are published as Internet Draft (I-D) documents. RFCs that have become
recommended standards are also labeled as standards documents (STDs). You can learn about the standards
process and the activities of the IETF at the Internet Society website at http://www.isoc.org. You can read the
full text of all RFCs, I-Ds, and STDs referenced in Cisco documentation at the IETF website at
http://www.ietf.org.
The Cisco implementation of SNMP uses the definitions of MIB II variables described in RFC 1213 and
definitions of Simple Network Management Protocol (SNMP) traps described in RFC 1215.
Cisco provides its own private MIB extensions with every system. Cisco enterprise MIBs comply with the
guidelines described in the relevant RFCs unless otherwise noted in the documentation. You can find the MIB
module definition files and the list of MIBs supported on each Cisco platform on the Cisco MIB website on
Cisco.com.

Versions of SNMP
The Cisco IOS software supports the following versions of SNMP:
• SNMPv1—Simple Network Management Protocol: a full Internet standard, defined in RFC 1157. (RFC
1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is based
on community strings.
• SNMPv2c—The community string-based Administrative Framework for SNMPv2. SNMPv2c (the “c”
is for “community”) is an experimental Internet protocol defined in RFC 1901, RFC 1905, and RFC
1906. SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic)
and uses the community-based security model of SNMPv1.
• SNMPv3—Version 3 of SNMP. SNMPv3 is an interoperable standards-based protocol defined in RFCs
3413 to 3415. SNMPv3 provides secure access to devices by authenticating and encrypting packets over
the network.

The security features provided in SNMPv3 are as follows:

• Message integrity—Ensuring that a packet has not been tampered with in transit.
• Authentication—Determining that the message is from a valid source.
• Encryption—Scrambling the contents of a packet to prevent it from being learned by an unauthorized
source.

Both SNMPv1 and SNMPv2c use a community-based form of security. The community of SNMP managers
able to access the agent MIB is defined by a community string.

SNMP Configuration Guide

7
 Configuring SNMP Support
Versions of SNMP

SNMPv2c support includes a bulk retrieval mechanism and detailed error message reporting to management
stations. The bulk retrieval mechanism supports the retrieval of tables and large quantities of information,
minimizing the number of round trips required. The SNMPv2c improved error handling support includes
expanded error codes that distinguish different types of errors; these conditions are reported through a single
error code in SNMPv1. The following three types of exceptions are also reported: no such object, no such
instance, and end of MIB view.
SNMPv3 is a security model in which an authentication strategy is set up for a user and the group in which
the user resides. A security level is the permitted level of security within a security model. A combination of
a security model and a security level determines which security mechanism is employed when handling an
SNMP packet.
Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The table below lists the combinations
of security models and levels and their meanings.

Table 1: SNMP Security Models and Levels

Model Level Authentication Encryption What Happens

v1 noAuthNoPriv Community String No Uses a community string match for

authentication.

v2c noAuthNoPriv Community String No Uses a community string match for

authentication.

v3 noAuthNoPriv Username No Uses a username match for authentication.

v3 authNoPriv Message Digest 5 No Provides authentication based on the

(MD5) or Secure Hash HMAC-MD5 or HMAC-SHA algorithms.
Algorithm (SHA)

v3 authPriv MD5 or SHA Data Provides authentication based on the

Encryption HMAC-MD5 or HMAC-SHA algorithms.
Standard (DES) Provides DES 56-bit encryption in
addition to authentication based on the
CBC-DES (DES-56) standard.

Note SNMPv2p (SNMPv2 Classic) is not supported in Cisco IOS Release 11.2 and later releases. SNMPv2c replaces
the Party-based Administrative and Security Framework of SNMPv2p with a Community-based Administrative
Framework. SNMPv2c retained the bulk retrieval and error handling capabilities of SNMPv2p.

You must configure an SNMP agent to use the version of SNMP supported by the management station. An
agent can communicate with multiple managers. You can configure the Cisco IOS software to support
communications with one management station using the SNMPv1 protocol, one using the SNMPv2c protocol,
and another using SNMPv3.
SNMPv3 supports RFCs 1901 to 1908, 2104, 2206, 2213, 2214, and 2271 to 2275. For additional information
about SNMPv3, see RFC 2570, Introduction to Version 3 of the Internet-standard Network Management
Framework (this is not a standards document).

SNMP Configuration Guide

8
 Configuring SNMP Support
Detailed Interface Registration Information

Detailed Interface Registration Information

The Interface Index Display for SNMP feature introduces new commands and command modifications that
allow advanced users of SNMP to view information about the interface registrations directly on the managed
agent. You can display MIB information from the agent without using an external NMS.

Note For the purposes of this document, the agent is a routing device running Cisco software.

This feature addresses three objects in the Interfaces MIB: ifIndex, ifAlias, and ifName. For a complete
definition of these objects, see the IF-MIB.my file available from the Cisco SNMPv2 MIB website.

Interface Index
The ifIndex object (ifEntry 1) is called the Interface Index. The Interface Index is a unique value greater than
zero that identifies each interface or subinterface on the managed device. This value becomes the interface
index identification number.
The CLI command show snmp mib ifmib ifindex allows you to view the SNMP Interface Index Identification
numbers assigned to interfaces and subinterfaces. An NMS is not required.

Interface Alias
The ifAlias object (ifXEntry 18) is called the Interface Alias. The Interface Alias is a user-specified description
of an interface used for SNMP network management. The ifAlias is an object in the Interfaces Group MIB
(IF-MIB) that can be set by a network manager to “name” an interface. The ifAlias value for an interface or
subinterface can be set using the description command in interface configuration mode or subinterface
configuration mode or by using a Set operation from an NMS. Previously, ifAlias descriptions for subinterfaces
were limited to 64 characters. (The OLD-CISCO-INTERFACES-MIB allows up to 255 characters for the
locIfDescr MIB variable, but this MIB does not support subinterfaces.) A new CLI command, snmp ifmib
ifalias long, configures the system to handle IfAlias descriptions of up to 256 characters. IfAlias descriptions
appear in the output of the CLI show interfaces command.

Interface Name
The ifName object (ifXEntry 1) is the textual name of the interface. The purpose of the ifName object is to
cross reference the CLI representation of a given interface. The value of this object is the name of the interface
as assigned by the local device and is generally suitable for use in CLI commands. If there is no local name
or this object is otherwise not applicable, this object contains a zero-length string. No commands introduced
by this feature affect the ifName object, but it is discussed here to show its relation to the ifIndex and ifAlias
objects.
The show snmp mib command shows all objects in the MIB on a Cisco device (similar to a mibwalk). The
objects in the MIB tree are sorted using lexical ordering, meaning that object identifiers are sorted in sequential,
numerical order. Lexical ordering is important when using the GetNext operation from an NMS because these
operations take an object identifier (OID) or a partial OID as input and return the next object from the MIB
tree based on the lexical ordering of the tree.

SNMP Configuration Guide

9
 Configuring SNMP Support
SNMP Support for VPNs

Note If an SNMP table query (SNMP MIB Walk) is performed on QOS MIB, you might see an increase in CPU
utilization and this can occasionally lead to a session time out. As an alternative, use SNMP GET operation
to retrieve a limited number of elements.

SNMP Support for VPNs

The SNMP Support for VPNs feature allows SNMP traps and informs to be sent and received using VPN
routing and forwarding (VRF) tables. In particular, this feature adds support to the Cisco IOS software for
sending and receiving SNMP traps and informs specific to individual VPNs.
A VPN is a network that provides high connectivity transfers on a shared system with the same usage guidelines
as a private network. A VPN can be built on the Internet over IP, Frame Relay, or ATM networks.
A VRF stores per-VPN routing data. It defines the VPN membership of a customer site attached to the network
access server (NAS). A VRF consists of an IP routing table, a derived Cisco Express Forwarding table, and
guidelines and routing protocol parameters that control the information that is included in the routing table.
The SNMP Support for VPNs feature provides configuration commands that allow users to associate SNMP
agents and managers with specific VRFs. The specified VRF is used for sending SNMP traps and informs
and responses between agents and managers. If a VRF is not specified, the default routing table for the VPN
is used.
Support for VPNs allows you to configure an SNMP agent to accept only SNMP requests from a certain set
of VPNs. With this configuration, service providers can provide network management services to their
customers, so customers can manage all user VPN devices.

Interface Index Persistence

One of the identifiers most commonly used in SNMP-based network management applications is the interface
index (IfIndex) value. IfIndex is a unique identifying number associated with a physical or logical interface;
as far as most software is concerned, the ifIndex is the name of the interface.
Although there is no requirement in the relevant RFCs that the correspondence between particular ifIndex
values and their interfaces be maintained across reboots, applications such as device inventory, billing, and
fault detection increasingly depend on the maintenance of this correspondence.
This feature adds support for an ifIndex value that can persist across reboots, allowing users to avoid the
workarounds previously required for consistent interface identification.
It is currently possible to poll the device at regular intervals to correlate the interfaces to the ifIndex, but it is
not practical to poll this interface constantly. If this data is not correlated constantly, however, the data may
be made invalid because of a reboot or the insertion of a new card into the device in between polls. Therefore,
ifIndex persistence is the only way to guarantee data integrity.
IfIndex persistence means that the mapping between the ifDescr object values and the ifIndex object values
(generated from the IF-MIB) will be retained across reboots.

SNMP Configuration Guide

10
 Configuring SNMP Support
Benefits of Interface Index Persistence

Benefits of Interface Index Persistence

Association of Interfaces with Traffic Targets for Network Management

The Interface Index Persistence feature allows for greater accuracy when collecting and processing network
management data by uniquely identifying input and output interfaces for traffic flows and SNMP statistics.
Relating each interface to a known entity (such as an ISP customer) allows network management data to be
more effectively utilized.

Accuracy for Mediation, Fault Detection, and Billing

Network data is increasingly being used worldwide for usage-based billing, network planning, policy
enforcement, and trend analysis. The ifIndex information is used to identify input and output interfaces for
traffic flows and SNMP statistics. Inability to reliably relate each interface to a known entity, such as a
customer, invalidates the data.

Event MIB
The Event MIB provides the ability to monitor MIB objects on a local or remote system using SNMP and
initiate simple actions whenever a trigger condition is met; for example, an SNMP trap can be generated when
an object is modified. When the notifications are triggered through events, the NMS does not need to constantly
poll managed devices to track changes.
By allowing the SNMP notifications to take place only when a specified condition is met, the Event MIB
reduces the load on affected devices and improves the scalability of network management solutions.
The Event MIB operates based on event, object lists configured for the event, event action, trigger, and trigger
test.

Events
The event table defines the activities to be performed when an event is triggered. These activities include
sending a notification and setting a MIB object. The event table has supplementary tables for additional objects
that are configured according to event action. If the event action is set to notification, notifications are sent
out whenever the object configured for that event is modified.

Object List
The object table lists objects that can be added to notifications based on trigger, trigger test type, or the event
that sends a notification. The Event MIB allows wildcarding, which enables you to monitor multiple instances
of an object. To specify a group of object identifiers, you can use the wildcard option.

Trigger
The trigger table defines conditions to trigger events. The trigger table lists the objects to be monitored and
associates each trigger with an event. An event occurs when a trigger is activated. To create a trigger, you
should configure a trigger entry in the mteTriggerTable of the Event MIB. This trigger entry specifies the
object identifier of the object to be monitored. Each trigger is configured to monitor a single object or a group
of objects specified by a wildcard (*). The Event MIB process checks the state of the monitored object at
specified intervals.

SNMP Configuration Guide

11
 Configuring SNMP Support
Trigger Test

Trigger Test
The trigger table has supplementary tables for additional objects that are configured based on the type of test
performed for a trigger. For each trigger entry type such as existence, threshold, or Boolean, the corresponding
tables (existence, threshold, and Boolean tables) are populated with the information required to perform the
test. The Event MIB allows you to set event triggers based on existence, threshold, and Boolean trigger types.
When the specified test on an object returns a value of true, the trigger is activated. You can configure the
Event MIB to send out notifications to the interested host when a trigger is activated.

Expression MIB
The Expression MIB allows you to create expressions based on a combination of objects. The expressions
are evaluated according to the sampling method. The Expression MIB supports the following types of object
sampling:
• Absolute
• Delta
• Changed

If there are no delta or change values in an expression, the expression is evaluated when a requester attempts
to read the value of expression. In this case, all requesters get a newly calculated value.
For expressions with delta or change values, evaluation is performed for every sampling. In this case, requesters
get the value as of the last sample period.

Absolute Sampling
Absolute sampling uses the value of the MIB object during sampling.

Delta Sampling
Delta sampling is used for expressions with counters that are identified based on delta (difference) from one
sample to the next. Delta sampling requires the application to do continuous sampling, because it uses the
value of the last sample.

Changed Sampling
Changed sampling uses the changed value of the object since the last sample.

SNMP Notification Logging

Systems that support SNMP often need a mechanism for recording notification information. This mechanism
protects against notifications being lost because they exceeded retransmission limits. The Notification Log
MIB provides a common infrastructure for other MIBs in the form of a local logging function. The SNMP
Notification Logging feature adds Cisco command line interface commands to change the size of the notification
log, to set the global ageout value for the log, and to display logging summaries at the command line. The
Notification Log MIB improves notification tracking and provides a central location for tracking all MIBs.
You can globally enable or disable authenticationFailure, linkUp, linkDown, warmStart, and coldStart traps
or informs individually. (These traps constitute the “generic traps” defined in RFC 1157.) Note that linkUp

SNMP Configuration Guide

12
 Configuring SNMP Support
How to Configure SNMP Support

and linkDown notifications are enabled by default on specific interfaces but will not be sent unless they are
enabled globally.

Note The Notification Log MIB supports notification logging on the default log only.

How to Configure SNMP Support

There is no specific command that you use to enable SNMP. The first snmp-server command that you enter
enables the supported versions of SNMP. All other configurations are optional.

Configuring System Information

You can set the system contact, location, and serial number of the SNMP agent so that these descriptions can
be accessed through the configuration file. Although the configuration steps described in this section are
optional, configuring the basic information is recommended because it may be useful when troubleshooting
your configuration. In addition, the first snmp-server command that you issue enables SNMP on the device.
Perform this task as needed.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server contact text
4. snmp-server location text
5. snmp-server chassis-id number
6. end
7. show snmp contact
8. show snmp location
9. show snmp chassis

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

SNMP Configuration Guide

13
 Configuring SNMP Support
Configuring SNMP Versions 1 and 2

Command or Action Purpose

Step 3 snmp-server contact text Sets the system contact string.
Example:

Device(config)# snmp-server contact NameOne

Step 4 snmp-server location text Sets the system location string.

Example:

Device(config)# snmp-server location LocationOne

Step 5 snmp-server chassis-id number Sets the system serial number.

Example:

Device(config)# snmp-server chassis-id 015A619T

Step 6 end Exits global configuration mode.

Example:

Device(config)# end

Step 7 show snmp contact (Optional) Displays the contact strings configured for the
system.
Example:

Device# show snmp contact

Step 8 show snmp location (Optional) Displays the location string configured for the
system.
Example:

Device# show snmp location

Step 9 show snmp chassis (Optional) Displays the system serial number.
Example:

Device# show snmp chassis

Configuring SNMP Versions 1 and 2

When you configure SNMP versions 1 and 2, you can optionally create or modify views for community strings
to limit which MIB objects an SNMP manager can access.
Perform the following tasks when configuring SNMP version 1 or version 2.

Prerequisites
• An established SNMP community string that defines the relationship between the SNMP manager and
the agent.

SNMP Configuration Guide

14
 Configuring SNMP Support
Creating or Modifying an SNMP View Record

• A host defined to be the recipient of SNMP notifications.

• Use no snmp-server command to turn off the SNMP services, such as listening UDP ports and processes.
To remove the individual SNMP configs, use no form of the respective SNMP config commands.

Creating or Modifying an SNMP View Record

You can assign views to community strings to limit which MIB objects an SNMP manager can access. You
can use a predefined view or create your own view. If you are using a predefined view or no view at all, skip
this task.
Perform this task to create or modify an SNMP view record.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server view view-name oid-tree {included | excluded}
4. no snmp-server view view-name oid-tree {included | excluded}
5. end
6. show snmp view

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server view view-name oid-tree {included | Creates a view record.

excluded}
• In this example, the mib2 view that includes all objects
Example: in the MIB-II subtree is created.

Device(config)# snmp-server view mib2 mib-2 Note You can use this command multiple times to
included create the same view record. If a view record for
the same OID value is created multiple times,
the latest entry of the object identifier takes
precedence.

Step 4 no snmp-server view view-name oid-tree {included | Removes a server view.

excluded}
Example:

SNMP Configuration Guide

15
 Configuring SNMP Support
Creating or Modifying Access Control for an SNMP Community

Command or Action Purpose

Device(config)# no snmp-server view mib2 mib-2

included

Step 5 end Exits global configuration mode.

Example:

Device(config)# end

Step 6 show snmp view (Optional) Displays a view of the MIBs associated with
SNMP.
Example:

Device# show snmp view

Creating or Modifying Access Control for an SNMP Community

Use an SNMP community string to define the relationship between the SNMP manager and the agent. The
community string acts like a password to regulate access to the agent on the device. Optionally, you can
specify one or more of the following characteristics associated with the string:
• An access list of IP addresses of the SNMP managers that are permitted to use the community string to
gain access to the agent.
• Starting from Cisco IOS XE Gibraltar 16.12, when a snmp community is created with a numbered access
list as below:
snmp-server community public rw 10
and if the access list does not exists, then a new standard ip access list is nvgened as below:
ip access-list standard 10
By default, the above ip access list configuration have permit "any any" so there is no issue with snmp
polling.
• A MIB view, which defines the subset of all MIB objects accessible to the given community.
• Read and write or read-only permission for the MIB objects accessible to the community.

Perform this task to create or modify a community string.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number]
4. no snmp-server community string
5. end
6. show snmp community

SNMP Configuration Guide

16
 Configuring SNMP Support
Configuring a Recipient of an SNMP Trap Operation

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server community string [view view-name] [ro | Defines the community access string.
rw] [ipv6 nacl] [access-list-number]
• You can configure one or more community strings.
Example:

Device(config)# snmp-server community comaccess ro

4

Step 4 no snmp-server community string Removes the community string from the configuration.
Example:

Device(config)# no snmp-server community comaccess

Step 5 end Exits global configuration mode.

Example:

Device(config)# end

Step 6 show snmp community (Optional) Displays the community access strings
configured for the system.
Example:

Device# show snmp community

Configuring a Recipient of an SNMP Trap Operation

SNMP traps are unreliable because the receiver does not send acknowledgments when it receives traps. The
sender does not know if the traps were received. However, an SNMP entity that receives an inform
acknowledges the message with an SNMP response PDU. If the sender never receives the response, the inform
can be sent again. Thus, informs are more likely to reach their intended destination.
Compared to traps, informs consume more resources in the agent and in the network. Unlike a trap, which is
discarded as soon as it is sent, an inform must be held in memory until a response is received or the request
times out. Also, traps are sent only once; an inform may be sent several times. The retries increase traffic and
overhead on the network.
If you do not enter a snmp-server host command, no notifications are sent. To configure the device to send
SNMP notifications, you must enter at least one snmp-server host command. If you enter the command
without keywords, all trap types are enabled for the host.

SNMP Configuration Guide

17
 Configuring SNMP Support
Configuring a Recipient of an SNMP Trap Operation

To enable multiple hosts, you must issue a separate snmp-server host command for each host. You can
specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and type of notification, each
succeeding command overwrites the previous command. Only the last snmp-server host command will be
in effect. For example, if you enter an snmp-server host inform command for a host and then enter another
snmp-server host inform command for the same host, the second command replaces the first.
The snmp-server host command is used in conjunction with the snmp-server enable command. Use the
snmp-server enable command to specify which SNMP notifications are sent globally. For a host to receive
most notifications, at least one snmp-server enable command and the snmp-server host command for that
host must be enabled.
Some notification types cannot be controlled with the snmp-server enable command. For example, some
notification types are always enabled and others are enabled by a different command. For example, the
linkUpDown notifications are controlled by the snmp trap link-status command. These notification types
do not require an snmp-server enable command.
A notification-type option’s availability depends on the device type and the Cisco IOS software features
supported on the device. For example, the envmon notification type is available only if the environmental
monitor is part of the system. To see what notification types are available on your system, use the command
help (?) at the end of the snmp-server host command.
Perform this task to configure the recipient of an SNMP trap operation.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server host host-id [traps | informs] [version {1| 2c | 3 [auth | noauth | priv]}] community-string
[udp-port port-number] [notification-type]
4. exit
5. show snmp host

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp-server host host-id [traps | informs] [version {1| Specifies whether you want the SNMP notifications sent
2c | 3 [auth | noauth | priv]}] community-string [udp-port as traps or informs, the version of SNMP to use, the security
port-number] [notification-type] level of the notifications (for SNMPv3), and the recipient
(host) of the notifications.
Example:
Device(config)# snmp-server host 172.16.1.27
informs version 2c public alarms

SNMP Configuration Guide

18
 Configuring SNMP Support
Configuring SNMP Version 3

Command or Action Purpose

Step 4 exit Exits global configuration mode.
Example:
Device(config)# exit

Step 5 show snmp host (Optional) Displays the SNMP notifications sent as traps,
the version of SNMP, and the host IP address of the
Example:
notifications.
Device# show snmp host

Examples
The following example shows the host information configured for SNMP notifications:
Device> enable
Device# configure terminal
Device(config)# snmp-server host 10.2.28.1 informs version 2c public
Device(config)# exit
Device# show snmp host

Notification host: 10.2.28.1 udp-port: 162 type: inform

user: public security model: v2c
traps: 00001000.00000000.00000000

Configuring SNMP Version 3

When you configure SNMPv3 and you want to use the SNMPv3 security mechanism for handling SNMP
packets, you must establish SNMP groups and users with passwords.
Perform the following tasks to configure SNMPv3.

Specifying SNMP-Server Group Names

SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the
group in which the user resides.
No default values exist for authentication or privacy algorithms when you configure the snmp-server group
command. Also, no default passwords exist. For information about specifying a MD5 password, see the
documentation for the snmp-server user command.
Perform this task to specify a new SNMP group or a table that maps SNMP users to SNMP views.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server group [groupname {v1 | v2c | v3 [auth | noauth | priv]}] [read readview] [write writeview]
[notify notifyview] [access access-list]
4. exit
5. show snmp group

SNMP Configuration Guide

19
 Configuring SNMP Support
Specifying SNMP-Server Group Names

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server group [groupname {v1 | v2c | v3 [auth | Configures the SNMP server group to enable authentication
noauth | priv]}] [read readview] [write writeview] [notify for members of a specified named access list.
notifyview] [access access-list]
• In this example, the SNMP server group group1
Example: isconfigured to enable user authentication for members
of the named access list lmnop.
Device(config)# snmp-server group group1 v3 auth
access lmnop

Step 4 exit Exits global configuration mode.

Example:

Device(config)# exit

Step 5 show snmp group Displays information about each SNMP group on the
network.
Example:

Device# show snmp group

Examples
The following example shows information about each SNMP group on the network:

Device# show snmp group

groupname: ILMI security model:v1
readview : *ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: ILMI security model:v2c
readview : *ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: group1 security model:v3 auth
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active access-list:lmnop
groupname: public security model:v1
readview : <no readview specified> writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

SNMP Configuration Guide

20
 Configuring SNMP Support
Configuring SNMP Server Users

Configuring SNMP Server Users

To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device
where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP
engine ID, using the snmp-server engineID command with the remote option. The remote agent’s SNMP
engine ID is required when computing the authentication and privacy digests from the password. If the remote
engine ID is not configured first, the configuration command will fail.
For the privpassword and auth-password arguments, the minimum length is one character; the recommended
length is at least eight characters, and should include both letters and numbers.
SNMP passwords are localized using the SNMP engine ID of the authoritative SNMP engine. For informs,
the authoritative SNMP agent is the remote agent. You must configure the remote agent’s SNMP engine ID
in the SNMP database before you can send proxy requests or informs to it.

Note Changing the engine ID after configuring the SNMP user does not allow the removal of the user. To remove
the configurations, you need to first reconfigure all the SNMP configurations.

No default values exist for authentication or privacy algorithms when you configure the command. Also, no
default passwords exist. The minimum length for a password is one character, although we recommend using
at least eight characters for security. If you forget a password, you cannot recover it and will need to reconfigure
the user. You can specify either a plain text password or a localized MD5 digest.
If you have the localized MD5 or SHA digest, you can specify that string instead of the plain text password.
The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hexadecimal values. Also, the digest
should be exactly 16 octets in length.
Perform this task to add a new user to an SNMP group.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server engineID {local engine-id | remote ip-address [udp-port udp-port-number] [vrf vrf-name]
engine-id-string}
4. snmp-server user username groupname [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted]
[auth {md5 | sha} auth-password]} [access access-list]
5. exit
6. show snmp user [username]
7. show snmp engineID

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

SNMP Configuration Guide

21
 Configuring SNMP Support
Configuring SNMP Server Users

Command or Action Purpose

Step 2 configure terminal Enters global configuration mode.
Example:

Device# configure terminal

Step 3 snmp-server engineID {local engine-id | remote Configures the SNMP engine ID.
ip-address [udp-port udp-port-number] [vrf vrf-name]
• In this example, the SNMP engine ID is configured
engine-id-string}
for a remote user.
Example:
Device(config)# snmp-server engineID remote
172.12.15.4 udp-port 120 1a2833c0129a

Step 4 snmp-server user username groupname [remote Configures a new user to an SNMP group with the plain
ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] text password “password123” for the user “user1” in the
[auth {md5 | sha} auth-password]} [access access-list] SNMPv3 group “group1”.
Example:

Device(config)# snmp-server user user1 group1 v3

auth md5 password123

Step 5 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:

Device(config)# exit

Step 6 show snmp user [username] Displays the information about the configured characteristics
of an SNMP user.
Example:

Device# show snmp user user1

Step 7 show snmp engineID (Optional) Displays information about the SNMP engine
ID configured for an SNMP user.
Example:
Device# show snmp engineID

Examples
The following example shows the information about the configured characteristics of the SNMP
user1:

Device# show snmp user user1

User name: user1
Engine ID: 00000009020000000C025808
storage-type: nonvolatile active access-list: 10
Rowstatus: active
Authentication Protocol: MD5
Privacy protocol: None
Group name: group1

SNMP Configuration Guide

22
 Configuring SNMP Support
Configuring a Device as an SNMP Manager

Note Configuration guidelines and limitations to create an SNMP user:

• If you are configuring a user using AES 256 encryption, ensure that you use a combination of
variables which does not exceed 255 characters for user config to work. You have the flexibility
to use any characters but the combination of the username, groupname, and acl_name should
not exceed 37 characters.

Configuring a Device as an SNMP Manager

Perform this task to enable the SNMP manager process and to set the session timeout value.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server manager
4. snmp-server manager session-timeout seconds
5. end
6. show snmp
7. show snmp sessions [brief]
8. show snmp pending

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp-server manager Enables the SNMP manager.

Example:
Device(config)# snmp-server manager

Step 4 snmp-server manager session-timeout seconds (Optional) Changes the session timeout value.
Example:
Device(config)# snmp-server manager session-timeout
30

Step 5 end Exits global configuration mode.

Example:

SNMP Configuration Guide

23
 Configuring SNMP Support
Configuring a Device as an SNMP Manager

Command or Action Purpose

Device(config)# end

Step 6 show snmp (Optional) Displays the status of SNMP communications.

Example:
Device# show snmp

Step 7 show snmp sessions [brief] (Optional) Displays the status of SNMP sessions.
Example:
Device# show snmp sessions

Step 8 show snmp pending (Optional) Displays the current set of pending SNMP
requests.
Example:
Device# show snmp pending

Examples
The following example shows the status of SNMP communications:
Device# show snmp

Chassis: 01506199
37 SNMP packets input
0 Bad SNMP version errors
4 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
24 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
28 Get-next PDUs
0 Set-request PDUs
78 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
24 Response PDUs
13 Trap PDUs
SNMP logging: enabled
Logging to 172.17.58.33.162, 0/10, 13 sent, 0 dropped.
SNMP Manager-role output packets
4 Get-request PDUs
4 Get-next PDUs
6 Get-bulk PDUs
4 Set-request PDUs
23 Inform-request PDUs
30 Timeouts
0 Drops
SNMP Manager-role input packets
0 Inform response PDUs
2 Trap PDUs
7 Response PDUs
1 Responses with errors
SNMP informs: enabled
Informs in flight 0/25 (current/max)
Logging to 172.17.217.141.162

SNMP Configuration Guide

24
 Configuring SNMP Support
Enabling the SNMP Manager

4 sent, 0 in-flight, 1 retries, 0 failed, 0 dropped

Logging to 172.17.58.33.162
0 sent, 0 in-flight, 0 retries, 0 failed, 0 dropped

The following example displays the status of SNMP sessions:

Device# show snmp sessions

Destination: 172.17.58.33.162, V2C community: public

Round-trip-times: 0/0/0 (min/max/last)
packets output
0 Gets, 0 GetNexts, 0 GetBulks, 0 Sets, 4 Informs
0 Timeouts, 0 Drops
packets input
0 Traps, 0 Informs, 0 Responses (0 errors)
Destination: 172.17.217.141.162, V2C community: public, Expires in 575 secs
Round-trip-times: 1/1/1 (min/max/last)
packets output
0 Gets, 0 GetNexts, 0 GetBulks, 0 Sets, 4 Informs
0 Timeouts, 0 Drops
packets input
0 Traps, 0 Informs, 4 Responses (0 errors)

The following example shows the current set of pending SNMP requests:
Device# show snmp pending

req id: 47, dest: 172.17.58.33.161, V2C community: public, Expires in 5 secs
req id: 49, dest: 172.17.58.33.161, V2C community: public, Expires in 6 secs
req id: 51, dest: 172.17.58.33.161, V2C community: public, Expires in 6 secs
req id: 53, dest: 172.17.58.33.161, V2C community: public, Expires in 8 secs

Enabling the SNMP Manager

Perform this task to enable the SNMP manager process and to set the session timeout value.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server manager
4. snmp-server manager session-timeout seconds
5. exit
6. show snmp
7. show snmp sessions [ brief ]
8. show snmp pending

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

SNMP Configuration Guide

25
 Configuring SNMP Support
Enabling the SNMP Manager

Command or Action Purpose

Step 2 configure terminal Enters global configuration mode.
Example:

Device# configure terminal

Step 3 snmp-server manager Enables the SNMP manager.

Example:

Device(config)# snmp-server manager

Step 4 snmp-server manager session-timeout seconds (Optional) Changes the session timeout value.
Example:

Device(config)# snmp-server manager session-timeout

30

Step 5 exit Exits global configuration mode.

Example:

Device(config)# exit

Step 6 show snmp (Optional) Displays the status of SNMP communications.

Example:

Device# show snmp

Step 7 show snmp sessions [ brief ] (Optional) Displays displays the status of SNMP sessions.
Example:

Device# show snmp sessions

Step 8 show snmp pending (Optional) Displays the current set of pending SNMP
requests.
Example:

Device# show snmp pending

Examples
The following example shows the status of SNMP communications:

Device# show snmp

Chassis: 01506199
37 SNMP packets input
0 Bad SNMP version errors
4 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
24 Number of requested variables

SNMP Configuration Guide

26
Configuring SNMP Support
Enabling the SNMP Manager

0 Number of altered variables

0 Get-request PDUs
28 Get-next PDUs
0 Set-request PDUs
78 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
24 Response PDUs
13 Trap PDUs
SNMP logging: enabled
Logging to 172.17.58.33.162, 0/10, 13 sent, 0 dropped.
SNMP Manager-role output packets
4 Get-request PDUs
4 Get-next PDUs
6 Get-bulk PDUs
4 Set-request PDUs
23 Inform-request PDUs
30 Timeouts
0 Drops
SNMP Manager-role input packets
0 Inform response PDUs
2 Trap PDUs
7 Response PDUs
1 Responses with errors
SNMP informs: enabled
Informs in flight 0/25 (current/max)
Logging to 172.17.217.141.162
4 sent, 0 in-flight, 1 retries, 0 failed, 0 dropped
Logging to 172.17.58.33.162
0 sent, 0 in-flight, 0 retries, 0 failed, 0 dropped

The following example displays the status of SNMP sessions:

Device# show snmp sessions

Destination: 172.17.58.33.162, V2C community: public
Round-trip-times: 0/0/0 (min/max/last)
packets output
0 Gets, 0 GetNexts, 0 GetBulks, 0 Sets, 4 Informs
0 Timeouts, 0 Drops
packets input
0 Traps, 0 Informs, 0 Responses (0 errors)
Destination: 172.17.217.141.162, V2C community: public, Expires in 575 secs
Round-trip-times: 1/1/1 (min/max/last)
packets output
0 Gets, 0 GetNexts, 0 GetBulks, 0 Sets, 4 Informs
0 Timeouts, 0 Drops
packets input
0 Traps, 0 Informs, 4 Responses (0 errors)

The following example shows the current set of pending SNMP requests:

Device# show snmp pending

req id: 47, dest: 172.17.58.33.161, V2C community: public, Expires in 5 secs
req id: 49, dest: 172.17.58.33.161, V2C community: public, Expires in 6 secs
req id: 51, dest: 172.17.58.33.161, V2C community: public, Expires in 6 secs
req id: 53, dest: 172.17.58.33.161, V2C community: public, Expires in 8 secs

SNMP Configuration Guide

27
 Configuring SNMP Support
Enabling the SNMP Agent Shutdown Mechanism

Enabling the SNMP Agent Shutdown Mechanism

Using SNMP packets, a network management tool can send messages to users on virtual terminals and on the
console. This facility operates in a similar fashion to the send EXEC command; however, the SNMP request
that causes the message to be issued to the users also specifies the action to be taken after the message is
delivered. One possible action is a shutdown request. After a system is shut down, typically it is reloaded.
Because the ability to cause a reload from the network is a powerful feature, it is protected by the snmp-server
system-shutdown global configuration command. If you do not issue this command, the shutdown mechanism
is not enabled.
Perform this task to enable the SNMP agent shutdown mechanism.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server system-shutdown
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server system-shutdown Enables system shutdown using the SNMP message reload
feature.
Example:

Device(config)# snmp-server system-shutdown

Step 4 end Exits global configuration mode.

Example:

Device(config)# end

Defining the Maximum SNMP Agent Packet Size

You can define the maximum packet size permitted when the SNMP agent is receiving a request or generating
a reply.
Perform this task to set the maximum permitted packet size.

SNMP Configuration Guide

28
 Configuring SNMP Support
Limiting the Number of TFTP Servers Used via SNMP

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server packetsize byte-count
4. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server packetsize byte-count Establishes the maximum packet size.

Example:

Device(config)# snmp-server packetsize 512

Step 4 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# exit

Limiting the Number of TFTP Servers Used via SNMP

You can limit the number of TFTP servers used for saving and loading configuration files via SNMP by using
an access list. Limiting the use of TFTP servers in this way conserves system resources and centralizes the
operation for manageability.
Perform this task to limit the number of TFTP servers.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server tftp-server-list number
4. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.

SNMP Configuration Guide

29
 Configuring SNMP Support
Troubleshooting Tips

Command or Action Purpose

Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server tftp-server-list number Limits the number of TFTP servers used for configuration
file copies via SNMP to the servers in an access list.
Example:

Device(config)# snmp-server tftp-server-list 12

Step 4 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# exit

Troubleshooting Tips
To monitor SNMP trap activity in real time for the purposes of troubleshooting, use the SNMP debug
commands, including the debug snmp packet EXEC command. For documentation of SNMP debug
commands, see the Cisco IOS Debug Command Reference.

Disabling the SNMP Agent

Perform this task to disable any version of an SNMP agent.

SUMMARY STEPS
1. enable
2. configure terminal
3. no snmp-server
4. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

SNMP Configuration Guide

30
 Configuring SNMP Support
Configuring SNMP Notifications

Command or Action Purpose

Device# configure terminal

Step 3 no snmp-server Disables SNMP agent operation.

Example:

Device(config)# no snmp-server

Step 4 end Exits global configuration mode.

Example:

Device(config)# end

Configuring SNMP Notifications

To configure a device to send SNMP traps or informs, perform the tasks described in the following sections:

Note Many snmp-server commands use the keyword traps in their command syntax. Unless there is an option
within the command to specify either traps or informs, the keyword traps should be taken to mean traps,
informs, or both. Use the snmp-server host command to specify whether you want SNMP notifications to
be sent as traps or informs. To use informs, the SNMP manager (also known as the SNMP proxy manager)
must be available and enabled on a device. Earlier, the SNMP manager was available only with Cisco IOS
PLUS images. However, the SNMP manager is now available with all Cisco software releases that support
SNMP. Use Cisco Feature Navigator for information about SNMP manager support for Cisco software releases.
To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn.

Note An SNMP-3-RESPONSE_DELAYED error message is sent as a notification from the SNMP dispatcher when
the response exceeds the default threshold while polling expensive and time consuming MIBS. This won't
have any impact on the system.
To increase or decrease the response threshold limit value for SNMP MIBs, use the following command in
Global conifguration mode:
snmp monitor response threshold-limit
The threshohld limit can be set to any value between 1000 to 5000 ms. To disable the response threshold limit,
use the no snmp monitor response command.

Configuring the Device to Send SNMP Notifications

Perform this task to configure the device to send traps or informs to a host.

SUMMARY STEPS
1. enable

SNMP Configuration Guide

31
 Configuring SNMP Support
Configuring the Device to Send SNMP Notifications

2. configure terminal
3. snmp-server engineID remote remote-ip-address remote-engineID
4. snmp-server user username groupname [remote host [udp-port port] {v1 | v2c | v3 [encrypted]
[auth {md5 | sha} auth-password]} [access access-list]
5. snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview]
[notify notifyview] [access access-list]
6. snmp-server host host [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}]
community-string [notification-type]
7. snmp-server enable traps [notification-type [notification-options]]
8. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server engineID remote remote-ip-address Specifies the SNMP engine ID and configures the VRF
remote-engineID name traps-vrf for SNMP communications with the remote
device at 172.16.20.3.
Example:
Device(config)# snmp-server engineID remote
172.16.20.3 80000009030000B064EFE100

Step 4 snmp-server user username groupname [remote host Configures a local or remote user to an SNMP group.
[udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 |
Note You cannot configure a remote user for an
sha} auth-password]} [access access-list]
address without first configuring the engine ID
Example: for that remote host. This restriction is imposed
in the design of these commands; if you try to
Device(config)# snmp-server user abcd public v3 configure the user before the host, you will
encrypted auth md5 cisco123 receive a warning message and the command
will not be executed. Use the snmp-server
engineid remote command to specify the engine
ID for a remote host.

Step 5 snmp-server group groupname {v1 | v2c | v3 {auth | Configures an SNMP group.
noauth | priv}} [read readview] [write writeview] [notify
notifyview] [access access-list]
Example:

Device(config)# snmp-server group GROUP1 v2c auth

read viewA write viewA notify viewB

SNMP Configuration Guide

32
 Configuring SNMP Support
Enabling Syslog Trap Messages

Command or Action Purpose

Step 6 snmp-server host host [traps | informs] [version Specifies whether you want the SNMP notifications sent
{1 | 2c | 3 [auth | noauth | priv]}] community-string as traps or informs, the version of SNMP to use, the security
[notification-type] level of the notifications (for SNMPv3), and the recipient
(host) of the notifications.
Example:
• The snmp-server host command specifies which hosts
Device(config)# snmp-server host example.com will receive SNMP notifications, and whether you
informs version 3 public want the notifications sent as traps or informs.

Step 7 snmp-server enable traps [notification-type Enables sending of traps or informs and specifies the type
[notification-options]] of notifications to be sent.
Example: • If a notification-type is not specified, all supported
notification are enabled on the device.
Device(config)# snmp-server enable traps bgp
• To discover which notifications are available on your
device, enter the snmp-server enable traps ?
command.
• The snmp-server enable traps command globally
enables the production mechanism for the specified
notification types (such as Border Gateway Protocol
[BGP] traps, config traps, entity traps, Hot Standby
Device Protocol [HSDP] traps, and so on).

Step 8 end Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# end

Enabling Syslog Trap Messages

You can enable Syslog traps using the snmp-server enable traps syslog command.
After you enable Syslog traps, you have to specify the trap message severity. Use the logging snmp-trap
command to specify the trap level. By default, the command enables severity 0 to 4. If you want to enable all
the severities, use the following form of the command:
logging snmp-trap 0 7
You can also enable individual trap levels using the following forms of the command:
logging snmp-trap emergencies: Enables only severity 0 traps.
logging snmp-trap alert: Enables only severity 1 traps.
Similarly, you can separately configure other trap levels.
Note that, along with the above configuration, Syslog history command also needs to be applied. Without this
configuration, Syslog traps are not sent.
Use the following command to enable the Syslog history command:
logging history informational: Enables traps up to informational level which is severity 6.

SNMP Configuration Guide

33
 Configuring SNMP Support
Changing Notification Operation Values

Changing Notification Operation Values

You can specify a value other than the default for the source interface, message (packet) queue length for
each host, or retransmission interval.
Perform this task to change notification operation values as needed.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server trap-source interface
4. snmp-server queue-length length
5. snmp-server trap-timeout seconds
6. snmp-server informs [retries retries] [timeout seconds] [pending pending]

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server trap-source interface Sets the IP address for the Fast Ethernet interface in slot2,
port 1 as the source for all SNMP notifications.
Example:

Device(config)# snmp-server trap-source

FastEthernet 2/1

Step 4 snmp-server queue-length length Establishes the message queue length for each notification.
Example: • This example shows the queue length set to 50 entries.

Device(config)# snmp-server queue-length 50

Step 5 snmp-server trap-timeout seconds Defines how often to resend notifications on the
retransmission queue.
Example:

Device(config)# snmp-server trap-timeout 30

Step 6 snmp-server informs [retries retries] [timeout seconds] Configures inform-specific operation values.
[pending pending]
• This example sets the maximum number of times to
Example: resend an inform, the number of seconds to wait for
an acknowledgment before resending, and the

SNMP Configuration Guide

34
 Configuring SNMP Support
Controlling Individual RFC 1157 SNMP Traps

Command or Action Purpose

maximum number of informs waiting for
Device(config)# snmp-server informs retries 10
acknowledgments at any one time.
timeout 30 pending 100

Controlling Individual RFC 1157 SNMP Traps

Perform this task to enable the authenticationFailure, linkUp, linkDown, warmStart, and coldStart notification
types.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server enable traps snmp [authentication] [linkup] [linkdown] [warmstart] [coldstart]
4. interface type slot/port
5. no snmp-server link-status
6. end
7. end
8. show snmp mib ifmibtraps

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server enable traps snmp [authentication]
[linkup] [linkdown] [warmstart] [coldstart]
Example:
Device(config)# snmp-server enable traps snmp
Enables RFC 1157 generic traps.
• When used without any of the optional keywords,
enables authenticationFailure, linkUp, linkDown,
warmStart, and coldStart traps.
• When used with keywords, enables only the trap types
specified. For example, to globally enable only linkUp
and linkDown SNMP traps or informs for all
interfaces, use the snmp-server enable traps snmp
linkup linkdown form of this command.

Step 4 interface type slot/port Enters interface configuration mode for a specific interface.
Example:

SNMP Configuration Guide

35
 Configuring SNMP Support
Controlling Individual RFC 1157 SNMP Traps

Command or Action Purpose

Note To enable SNMP traps for individual interfaces
Device(config)# interface FastEthernet 0/0
such as Dialer, use the snmp trap link-status
permit duplicates command in interface
configuration mode. For example, to enter dialer
interface configuration mode, enter the interface
type as dialer.

Step 5 no snmp-server link-status Disables the sending of linkUp and linkDown notifications
for all generic interfaces.
Example:

Device(config-if)# no snmp-server link-status

Step 6 end Exits interface configuration mode.

Example:

Device(config-if)# end

Step 7 end Exits global configuration mode and returns to privileged

EXEC mode.
Example:

Device(config)# end

Step 8 show snmp mib ifmibtraps

Example:

Device# show snmp mib ifmib traps

Examples
The following example shows the status of linkup and linkdown traps for all interfaces configured
for the system:

Device# show snmp mib ifmib traps

ifDescr ifindex TrapStatus

---------------------------------
FastEthernet 3/6 14 enabled
FastEthernet 3/19 27 enabled
GigabitEthernet 5/1 57 enabled
unrouted VLAN 1005 73 disabled
FastEthernet 3/4 12 enabled
FastEthernet 3/39 47 enabled
FastEthernet 3/28 36 enabled
FastEthernet 3/48 56 enabled
unrouted VLAN 1003 74 disabled
FastEthernet 3/2 10 enabled
Tunnel 0 66 enabled
SPAN RP Interface 64 disabled
Tunnel 10 67 enabled
FastEthernet 3/44 52 enabled
GigabitEthernet 1/3 3 enabled

SNMP Configuration Guide

36
 Configuring SNMP Support
Configuring SNMP Notification Log Options

FastEthernet 3/11 19 enabled

FastEthernet 3/46 54 enabled
GigabitEthernet 1/1 1 enabled
FastEthernet 3/13 21 enabled
unrouted VLAN 1 70 disabled
GigabitEthernet 1/4 4 enabled
FastEthernet 3/9 17 enabled
FastEthernet 3/16 24 enabled
FastEthernet 3/43 51 enabled

Configuring SNMP Notification Log Options

Perform this task to configure SNMP notification log options. These options allow you to control the log size
and timing values. The SNMP log can become very large and long, if left unmodified.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib notification-log default
4. snmp mib notification-log globalageout seconds
5. snmp mib notification-log globalsize size
6. end
7. show snmp mib notification-log

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp mib notification-log default Creates an unnamed SNMP notification log.
Example:
Device(config)# snmp mib notification-log default

Step 4 snmp mib notification-log globalageout seconds Sets the maximum amount of time for which the SNMP
notification log entries remain in the system memory.
Example:
Device(config)# snmp mib notification-log • In this example, the system is configured to delete
globalageout 20 entries in the SNMP notification log that were logged
more than 20 minutes ago.

Step 5 snmp mib notification-log globalsize size Sets the maximum number of entries that can be stored in
all SNMP notification logs.
Example:

SNMP Configuration Guide

37
 Configuring SNMP Support
Configuring Interface Index Display and Interface Indexes and Long Name Support

Command or Action Purpose

Device(config)# snmp mib notification-log
globalsize 600

Step 6 end Exits global configuration mode.

Example:
Device(config)# end

Step 7 show snmp mib notification-log Displays information about the state of the local SNMP
notification logging.
Example:
Device# show snmp mib notification-log

Examples
This example shows information about the state of local SNMP notification logging:
Device# show snmp mib notification-log

GlobalAgeout 20, GlobalEntryLimit 600

Total Notifications logged in all logs 0
Log Name"", Log entry Limit 600, Notifications logged 0
Logging status enabled
Created by cli

Configuring Interface Index Display and Interface Indexes and Long Name
Support
The display of Interface Indexes lets advanced users of SNMP view information about the interface registrations
directly on a managed agent. An external NMS is not required.
Configuration of Long Alias Names for the interfaces lets users configure the ifAlias (the object defined in
the MIB whose length is restricted to 64) up to 255 bytes.

Before you begin

SNMP must be enabled on your system.
The Interface Index Display and Interface Alias Long Name Support feature is not supported on all Cisco
platforms. Use Cisco Feature Navigator to find information about platform support and software image support.
Perform this task to configure the IF-MIB to retain ifAlias values of longer than 64 characters and to configure
the ifAlias values for an interface.

Note To verify if the ifAlias description is longer than 64 characters, perform an SNMP MIB walk for the ifMIB
ifAlias variable from an NMS and verify that the entire description is displayed in the values for ifXEntry.18.
The description for interfaces also appears in the output from the more system:running config privileged
EXEC mode command.

SNMP Configuration Guide

38
 Configuring SNMP Support
Configuring Interface Index Display and Interface Indexes and Long Name Support

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp ifmib ifalias long
4. interface type number
5. description text-string
6. end
7. show snmp mib
8. show snmp mib ifmib ifindex [type number] [detail] [free-list]

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp ifmib ifalias long Configures the Interfaces MIB (IF-MIB) on the system to
return ifAlias values of longer than 64 characters to a
Example:
Network Management System.
Device(config)# snmp ifmib ifalias long
• If the ifAlias values are not configured using the snmp
ifmib ifalias long command, the ifAlias description
will be restricted to 64 characters.

Step 4 interface type number Enters interface configuration mode.

Example: • The form of this command varies depending on the
Device(config)# interface ethernet 2/4 interface being configured.

Step 5 description text-string Configures a free-text description of the specified interface.

Example:
Device(config)# description This text string
description can be up to 256 characters long
• This description can be up to 240 characters in length
and is stored as the ifAlias object value in the IF-MIB.
• If the ifAlias values are not configured using the snmp
ifmib ifalias long command, the ifAlias description
for SNMP set and get operations is restricted to 64
characters, although the interface description is
configured for more than 64 characters by using the
description command.

Step 6 end Exits global configuration mode.

Example:

SNMP Configuration Guide

39
 Configuring SNMP Support
Configuring Interface Index Display and Interface Indexes and Long Name Support

Command or Action Purpose

Device(config)# end

Step 7 show snmp mib Displays a list of MIB module instance identifiers registered
on your system.
Example:
Device# show snmp mib • The resulting display could be lengthy.

Step 8 show snmp mib ifmib ifindex [type number] [detail] Displays the Interfaces MIB ifIndex values registered on
[free-list] your system for all interfaces or the specified interface.
Example:
Device# show snmp mib ifmib ifindex Ethernet 2/0

Examples
The following example lists the MIB module instance identifiers registered on your system. The
resulting display could be lengthy. Only a small portion is shown here.
Device# show snmp mib
system.1
system.2
sysUpTime
system.4
system.5
system.6
system.7
system.8
sysOREntry.2
sysOREntry.3
sysOREntry.4
interfaces.1
ifEntry.1
ifEntry.2
ifEntry.3
ifEntry.4
ifEntry.5
ifEntry.6
ifEntry.7
ifEntry.8
ifEntry.9
ifEntry.10
ifEntry.11
--More--
captureBufferEntry.2
captureBufferEntry.3
captureBufferEntry.4
captureBufferEntry.5
captureBufferEntry.6
captureBufferEntry.7
capture.3.1.1
eventEntry.1
eventEntry.2
eventEntry.3
eventEntry.4
eventEntry.5
eventEntry.6
eventEntry.7

SNMP Configuration Guide

40
 Configuring SNMP Support
Configuring Interface Index Persistence

logEntry.1
logEntry.2
logEntry.3
logEntry.4
rmon.10.1.1.2
rmon.10.1.1.3
rmon.10.1.1.4
rmon.10.1.1.5
rmon.10.1.1.6
rmon.10.1.1.7
rmon.10.2.1.2
rmon.10.2.1.3
rmon.10.3.1.2

The following example shows output for the Interfaces MIB ifIndex values registered on a system
for a specific interface:
Device# show snmp mib ifmib ifindex Ethernet 2/0
Ethernet2/0: Ifindex = 2

The following example shows output for the Interfaces MIB ifIndex values registered on a system
for all interfaces:
Device# show snmp mib ifmib ifindex
ATM1/0: Ifindex = 1
ATM1/0-aal5 layer: Ifindex = 12
ATM1/0-atm layer: Ifindex = 10
ATM1/0.0-aal5 layer: Ifindex = 13
ATM1/0.0-atm subif: Ifindex = 11
ATM1/0.9-aal5 layer: Ifindex = 32
ATM1/0.9-atm subif: Ifindex = 31
ATM1/0.99-aal5 layer: Ifindex = 36
ATM1/0.99-atm subif: Ifindex = 35
Ethernet2/0: Ifindex = 2
Ethernet2/1: Ifindex = 3
Ethernet2/2: Ifindex = 4
Ethernet2/3: Ifindex = 5
Null0: Ifindex = 14
Serial3/0: Ifindex = 6
Serial3/1: Ifindex = 7
Serial3/2: Ifindex = 8
Serial3/3: Ifindex = 9

Configuring Interface Index Persistence

The following sections contain the tasks to configure Interface Index Persistence:

Enabling and Disabling IfIndex Persistence Globally

Perform this task to enable IfIndex persistence globally.

Before you begin

The configuration tasks described in this section assume that you have configured SNMP on your routing
device and are using SNMP to monitor network activity using the Cisco command line interface and/or an
NMS application.

SNMP Configuration Guide

41
 Configuring SNMP Support
Enabling and Disabling IfIndex Persistence Globally

Note To save the snmp-server ifindex persist command, enable the snmp service using any of the snmp
serverconfig commands, except the snmp-server ifindex persist command.

The interface-specific ifIndex persistence command (snmp ifindex persistence) cannot be used on
subinterfaces. A command applied to an interface is automatically applied to all subinterfaces associated with
that interface.
Testing indicates that approximately 25 bytes of NVRAM storage are used by this feature per interface. There
may be some boot delay exhibited on platforms with lower CPU speeds.

Note After ifIndex persistence commands have been entered, the configuration must be saved using the copy
running-config startup-config EXEC mode command to ensure consistent ifIndex values.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server ifindex persist
4. no snmp-server ifindex persist
5. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp-server ifindex persist Globally enables ifIndex values that will remain constant
across reboots.
Example:
Device(config)# snmp-server ifindex persist

Step 4 no snmp-server ifindex persist Disables global ifIndex persistence.

Example:
Device(config)# no snmp-server ifindex persist

Step 5 end Exits global configuration mode.

Example:
Device(config)# end

SNMP Configuration Guide

42
 Configuring SNMP Support
Enabling and Disabling IfIndex Persistence on Specific Interfaces

Enabling and Disabling IfIndex Persistence on Specific Interfaces

Perform this task to configure ifIndex persistence only on a specific interface.

Tip Use the snmp ifindex clear command on a specific interface when you want that interface to use the global
configuration setting for ifIndex persistence. This command clears any ifIndex configuration commands
previously entered for that specific interface.

SUMMARY STEPS
1. enable
2. configure terminal
3. interface type slot / port
4. snmp ifindex persist
5. no snmp ifindex persist
6. end
7. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 interface type slot / port Enters interface configuration mode for the specified
interface.
Example:
Note Note that the syntax of the interface command
Device(config)# interface FastEthernet 0/1 will vary depending on the platform you are
using.

Step 4 snmp ifindex persist Enables an ifIndex value that is constant across reboots on
the specified interface.
Example:

Device(config-if)# snmp ifindex persist

Step 5 no snmp ifindex persist Disables an ifIndex value that is constant across reboots on
the specified interface.
Example:

Device(config-if)# no snmp ifindex persist

SNMP Configuration Guide

43
 Configuring SNMP Support
Configuring SNMP Support for VPNs

Command or Action Purpose

Step 6 end Exits interface configuration mode.
Example:

Device(config-if)# end

Step 7 end Exits global configuration mode.

Example:

Device(config)# end

Configuring SNMP Support for VPNs

This section describes how to configure SNMP support for VPNs. The SNMP Support for VPNs feature
provides configuration commands that allow users to associate SNMP agents and managers with specific
VRFs. The specified VRF is used to send SNMP traps and informs and responses between agents and managers.
If a VRF is not specified, the default routing table for the VPN is used.
Support for VPNs allows users to configure an SNMP agent to only accept SNMP requests from a certain set
of VPNs. With this configuration, providers can provide network management services to their customers
who then can manage all user-VPN devices.

Note • This feature is not supported on all Cisco platforms. Use Cisco Feature Navigator to find information
about platform support and Cisco IOS software image support.
• Not all MIBs are VPN-aware. To list the VPN-aware MIBs, use the show snmp mib context command.
For more information about VPN-aware MIBs, see the SNMP Support over VPNs—Context-based Access
Control configuration module.

Perform this task to configure SNMP support for a specific VPN.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server host host-address [vrf vrf-name] [traps | informs] [version {1| 2c| 3 [auth | noauth
|priv]}] community-string [udp-port port] [notification-type]
4. snmp-server engineID remote ip-address [udp-port udp-port-number] [vrf vrf-name] engineid-string
5. exit
6. show snmp host

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

SNMP Configuration Guide

44
 Configuring SNMP Support
Configuring Event MIB Using SNMP

Command or Action Purpose

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp-server host host-address [vrf vrf-name] [traps Specifies the recipient of an SNMP notification operation
| informs] [version {1| 2c| 3 [auth | noauth |priv]}] and specifies the VRF table to be used for sending SNMP
community-string [udp-port port] [notification-type] notifications.
Example:
Device(config)# snmp-server host example.com public
vrf trap-vrf

Step 4 snmp-server engineID remote ip-address [udp-port Configures a name for the remote SNMP engine on a device
udp-port-number] [vrf vrf-name] engineid-string when configuring SNMP over a specific VPN for a remote
SNMP user.
Example:
Device(config)# snmp-server engineID remote
172.16.20.3 vrf traps-vrf

Example:
80000009030000B064EFE100

Step 5 exit Exits global configuration mode.

Example:
Device(config)# exit

Step 6 show snmp host (Optional) Displays the SNMP configuration and verifies
that the SNMP Support for VPNs feature is configured
Example:
properly.
Device# show snmp host

Configuring Event MIB Using SNMP

The Event MIB can be configured using SNMP directly. In this procedure, the Event MIB is configured to
monitor the delta values of ifInOctets for all interfaces once per minute. If any of the samples exceed the
specified threshold, a trap notification will be sent.
There are no Cisco software configuration tasks associated with the Event MIB. All configuration of Event
MIB functionality must be performed though applications using SNMP. This section provides a sample
configuration session using a network management application on an external device. See the “Additional
References” section for information about configuring SNMP on your Cisco routing device.
All configuration of Event MIB functionality must be performed though applications using SNMP. The
following section provides a step-by-step Event MIB configuration using SNMP research tools available for
Sun workstations. The setany commands given below are executed using the SNMP application.

SNMP Configuration Guide

45
 Configuring SNMP Support
Setting the Trigger in the Trigger Table

Note These are not Cisco command line interface commands. It is assumed that SNMP has been configured on
your routing device.

In this configuration, the objective is to monitor ifInOctets for all interfaces. The Event MIB is configured to
monitor the delta values of ifInOctets for all interfaces once per minute. If any of the samples exceed the
specified threshold of 30, a Trap notification will be sent.
There are five parts to the following example:

Setting the Trigger in the Trigger Table

Perform this task to set the trigger in the trigger table.

SUMMARY STEPS
1. setany -v2c $ADDRESS private mteTriggerEntryStatus.4.106.111.104.110.1 -i 5
2. setany -v2c $ADDRESS private mteTriggerValueID.4.106.111.104.110.1 -d 1.3.6.1.2.1.2.2.1.10
3. setany -v2c $ADDRESS private mteTriggerValueIDWildcard.4.106.111.104.110.1 -i 1
4. setany -v2c $ADDRESS private mteTriggerTest.4.106.111.104.110.1 -o '20'
5. setany -v2c $ADDRESS private mteTriggerFrequency.4.106.111.104.110.1 -g 60
6. setany -v2c $ADDRESS private mteTriggerSampleType.4.106.111.104.110.1 -i 2
7. setany -v2c $ADDRESS private mteTriggerEnabled.4.106.111.104.110.1 -i 1

DETAILED STEPS

Command or Action Purpose

Step 1 setany -v2c $ADDRESS private Creates a trigger row in the table with john as the mteOwner
mteTriggerEntryStatus.4.106.111.104.110.1 -i 5 and 1 as the trigger name.
• The index is given in decimal representation of the
ASCII value of john.1.

Step 2 setany -v2c $ADDRESS private Sets the mteTriggerValueID to the OID to be watched.
mteTriggerValueID.4.106.111.104.110.1 -d
• In this example, the OID to be monitored is ifInOctets.
1.3.6.1.2.1.2.2.1.10

Step 3 setany -v2c $ADDRESS private Sets the mteTriggerValueIDWildcard to TRUE to denote
mteTriggerValueIDWildcard.4.106.111.104.110.1 -i 1 a object referenced through wildcarding.

Step 4 setany -v2c $ADDRESS private Sets the mteTriggerTest to Threshold.

mteTriggerTest.4.106.111.104.110.1 -o '20'
Step 5 setany -v2c $ADDRESS private Sets the mteTriggerFrequency to 60. This means that
mteTriggerFrequency.4.106.111.104.110.1 -g 60 ifInOctets are monitored once every 60 seconds.

Step 6 setany -v2c $ADDRESS private Sets the sample type to Delta.
mteTriggerSampleType.4.106.111.104.110.1 -i 2
Step 7 setany -v2c $ADDRESS private Enables the trigger.
mteTriggerEnabled.4.106.111.104.110.1 -i 1

SNMP Configuration Guide

46
 Configuring SNMP Support
Creating an Event in the Event Table

Creating an Event in the Event Table

Perform this task to create an event in the event table.

SUMMARY STEPS
1. setany -v2c $ADDRESS private mteEventEntryStatus.4.106.111.104.110.101.118.101.110. 116 -i 5
2. setany -v2c $ADDRESS private mteEventEnabled.4.106.111.104.110.101.118.101.110.116 -i 1
3. setany -v2c $ADDRESS private mteEventEntryStatus.4.106.111.104.110.101.118.101.110. 116 -i 1

DETAILED STEPS

Command or Action Purpose

Step 1 setany -v2c $ADDRESS private Creates a row in the Event Table.
mteEventEntryStatus.4.106.111.104.110.101.118.101.110.
• The mteOwner here is again john, and the event is
116 -i 5
mteEventName.
• The default action is to send out a notification.

Step 2 setany -v2c $ADDRESS private Enables the Event.

mteEventEnabled.4.106.111.104.110.101.118.101.110.116
-i 1
Step 3 setany -v2c $ADDRESS private Makes the EventRow active.
mteEventEntryStatus.4.106.111.104.110.101.118.101.110.
116 -i 1

Setting and Activating the Trigger Threshold in the Trigger Table

Perform this task to set the trigger threshold in the trigger table.

SUMMARY STEPS
1. setany -v2c $ADDRESS private mteTriggerThresholdRising.4.106.111.104.110.1 -i 30
2. setany -v2c $ADDRESS private mteTriggerThresholdRisingEventOwner.4.106.111.104.110.1 -D
"owner"
3. setany -v2c $ADDRESS private mteTriggerEntryStatus.4.106.111.104.110.1 -i 1

DETAILED STEPS

Command or Action Purpose

Step 1 setany -v2c $ADDRESS private Sets the Rising Threshold value to 30. Note that a row
mteTriggerThresholdRising.4.106.111.104.110.1 -i 30 would already exist for john.1 in the Trigger Threshold
Table.

Step 2 setany -v2c $ADDRESS private Points to the entry in the Event Table that specifies the
mteTriggerThresholdRisingEventOwner.4.106.111.104.110.1 action to be performed.
-D "owner"
Example:

SNMP Configuration Guide

47
 Configuring SNMP Support
Activating the Trigger

Command or Action Purpose

setany -v2c $ADDRESS private
mteTriggerThresholdRisingEvent.4.106.111.104.110.1
-D "event"

Step 3 setany -v2c $ADDRESS private Makes the trigger active.

mteTriggerEntryStatus.4.106.111.104.110.1 -i 1

What to do next
To confirm that the above configuration is working, ensure that at least one of the interfaces gets more than
30 packets in a minute. This should cause a trap to be sent out after one minute.

Activating the Trigger

Perform this task to activate the trigger.

SUMMARY STEPS
1. setany -v2c $ADDRESS private mteTriggerEntryStatus.4.106.111.104.110.1 -i 1

DETAILED STEPS

Command or Action Purpose

Step 1 setany -v2c $ADDRESS private Makes the trigger active.
mteTriggerEntryStatus.4.106.111.104.110.1 -i 1

What to do next
To confirm that the above configuration is working, ensure that at least one of the interfaces gets more than
30 packets in a minute. This should cause a trap to be sent out after one minute.

Monitoring and Maintaining Event MIB

Use the following commands to monitor Event MIB activity from the Cisco command line interface:

Command Purpose

debug management event mib Prints messages to the screen whenever the Event MIB evaluates a specified
trigger. These messages are given in realtime and are intended to be used
by technical support engineers for troubleshooting purposes.

show management event Displays the SNMP Event values that have been configured on your routing
device through the use of the Event MIB.

Configuring Event MIB Using Command Line Interface

The Event MIB can be configured using SNMP directly. In this procedure, the Event MIB is configured to
monitor delta values of ifInOctets for all interfaces once per minute. If any of the samples exceed the specified
threshold, a trap notification will be sent.

SNMP Configuration Guide

48
 Configuring SNMP Support
Configuring Scalar Variables

Depending on your release, note that the Event MIB feature is enhanced to add command line interface
commands to configure the events, event action, and trigger.
This section contains the following tasks to configure the Event MIB:

Configuring Scalar Variables

Perform this task to configure scalar variables for the Event MIB.

Before you begin

To configure scalar variables for the Event MIB, you should be familiar with the Event MIB scalar variables.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib event sample minimum value
4. snmp mib event sample instance maximum value
5. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp mib event sample minimum value Sets the minimum value for object sampling.
Example:
Device(config)# snmp mib event sample minimum 10

Step 4 snmp mib event sample instance maximum value Sets the maximum value for object instance sampling.
Example:
Device(config)# snmp mib event sample instance
maximum 50

Step 5 exit Exits global configuration mode.

Example:
Device(config)# exit

Configuring Event MIB Object List

To configure the Event MIB, you need to set up a list of objects that can be added to notifications according
to the trigger, trigger test, or event.

SNMP Configuration Guide

49
 Configuring SNMP Support
Configuring Event MIB Object List

Before you begin

To configure the Event MIB object list, you should be familiar with the Event MIB objects and object identifiers,
which can be added to notifications according to the event, trigger, or trigger test.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib event object list owner object-list-owner name object-list-name object-number
4. object id object-identifier
5. wildcard
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib event object list owner object-list-owner Configures the Event MIB object list.
name object-list-name object-number
Example:

Device(config)# snmp mib event object list owner

owner1 name objectA 10

Step 4 object id object-identifier Specifies the object identifier for the object configured for
the event.
Example:

Device(config-event-objlist)# object id ifInOctets

Step 5 wildcard (Optional) Starts a wildcard search for object identifiers.

By specifying a partial object identifier, you can obtain a
Example:
list of object identifiers.
Device(config-event-objlist)# wildcard

Step 6 end Exits object list configuration mode.

Example:

Device(config-event-objlist)# end

SNMP Configuration Guide

50
 Configuring SNMP Support
Configuring Event

Configuring Event
Perform this task to configure a management event.

Before you begin

To configure a management event, you should be familiar with the SNMP MIB events and object identifiers.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib event owner event-owner name event-name
4. description event-description
5. enable
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib event owner event-owner name event-name Enters the event configuration mode.
Example:

Device(config)# snmp mib event owner owner1 name

EventA

Step 4 description event-description Describes the function and use of the event.
Example:

Device(config-event)# description “EventA is an

RMON event”

Step 5 enable Enables the event.

Example: Note The event can be executed during an event
trigger only if it is enabled.
Device(config-event)# enable

Step 6 end Exits event configuration mode and returns to privileged

EXEC mode.
Example:

SNMP Configuration Guide

51
 Configuring SNMP Support
Configuring Event Action

Command or Action Purpose

Device(config-event)# end

Configuring Event Action

By configuring an event action, you can define the actions that an application can perform during an event
trigger. The actions for an event include sending a notification, setting a MIB object and so on. You can set
the event action information to either set or notification. The actions for the event can be configured only in
event configuration mode.
The following sections contain the tasks to configure an event action:

Configuring Action Notification

Perform this task to set the notification action for the event.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib event owner event-owner name event-name
4. action notification
5. object id object-id
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp mib event owner event-owner name event-name Enters event configuration mode.
Example:
Device(config)# snmp mib event owner owner1 event
EventA

Step 4 action notification Sets the notification action for an event.

Example: Note If the event action is set to notification, a
notification is generated whenever an object
Device(config-event)# action notification associated with an event is modified.

SNMP Configuration Guide

52
 Configuring SNMP Support
Configuring Action Set

Command or Action Purpose

Step 5 object id object-id Configures object for action notification. When the object
specified is modified, a notification will be sent to the host
Example:
system.
Device(config-event-action-notification)# object
id ifInOctets

Step 6 end Exits action notification configuration mode and returns to

privileged EXEC mode.
Example:

Device(config-event-action-notification)# end

Configuring Action Set

Perform this task to set actions for an event.

SUMMARY STEPS
1. enable
2. configure terminal
3. action set
4. object id object-id
5. value integer-value
6. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 action set Enters action set configuration mode.

Example:

Device(config-event)# action set

Step 4 object id object-id Configures object for action set. When the object specified
is modified, a specified action will be performed.
Example:

Device(config-event-action-set)# object id
ifInOctets

SNMP Configuration Guide

53
 Configuring SNMP Support
Configuring Event Trigger

Command or Action Purpose

Step 5 value integer-value Sets a value for the object.
Example:

Device(config-event-action-set)# value 10

Step 6 end Exits action set configuration mode and returns to privileged
EXEC mode.
Example:

Device(config-event-action-set)# end

Configuring Event Trigger

By configuring an event trigger, you can list the objects to monitor, and associate each trigger to an event.
Perform this task to configure an event trigger.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib event trigger owner trigger-owner name trigger-name
4. description trigger-description
5. frequency seconds
6. object list owner object-list-owner name object-list-name
7. object id object-identifier
8. enable
9. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib event trigger owner trigger-owner name Enables event trigger configuration mode for the specified
trigger-name event trigger.
Example:

Device(config)# snmp mib event trigger owner owner1

name EventTriggerA

SNMP Configuration Guide

54
 Configuring SNMP Support
Configuring Existence Trigger Test

Command or Action Purpose

Step 4 description trigger-description Describes the function and use of the event trigger.
Example:

Device(config-event-trigger)# description
“EventTriggerA is an RMON alarm.”

Step 5 frequency seconds Configures the waiting time (number of seconds) between
trigger samples.
Example:

Device(config-event-trigger)# frequency 120

Step 6 object list owner object-list-owner name Specifies the list of objects that can be added to
object-list-name notifications.
Example:

Device(config-event-trigger)# object list owner

owner1 name ObjectListA

Step 7 object id object-identifier Configures object identifiers for an event trigger.

Example:

Device(config-event-trigger)# object id ifInOctets

Step 8 enable Enables the event trigger.

Example:

Device(config-event-trigger)# enable

Step 9 end Exits event trigger configuration mode.

Example:

Device(config-event-trigger)# end

Configuring Existence Trigger Test

You should configure this trigger type in event trigger configuration mode.
Perform this task to configure trigger parameters for the test existence trigger type.

SUMMARY STEPS
1. test existence
2. event owner event-owner name event-name
3. object list owner object-list-owner name object-list-name
4. type {present | absent | changed}
5. startup {present | absent}
6. end

SNMP Configuration Guide

55
 Configuring SNMP Support
Configuring Boolean Trigger Test

DETAILED STEPS

Command or Action Purpose

Step 1 test existence Enables test existence configuration mode.
Example:
Device(config-event-trigger)# test existence

Step 2 event owner event-owner name event-name Configures the event for the existence trigger test.
Example:
Device(config-event-trigger-existence)# event owner
owner1 name EventA

Step 3 object list owner object-list-owner name Configures the list of objects for the existence trigger test.
object-list-name
Example:
Device(config-event-trigger-existence)# object list
owner owner1 name ObjectListA

Step 4 type {present | absent | changed} Performs the specified type of existence test.
Example: Existence tests are of the following three types:
Device(config-event-trigger-existence)# type • Present—Setting type to present tests if the objects
present
that appear during the event trigger exist.
• Absent—Setting type to absent tests if the objects that
disappear during the event trigger exist.
• Changed—Setting type to changed tests if the objects
that changed during the event trigger exist.

Step 5 startup {present | absent} Triggers an event if the test is performed successfully.
Example:

Device(config-event-trigger-existence)# startup
present

Step 6 end Exits existence trigger test configuration mode.

Example:

Device(config-event-trigger-existence)# end

Configuring Boolean Trigger Test

You should configure this trigger test in event trigger configuration mode.
Perform this task to configure trigger parameters for the Boolean trigger type.

SUMMARY STEPS
1. test boolean

SNMP Configuration Guide

56
 Configuring SNMP Support
Configuring Threshold Trigger Test

2. comparison {unequal | equal | less | lessOrEqual | greater | greaterOrEqual}

3. value integer-value
4. object list owner object-list-owner name object-list-name
5. event owner event-owner name event-name
6. startup
7. end

DETAILED STEPS

Command or Action Purpose

Step 1 test boolean Enables Boolean trigger test configuration mode.
Example:
Device(config-event-trigger)# test boolean

Step 2 comparison {unequal | equal | less | lessOrEqual | greater Performs the specified Boolean comparison test.
| greaterOrEqual}
• The value for the Boolean comparison test can be set
Example: to unequal, equal, less, lessOrEqual, greater, or
Device(config-event-trigger-boolean)# comparison greaterOrEqual.
unequal

Step 3 value integer-value Sets a value for the Boolean trigger test.
Example:
Device(config-event-trigger-boolean)# value 10

Step 4 object list owner object-list-owner name Configures the list of objects for the Boolean trigger test.
object-list-name
Example:
Device(config-event-trigger-boolean)# object list
owner owner1 name ObjectListA

Step 5 event owner event-owner name event-name Configures the event for the Boolean trigger type.
Example:
Device(config-event-trigger-boolean)# event owner
owner1 name EventA

Step 6 startup Triggers an event if the test is performed successfully.

Example:
Device(config-event-trigger-boolean)# startup

Step 7 end Exits Boolean trigger test configuration mode.

Example:
Device(config-event-trigger-boolean)# end

Configuring Threshold Trigger Test

You should configure this trigger test in event trigger configuration mode.

SNMP Configuration Guide

57
 Configuring SNMP Support
Configuring Threshold Trigger Test

Perform this task to configure trigger parameters for the threshold trigger test.

SUMMARY STEPS
1. test threshold
2. object list owner object-list-owner name object-list-name
3. rising integer-value
4. rising event owner event-owner name event-name
5. falling integer-value
6. falling event owner event-owner name event-name
7. delta rising integer-value
8. delta rising event owner event-owner name event-name
9. delta falling integer-value
10. delta falling event owner event-owner name event-name
11. startup {rising | falling | rising-or-falling}
12. end

DETAILED STEPS

Command or Action Purpose

Step 1 test threshold Enables threshold trigger test configuration mode.
Example:
Device(config-event-trigger)# test threshold

Step 2 object list owner object-list-owner name Configures the list of objects for the threshold trigger test.
object-list-name
Example:
Device(config-event-trigger-threshold)# object
list owner owner1 name ObjectListA

Step 3 rising integer-value Sets the rising threshold to the specified value.
Example:
Device(config-event-trigger-threshold)# rising
100

Step 4 rising event owner event-owner name event-name Configures an event for the threshold trigger test for the
rising threshold.
Example:
Device(config-event-trigger-threshold)# rising
event owner owner1 name EventA

Step 5 falling integer-value Sets the falling threshold to the specified value.
Example:
Device(config-event-trigger-threshold)# falling
50

Step 6 falling event owner event-owner name event-name Configures an event for the threshold trigger test for the
falling threshold.
Example:

SNMP Configuration Guide

58
 Configuring SNMP Support
Configuring Expression MIB Using SNMP

Command or Action Purpose

Device(config-event-trigger-threshold)# falling
event owner owner1 name EventB

Step 7 delta rising integer-value Sets the delta rising threshold to the specified value when
the sampling method specified for the event trigger is delta.
Example:
Device(config-event-trigger-threshold)# delta
rising 30

Step 8 delta rising event owner event-owner name Configures an event for the threshold trigger test for the
event-name delta rising threshold.
Example:
Device(config-event-trigger-threshold)# delta
rising event owner owner1 name EventC

Step 9 delta falling integer-value Sets the delta falling threshold to the specified value when
the sampling method specified for the event trigger is delta.
Example:
Device(config-event-trigger-threshold)# delta
falling 10

Step 10 delta falling event owner event-owner name Configures an event for the threshold target test for the
event-name delta falling threshold.
Example:
Device(config-event-trigger-threshold)# delta
falling event owner owner1 name EventAA

Step 11 startup {rising | falling | rising-or-falling} Triggers an event when the threshold trigger test conditions
are met.
Example:
Device(config-event-trigger-threshold)# startup
rising

Step 12 end Exits threshold trigger test configuration mode.

Example:
Device(config-event-trigger-threshold)# end

Configuring Expression MIB Using SNMP

Expression MIB can be configured using SNMP directly.
There are no Cisco software configuration tasks associated with Expression MIB. All configurations of the
Expression MIB functionality must be performed though applications using SNMP. This section provides a
sample configuration session using a network management application on an external device. See the Additional
References section for information about configuring SNMP on your Cisco routing device.
The following section provides a step-by-step Expression MIB configuration using SNMP research tools
available for Sun workstations. The setany commands given below are executed using the SNMP application.
Note that these commands are not Cisco command line interface commands. It is assumed that SNMP has
been configured on your routing device.

SNMP Configuration Guide

59
 Configuring SNMP Support
Configuring Expression MIB Using SNMP

In the following configuration, a wildcarded expression involving the addition of the counters ifInOctects and
ifOutOctects are evaluated.

SUMMARY STEPS
1. setany -v2c $SNMP_HOST private expResourceDeltaMinimum.0 -i 60
2. setany -v2c $SNMP_HOST private expExpressionIndex.116.101.115.116 -g 9
3. setany -v2c $SNMP_HOST private expNameStatus.116.101.115.116 -i 5
4. setany -v2c $SNMP_HOST private expExpressionComment.9 -D "test expression"
5. setany -v2c $SNMP_HOST private expExpression.9 -D '$1 + $2'
6. setany -v2c $SNMP_HOST private expObjectID.9.1 -d ifInOctets
7. setany -v2c $SNMP_HOST private expObjectSampleType.9.1 -i 2
8. setany -v2c $SNMP_HOST private expObjectIDWildcard.9.1 -i 1
9. setany -v2c $SNMP_HOST private expObjectStatus.9.1 -i 1
10. setany -v2c $SNMP_HOST private expNameStatus.116.101.115.116 -i 1

DETAILED STEPS

Command or Action Purpose

Step 1 setany -v2c $SNMP_HOST private
expResourceDeltaMinimum.0 -i 60
Step 2 setany -v2c $SNMP_HOST private
expExpressionIndex.116.101.115.116 -g 9
Sets the minimum delta interval that the system will accept.
Sets the identification number used for identifying the
expression.
• For example, expName can be 'test', which is ASCII
116.101.115.116.

Step 3 setany -v2c $SNMP_HOST private Creates an entry in the expNameStatusTable.

expNameStatus.116.101.115.116 -i 5
Note When an entry is created in the expNameTable,
it automatically creates an entry in the
expExpressionTable.

Step 4 setany -v2c $SNMP_HOST private Sets the object to a comment to explain the use or meaning
expExpressionComment.9 -D "test expression" of the expression.
• Here, the comment is "test expression".

Step 5 setany -v2c $SNMP_HOST private expExpression.9 Sets the object expExpression to an expression that needs
-D '$1 + $2' to be evaluated.
• In this expression, "$1" corresponds to "ifInOctets",
"$2" corresponds to "ifOutOctets", and the expression
signifies the addition of the two counter objects.

Step 6 setany -v2c $SNMP_HOST private expObjectID.9.1 Specifies the object identifiers used in the expression
-d ifInOctets mentioned in the above set for calculation.
Example: • Here, the number "9", suffixed to the object
expObjectID, corresponds to the unique identifier

SNMP Configuration Guide

60
 Configuring SNMP Support
Configuring Expression MIB Using the CLI

Command or Action Purpose

setany -v2c $SNMP_HOST private expObjectID.9.2 -d used for identifying the expression, and the number
ifOutOctets "1" following "9" is another unique identifier used
for identifying an object within the expression. Set
the expObjectID to the two objects used in forming
the expression.

Step 7 setany -v2c $SNMP_HOST private Sets the type of sampling to be done for objects in the
expObjectSampleType.9.1 -i 2 expression.
Example: • There are two types of sampling: a) Absolute b) Delta.
setany -v2c $SNMP_HOST private Here, the sample type has been set to "Delta".
expObjectSampleType.9.2 -i 2

Step 8 setany -v2c $SNMP_HOST private Specifies whether the expObjectID is wildcarded or not.
expObjectIDWildcard.9.1 -i 1 In this case, both the expObjectID are wildcarded.
Example:
setany -v2c $SNMP_HOST private
expObjectIDWildcard.9.2 -i 1

Step 9 setany -v2c $SNMP_HOST private expObjectStatus.9.1 Sets the rows in the expObjectTable to active.
-i 1
Example:
setany -v2c $SNMP_HOST private expObjectStatus.9.2
-i 1

Step 10 setany -v2c $SNMP_HOST private Sets the rows in the expNameTable to active so that the
expNameStatus.116.101.115.116 -i 1 value of the expression can be evaluated.
• The value of the expression can now be obtained from
the expValueTable.

Configuring Expression MIB Using the CLI

Expression MIB can be configured using SNMP directly. However, in Cisco IOS Release 12.4(20)T, the
Expression MIB feature is enhanced to add CLIs to configure expressions. You should be familiar with
expressions, object identifiers, and sampling methods before configuring Expression MIB.
The following sections contain the tasks to configure Expression MIB:

Configuring Expression MIB Scalar Objects

Expression MIB has the following scalar objects:
• expResourceDeltaMinimum
• expResourceDeltaWildcardInstanceMaximum
Perform this task to configure Expression MIB scalar objects.

SNMP Configuration Guide

61
 Configuring SNMP Support
Configuring Expressions

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib expression delta minimum seconds
4. snmp mib expression delta wildcard maximum number-of-instances
5. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib expression delta minimum seconds (Optional) Sets the minimum delta interval in seconds.
Example: Note Application may use larger values for this
minimum delta interval to lower the impact of
Device(config)# snmp mib expression delta minimum constantly computing deltas. For larger delta
20 sampling intervals, the application samples less
often and has less overhead. By using this
command, you can enforce a lower overhead for
all expressions created after the delta interval is
set.

Step 4 snmp mib expression delta wildcard maximum (Optional) Limits the maximum number of dynamic instance
number-of-instances entries for wildcarded delta objects in expressions.
Example: For a given delta expression, the number of dynamic
instances is the number of values that meet all criteria to
Device(config)# snmp mib expression delta wildcard exist, times the number of delta values in the expression.
maximum 120 There is no preset limit for the instance entries and it is
dynamic based on a system’s resources.

Step 5 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:

Device(config)# exit

Configuring Expressions
Perform this task to configure an expression.

SNMP Configuration Guide

62
 Configuring SNMP Support
Configuring Expressions

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib expression owner expression-owner name expression-name
4. description expression-description
5. expression expression
6. delta interval seconds
7. value type {counter32 | unsigned32 | timeticks | integer32 | ipaddress | octetstring | objectid |
counter64}
8. enable
9. object object-number
10. id object-identifier
11. wildcard
12. discontinuity object discontinuity-object-id [wildcard] [type {timeticks | timestamp | date-and-time}]
13. conditional object conditional-object-id [wildcard]
14. sample {absolute | delta | changed}
15. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.
Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:
Device# configure terminal

Step 3 snmp mib expression owner expression-owner name Enables the expression to be configured.
expression-name
Example:
Device(config-expression)# snmp mib expression
owner owner1 name ExpA

Step 4 description expression-description Configures a description for the expression.

Example:
Device(config-expression)# description this
expression is created for the sysLocation MIB
object

Step 5 expression expression Configures the expression to be evaluated.

Example:

SNMP Configuration Guide

63
 Configuring SNMP Support
Configuring Expressions

Command or Action Purpose

Device(config-expression)# expression Note The expressions are in ANSI C syntax.
($1+$2)*800/$3
However, the variables in an expression are
defined as a combination of the dollar sign ($)
and an integer that corresponds to the object
number of the object used in evaluating the
expression.

Step 6 delta interval seconds Configures the sampling interval for objects in the
expression if the sampling method is delta.
Example:
Device(config-expression)# delta interval 180

Step 7 value type {counter32 | unsigned32 | timeticks | Sets the specified value type for the expression.
integer32 | ipaddress | octetstring | objectid | counter64}
Example:
Device(config-expression)# value type counter32

Step 8 enable Enables an expression for evaluation.

Example:
Device(config-expression)# enable

Step 9 object object-number Configures the objects that are used for evaluating an
expression.
Example:
Device(config-expression)# object 2 • The object number is used to associate the object with
the variables in the expression. The variable
corresponding to the object is $ and object number.
Thus, the variable in the example used here
corresponds to $10.

Step 10 id object-identifier Configures the object identifier.

Example:
Device(config-expression-object)# id ifInOctets

Step 11 wildcard (Optional) Enables a wildcarded search for objects used

in evaluating an expression.
Example:
Device(config-expression-object)# wildcard

Step 12 discontinuity object discontinuity-object-id [wildcard]
[type {timeticks | timestamp | date-and-time}]
Example:
Device(config-expression-object)# discontinuity
object sysUpTime
(Optional) Configures the discontinuity properties for the
object if the object sampling type is set to delta or changed.
The discontinuity object ID supports normal checking for
a discontinuity in a counter.
• Using the wildcard keyword, you can enable
wildcarded search for objects with discontinuity
properties.
• Using the type keyword, you can set value for objects
with discontinuity properties.

SNMP Configuration Guide

64
 Configuring SNMP Support
Configuration Examples for SNMP Support

Command or Action Purpose

Step 13 conditional object conditional-object-id [wildcard] (Optional) Configures the conditional object identifier.
Example: • Using the wildcard keyword, you can enable a
Device(config-expression-object)# conditional wildcarded search for conditional objects with
object discontinuity properties.
mib-2.90.1.3.1.1.2.3.112.99.110.4.101.120.112.53

Step 14 sample {absolute | delta | changed} Enables the specified sampling method for the object. This
example uses the delta sampling method.
Example:
Device(config-expression-object)# sample delta You can set any of the three sampling methods: absolute,
delta, and changed.
• Absolute sampling—Uses the value of the MIB object
during sampling.
• Delta sampling—Uses the last sampling value
maintained in the application. This method requires
applications to do continuous sampling.
• Changed sampling—Uses the changed value of the
object since the last sample.

Step 15 end Exits expression object configuration mode.

Example:
Device(config-expression-object)# end

Configuration Examples for SNMP Support

Example Configuring SNMPv1, SNMPv2c and SNMPv3
The following example shows how to enable SNMPv1, SNMPv2c, and SNMPv3. The configuration permits
any SNMP manager to access all objects with read-only permissions using the community string named public.
This configuration does not cause the device to send traps.

Device(config)# snmp-server community public

The following example shows how to permit SNMP access to all objects with read-only permission using the
community string named public. The device will also send ISDN traps to the hosts 172.16.1.111 and 172.16.1.33
using SNMPv1 and to the host 172.16.1.27 using SNMPv2c. The community string named public is sent with
the traps.

Device(config)# snmp-server community public

Device(config)# snmp-server enable traps isdn
Device(config)# snmp-server host 172.16.1.27 version 2c public
Device(config)# snmp-server host 172.16.1.111 version 1 public
Device(config)# snmp-server host 172.16.1.33 public

The following example shows how to allow read-only access for all objects to members of access list 4 that
specify the comaccess community string. No other SNMP managers have access to any objects. SNMP

SNMP Configuration Guide

65
 Configuring SNMP Support
Example Configuring SNMPv1, SNMPv2c and SNMPv3

Authentication Failure traps are sent by SNMPv2c to the host example.com using the community string named
public.

Device(config)# snmp-server community comaccess ro 4

Device(config)# snmp-server enable traps snmp authentication
Device(config)# snmp-server host example.com version 2c public

The following example shows how to configure a remote user to receive traps at the noAuthNoPriv security
level when the SNMPv3 security model is enabled:

Device(config)# snmp-server group group1 v3 noauth

Device(config)# snmp-server user remoteuser1 group1 remote 10.12.8.4
Device(config)# snmp-server host 10.12.8.4 informs version 3 noauth remoteuser config

The following example shows how to configure a remote user to receive traps at the authNoPriv security level
when the SNMPv3 security model is enabled:

Device(config)# snmp-server group group2 v3 auth

Device(config)# snmp-server user AuthUser group2 remote 10.12.8.4 v3 auth md5 password1

The following example shows how to configure a remote user to receive traps at the priv security level when
the SNMPv3 security model is enabled:

Device(config)# snmp-server group group3 v3 priv

Device(config)# snmp-server user PrivateUser group3 remote 10.12.8.4 v3 auth md5 password1
priv access des56

The following example shows how to send Entity MIB inform notifications to the host example.com. The
community string is restricted. The first line enables the device to send Entity MIB notifications in addition
to any traps or informs previously enabled. The second line specifies that the notifications should be sent as
informs, specifies the destination of these informs, and overwrites the previous snmp-server host commands
for the host example.com.

Device(config)# snmp-server enable traps entity

Device(config)# snmp-server host informs example.com restricted entity

The following example shows how to send SNMP and Cisco environmental monitor enterprise-specific traps
to the address 172.30.2.160:

Device(config)# snmp-server enable traps

Device(config)# snmp-server host 172.30.2.160 public snmp envmon

The following example shows how to enable the device to send all traps to the host example.com using the
community string public:

Device(config)# snmp-server enable traps

Device(config)# snmp-server host example.com public

The following example shows a configuration in which no traps are sent to a host. The BGP traps are enabled
for all hosts, but only the ISDN traps are enabled to be sent to a host.

Device(config)# snmp-server enable traps bgp

Device(config)# snmp-server host host1 public isdn

The following example shows how to enable a device to send all informs to the host example.com using the
community string named public:

SNMP Configuration Guide

66
 Configuring SNMP Support
Example Configuring IfAlias Long Name Support

Device(config)# snmp-server enable traps

Device(config)# snmp-server host example.com informs version 2c public

In the following example, the SNMP manager is enabled and the session timeout is set to a value greater than
the default:

Device(config)# snmp-server manager

Device(config)# snmp-server manager session-timeout 1000

Example Configuring IfAlias Long Name Support

In the following example a long description is applied to the Fast Ethernet interface in slot 1, port adapter 0,
and port 0:

Device# configure terminal

Device(config)#interface FastEthernet1/0/0
Device(config-if)# description FastEthernet1/0/0 this is a test of a description that exceeds
64 characters in length
Device(config-if)#ip address 192.168.134.55 255.255.255.0
Device(config-if)#no ip directed-broadcast
Device(config-if)#no ip route-cache distributed

Assuming that ifAlias long name support is not yet enabled (the default), the following example shows the
results of a mibwalk operation from an NMS:

***** SNMP QUERY STARTED *****

.
.
.
ifXEntry.18.10 (octets) (zero-length)
ifXEntry.18.11 (octets) Fastethernet1/0/0 this is a test of a description that exceeds 64
ch
ifXEntry.18.12 (octets) (zero-length)
.
.
.

The following output shows the description that is displayed at the CLI:

Device# show interface FastEthernet0/0/0

FastEthernet1/0/0 is administratively down, line protocol is down

Hardware is Lance, address is 0010.7b4d.7046 (bia 0010.7b4d.7046)
Description: FastEthernet1/0/0 this is a test of a description that exceeds 64 chh
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 252/255, txload 1/255, rxload 1/255
.
.
.

In the following example, ifAlias long name support is enabled and the description is displayed again:

Device(config)# snmp ifmib ifalias long

Device(config)#interface FastEthernet1/0/0
Device(config-if)# description FastEthernet1/0/0 this is a test of a description that exceeds
64 characters in length
Device(config)#end

SNMP Configuration Guide

67
 Configuring SNMP Support
Example Configuring SNMP Support for VPNs

Device# show interface FastEthernet1/0/0

FastEthernet1/0/0 is administratively down, line protocol is down

Hardware is Lance, address is 0010.7b4d.7046 (bia 0010.7b4d.7046)
Description: FastEthernet1/0/0 this is a test of a description that exceeds 64 characters
in length
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
reliability 252/255, txload 1/255, rxload 1/255
.
.
.
***** SNMP QUERY STARTED *****
.
.
.
ifXEntry.18.10 (octets) (zero-length)
ifXEntry.18.11 (octets) FastEthernet1/0/0 this is a test of a description that exceeds 64
characters in length
ifXEntry.18.12 (octets) (zero-length)
.
.
.

Example Configuring SNMP Support for VPNs

In the following example, all SNMP notifications are sent to example.com over the VRF named trap-vrf:
Device(config)# snmp-server host example.com vrf trap-vrf

In the following example, the VRF named "traps-vrf" is configured for the remote server 172.16.20.3:
Device(config)# snmp-server engineID remote 172.16.20.3 vrf traps-vrf 80000009030000B064EFE100

Example Configuring Event MIB

The following example shows how to configure scalar variables for an event:
Device# configure terminal
Device(config)# snmp mib event sample minimum 10
Device(config)# snmp mib event sample instance maximum 50
Device(config)# exit

The following example shows how to configure the object list for an event:
Device# configure terminal
Device(config)# snmp mib event object list owner owner1 name objectA 1
Device(config-event-objlist)# object id ifInOctets
Device(config-event-objlist)# wildcard
Device(config-event-objlist)# exit

The following example shows how to configure an event:

Device# configure terminal
Device(config)# snmp mib event owner owner1 name EventA
Device(config-event)# description "eventA is an RMON event."
Device(config-event)# enable
Device(config-event)# exit

The following example shows how to set the notification action for an event:

SNMP Configuration Guide

68
 Configuring SNMP Support
Example Configuring Expression MIB

Device(config-event)# action notification

Device(config-event-action-notification)# object id ifInOctets
Device(config-event-action-notification)# exit

The following example shows how to set actions for an event:

Device(config-event)# action set
Device(config-event-action-set)# object id ifInOctets
Device(config-event-action-set)# value 10
Device(config-event-action-set)# exit

The following example shows how to configure the trigger for an event:
Device# configure terminal
Device(config)# snmp mib event trigger owner owner1 name EventTriggerA
Device(config-event-trigger)# description “EventTriggerA is an RMON alarm.”
Device(config-event-trigger)# frequency 120
Device(config-event-trigger)# object list owner owner1 name ObjectListA
Device(config-event-trigger)# object id ifInOctets
Device(config-event-trigger-object-id)# enable
Device(config-event-trigger)# exit

The following example shows how to configure the existence trigger test:
Device(config-event-trigger)# test existence
Device(config-event-trigger-existence)# event owner owner1 name EventA
Device(config-event-trigger-existence)# object list owner owner1 name ObjectListA
Device(config-event-trigger-existence)# type present
Device(config-event-trigger-existence)# startup present
Device(config-event-trigger-existence)# exit

The following example shows how to configure the Boolean trigger test:
Device(config-event-trigger)# test boolean
Device(config-event-trigger-boolean)# comparison unequal
Device(config-event-trigger-boolean)# value 10
Device(config-event-trigger-boolean)# object list owner owner1 name ObjectListA
Device(config-event-trigger-boolean)# event owner owner1 name EventA
Device(config-event-trigger-boolean)# startup
Device(config-event-trigger-boolean)# exit

The following example shows how to configure the threshold trigger test:
Device(config-event-trigger)# test threshold
Device(config-event-trigger-threshold)# object list owner owner1 name ObjectListA
Device(config-event-trigger-threshold)# rising 100
Device(config-event-trigger-threshold)# rising event owner owner1 name EventA
Device(config-event-trigger-threshold)# falling 50
Device(config-event-trigger-threshold)# falling event owner owner1 name EventA
Device(config-event-trigger-threshold)# delta rising 30
Device(config-event-trigger-threshold)# delta rising event owner owner1 name EventA
Device(config-event-trigger-threshold)# delta falling 10
Device(config-event-trigger-threshold)# delta falling event owner owner1 name EventA
Device(config-event-trigger-threshold)# startup rising
Device(config-event-trigger-threshold)# exit

Example Configuring Expression MIB

The following example shows how to configure Expression MIB using the snmp mib expressioncommand
in global configuration mode:

Device(config)# snmp mib expression owner pcn name exp6

SNMP Configuration Guide

69
 Configuring SNMP Support
Additional References

description this expression is created for the

Device(config-expression)#
sysLocation MIB object

Device(config-expression)# expression ($1+$2)*800/$3

Device(config-expression)# delta interval 120

Device(config-expression)# value type counter32

Device(config-expression)# enable

Device(config-expression)# object 2

Device(config-expression-object)# id ifInOctets

Device(config-expression-object)# wildcard

Device(config-expression-object)# discontinuity object sysUpTime

conditional object
Device(config-expression-object)#
mib-2.90.1.3.1.1.2.3.112.99.110.4.101.120.112.53 wildcard

Device(config-expression-object)# sample delta

Device(config-expression-object)# end

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

Cisco IOS SNMP Support Command Reference Cisco IOS SNMP Support Command Reference

Standards and RFCs

Standard/RFC Title
CBC-DES (DES-56) standard Symmetric Encryption Protocol

Standard 58 Structure of Management Information Version 2 (SMIv2) >

RFC 1067 A Simple Network Management Protocol

SNMP Configuration Guide

70
Configuring SNMP Support
Additional References

Standard/RFC Title
RFC 1091 Telnet terminal-type option

RFC 1098 Simple Network Management Protocol (SNMP)

RFC 1157 Simple Network Management Protocol (SNMP)

RFC 1213 Management Information Base for Network Management of TCP/IP-based

internets:MIB-II

RFC 1215 Convention for defining traps for use with the SNMP

RFC 1901 Introduction to Community-based SNMPv2

RFC 1905 Common Management Information Services and Protocol over TCP/IP
(CMOT)

RFC 1906 Telnet X Display Location Option

RFC 1908 Simple Network Management Protocol (SNMP)

RFC 2104 HMAC: Keyed-Hashing for Message Authentication

RFC 2206 RSVP Management Information Base using SMIv2

RFC 2213 Integrated Services Management Information Base using SMIv2

RFC 2214 Integrated Services Management Information Base Guaranteed Service

Extensions using SMIv2

RFC 2233 The Interface Group MIB using SMIv2

RFC 2271 An Architecture for Describing SNMP Management Frameworks

RFC 2570 Introduction to Version 3 of the Internet-standard Network Management

Framework

RFC 2578 Structure of Management Information Version 2 (SMIv2)

RFC 2579 Textual Conventions for SMIv2

RFC 2580 Conformance Statements for SMIv2

RFC 2981 Event MIB

RFC 3413 SNMPv3 Applications

RFC 3415 View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)

SNMP Configuration Guide

71
 Configuring SNMP Support
Feature Information for Configuring SNMP Support

MIBs

MIB MIBs Link

• Cisco SNMPv2 To locate and download MIBs for selected

• Ethernet-like Interfaces MIB platforms, Cisco IOS XE software releases, and
• Event MIB feature sets, use Cisco MIB Locator found at the
• Expression MIB Support for Delta, Wildcarding, and following URL:
Aggregation http://www.cisco.com/go/mibs
• Interfaces Group MIB (IF-MIB)
• Interfaces Group MIB Enhancements
• MIB Enhancements for Universal Gateways and
Access Servers

Technical Assistance

Description Link

The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html

resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and
Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for Configuring SNMP Support

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 2: Feature Information for Configuring SNMP Support

Feature Name Releases Feature Information

Event MIB Cisco IOS XE The Event MIB feature was implemented on the Cisco ASR
Release 2.1 1000 series routers.

SNMP Configuration Guide

72
Configuring SNMP Support
Feature Information for Configuring SNMP Support

Feature Name Releases Feature Information

Event MIB and Cisco IOS XE The Event MIB and Expression MIB feature introduces CLIs
Expression MIB Release 3.1S to configure the Event MIB and Expression MIB.
CLIs
The following commands were introduced by this feature:
action (event) , comparison, conditional object, delta (test
threshold), delta interval, description (event), description
(expression), description (trigger), discontinuity object,
enable (event), enable (expression), event owner, enable
(expression), expression, falling (test threshold), frequency
(event trigger), object (expression), object-id (action
notification), object id (action set), object id (event trigger),
object list (trigger test), object wildcard, rising (test
threshold), sample (expression), snmp mib event object list,
snmp mib event owner, snmp mib event trigger, snmp mib
expression delta, snmp mib expression owner, startup (test
existence), startup (test boolean), startup (test threshold),
test (event trigger), type (test existence), value (test boolean),
value (event configuration), value type, wildcard (event and
expression).

Interface Index Cisco IOS XE The Interface Index Display for SNMP feature introduces new
Display for SNMP Release 2.1 commands and command modifications that allow advanced
users of SNMP to view information about the interface
registrations directly on the managed agent. You can display
MIB information from the agent without using an external
NMS.
This feature addresses three objects in the Interfaces MIB:
ifIndex , ifAlias , and ifName . For complete definitions of these
objects, see the IF-MIB.my file available from the Cisco
SNMPv2 MIB website at ftp://ftp.cisco.com/pub/mibs/v2/.

Interface Index Cisco IOS XE The Interface Index Persistence feature enhancement allows
Persistence Release 2.1 interfaces to be identified with unique values which will remain
constant even when a device is rebooted. These interface
identification values are used for network monitoring and
management using SNMP.

SNMP (Simple Cisco IOS XE

Network Release 2.1
Management
Protocol)

SNMP Diagnostics Cisco IOS XE The SNMP Diagnostics feature adds Cisco IOS CLI commands
Release 3.1S to display the object identifiers that are recently requested by
the network management system, and to display the SNMP
debug messages.
The following commands were introduced or modified: show
snmp stats oid and debug snmp detail.

SNMP Configuration Guide

73
 Configuring SNMP Support
Glossary

Feature Name Releases Feature Information

SNMP Inform Cisco IOS XE

Request Release 2.1

SNMP Manager Cisco IOS XE The SNMP Manager feature was implemented on the Cisco
Release 2.1 ASR 1000 series routers.

SNMP Notification Cisco IOS XE The SNMP Notification Logging feature adds Cisco IOS CLI
Logging Release 2.1 commands to change the size of the notification log, to set the
global ageout value for the log, and to display logging
summaries at the command line.

SNMP Support for Cisco IOS XE The SNMP Support for VPNs feature allows SNMP traps and
VPNs Release 2.1 informs to be sent and received using VRF tables. In particular,
this feature adds support to Cisco IOS XE software for sending
and receiving SNMP traps and informs specific to individual
VPNs.

SNMP Version 3 Cisco IOS XE

Release 2.1

SNMPv2C Cisco IOS XE

Release 2.1

Glossary
ifAlias—SNMP Interface Alias. The ifAlias is an object in the IF-MIB. The ifAlias is an alias name for the
interface as specified by the network manager that provides a nonvolatile description for the interface. For a
complete definition, see the IF-MIB.my file.
ifIndex—SNMP Interface Index. The ifIndex is an object in the IF-MIB. The ifIndex is a unique integer
assigned to every interface (including subinterfaces) on the managed system when the interface registers with
the IF-MIB. For a complete definition, see the IF-MIB.my file.
OID—MIB object identifier. An object identifier is expressed as a series of integers or text strings. Technically,
the numeric form is the object name and the text form is the object descriptor. In practice, both are called
object identifiers or OIDs. For example, the object name for the interfaces MIB is 1.3.6.1.2.1.2, and the object
descriptor is ‘iso.internet.mgmt.mib-2.interfaces’, but either can be referred to as the OID. An OID can also
be expressed as a combination of the two, such as iso.internet.2.1.2.

SNMP Configuration Guide

74
 CHAPTER 3
SNMP Support over VPNs—Context-Based
Access Control
The SNMP Support over VPNs—Context-Based Access Control feature provides the infrastructure for multiple
Simple Network Management Protocol (SNMP) context support in Cisco software and VPN-aware MIB
infrastructure using the multiple SNMP context support infrastructure.
• Finding Feature Information, on page 75
• Restrictions for SNMP Support over VPNs—Context-Based Access Control, on page 75
• Information About SNMP Support over VPNs—Context-Based Access Control, on page 76
• How to Configure SNMP Support over VPNs—Context-Based Access Control, on page 78
• Configuration Examples for SNMP Support over VPNs—Context-Based Access Control, on page 82
• Additional References, on page 83
• Feature Information for SNMP Support over VPNs—Context-Based Access Control, on page 85

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Restrictions for SNMP Support over VPNs—Context-Based

Access Control
• If you delete an SNMP context using the no snmp-server context command, all SNMP instances in that
context are deleted.
• Not all MIBs are VPN-aware.

SNMP Configuration Guide

75
 SNMP Support over VPNs—Context-Based Access Control
Information About SNMP Support over VPNs—Context-Based Access Control

Information About SNMP Support over VPNs—Context-Based

Access Control
SNMP Versions and Security
Cisco software supports the following versions of SNMP:
• SNMPv1—Simple Network Management Protocol: a full Internet standard, which is defined in RFC
1157. (RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security
is based on the community strings.
• SNMPv2c—The community string-based Administrative Framework for SNMPv2. SNMPv2c (the "c"
is for "community") is an experimental IP that is defined in RFC 1901, RFC 1905, and RFC 1906.
SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic) and
uses the community-based security model of SNMPv1.

For more information about SNMP versions, see the “Configuring SNMP Support” module in the Cisco
Network Management Configuration Guide.

SNMPv1 or SNMPv2 Security

Cisco IOS software supports the following versions of SNMP:
• SNMPv1—Simple Network Management Protocol: a full Internet standard, that is defined in RFC 1157.
(RFC 1157 replaces the earlier versions that were published as RFC 1067 and RFC 1098.) Security is
based on the community strings.
• SNMPv2c—The community string-based Administrative Framework for SNMPv2. SNMPv2c (the "c"
is for "community") is an experimental IP that is defined in RFC 1901, RFC 1905, and RFC 1906.
SNMPv2c is an update of the protocol operations and data types of SNMPv2p (SNMPv2 Classic) and
uses the community-based security model of SNMPv1.

SNMPv1 and SNMPv2 are not as secure as SNMPv3. SNMP version 1 and 2 use plain text communities and
do not perform the authentication or security checks that SNMP version 3 performs. When using SNMP
version 1 or 2, associate a community name with a VPN to configure the SNMP Support over
VPNs—Context-Based Access Control feature. This association causes SNMP to process requests coming
in for a particular community string only if it comes in from the configured VRF. Community strings without
an associated VRF in the incoming packets are processed only if it came through a non-VRF interface. This
process prevents users outside the VPN from snooping a clear text community string to query the VPN’s data.
These methods of source address validation are not as secure as using SNMPv3.

SNMP Notification Support over VPNs

The SNMP Notification Support over VPNs feature allows the sending and receiving of SNMP notifications
(traps and informs) using VPN routing and forwarding (VRF) instance tables. In particular, this feature adds
support to Cisco software for the sending and receiving of SNMP notifications (traps and informs) specific
to individual VPNs.

SNMP Configuration Guide

76
 SNMP Support over VPNs—Context-Based Access Control
VPN-Aware SNMP

SNMP is an application-layer protocol that provides a message format for communication between SNMP
managers and agents.
A VPN is a network that provides high-connectivity transfers on a shared system with the same usage guidelines
as a private network. A VPN can be built on the Internet over IP, Frame Relay, or ATM networks.
A VRF stores per-VPN routing data. It defines the VPN membership of a customer site that is attached to the
network access server (NAS). The VRF consists of an IP routing table and a derived Cisco Express Forwarding
(formerly known as CEF) table. VRF also consists of guidelines and routing protocol parameters that control
the information that is included in the routing table.
The SNMP Support for VPNs—Context-Based Access Control feature provides configuration commands
that allow you to associate SNMP agents and managers with specific VRFs. The associated VRF is used for
the sending of SNMP notifications (traps and informs) and responses between agents and managers. If a VRF
is not specified, the default routing table for the VPN is used.

VPN-Aware SNMP
The SNMP Support for VPNs—Context-Based Access Control feature extends the capabilities of the SNMP
Notification Support for VPNs feature and enables SNMP to differentiate between incoming packets from
different VPNs.
When the SNMP Support for VPNs—Context-Based Access Control feature is configured, SNMP accepts
requests on any configured VRF and returns responses to the same VRF. A trap host can be associated with
a specific VRF. The configured VRF is then used for sending out traps; otherwise, the default routing table
is used. You can also associate a remote user with a specific VRF. You can also configure the VRFs from
which SNMP accepts requests. Any requests coming from VRFs that are not specified are dropped.
IP access lists can be configured and associated with SNMP community strings. This feature enables you to
configure an association between VRF instances with SNMP community strings. When a VRF instance is
associated with an SNMP community string, SNMP processes the requests coming in for a particular community
string only if the requests are received from the configured VRF. If the community string in the incoming
packet does not have a VRF associated with it, the community string must come through a non-VRF interface.
You can also enable or disable authentication traps for SNMP packets dropped due to VRF mismatches. By
default if SNMP authentication traps are enabled, VRF authentication traps are also enabled.

VPN Route Distinguishers

A route distinguisher (RD) creates routing and forwarding tables and specifies the default route distinguisher
for a VPN. The RD is added to the beginning of your IPv4 prefixes to change them into globally unique
VPN-IPv4 prefixes.
The RD is an autonomous system number (ASN)-relative RD, in which case it comprises an autonomous
system number and an arbitrary number. Or, the RD is an IP-address-relative RD, in which case it comprises
an IP address and an arbitrary number.
You can enter an RD in either of these formats:
• 16-bit ASN: your 16-bit number: For example, 101:3.
• 32-bit IP address: your 32-bit number: For example, 192.168.122.15:1.

SNMP Configuration Guide

77
 SNMP Support over VPNs—Context-Based Access Control
SNMP Contexts

SNMP Contexts
SNMP contexts provide VPN users with a secure way of accessing MIB data. When a VPN is associated with
a context, that VPN’s specific MIB data exists in that context. Associating a VPN with a context enables
service providers to manage networks with multiple VPNs. Creating and associating a context with a VPN
makes it unique. The context enables a provider to prevent the users of one VPN from accessing information
about other VPN users on the same networking device.
VPN-aware SNMP requires an agreement between SNMP manager and agent entities operating in a VPN
environment. The agreement ensures mapping between the SNMP security name and the VPN ID. This
mapping is created by using multiple contexts for the SNMP data of different VPNs through the configuration
of the SNMP-VACM-MIB. The SNMP-VACM-MIB is configured with views. This configuration allows
VPN users with a security name access to the restricted object space. The configuration is associated with
your access type in the context that is associated with the user of that VPN.
SNMP request messages undergo three phases of security and access control. Once the access is validated, a
response message is sent back with the object values in the context of a VPN:
• In the first phase, the username is authenticated. This phase ensures that the user is authenticated and
authorized for SNMP access.
• In the second phase, the user is authorized for the SNMP access that is requested to the group objects
under consideration of the configured SNMP context. This phase is called the access control phase.
• In the third phase, access is made to an instance of a table entry. With this third phase, complete retrieval
can be based on the SNMP context name.

How to Configure SNMP Support over VPNs—Context-Based

Access Control
Configuring an SNMP Context and Associating the SNMP Context with a VPN
Perform this task to configure an SNMP context and to associate the SNMP context with a VPN.

Note • Only the following MIBs are context-aware. All the tables in these MIBs can be polled:
• CISCO-IPSEC-FLOW-MONITOR-MIB
• CISCO-IPSEC-MIB
• CISCO-PING-MIB
• IP-FORWARD-MIB
• MPLS-LDP-MIB
• Only two SNMP variables in the IP-FORWARD-MIB can be polled: 1.3.6.1.2.1.4.24.3
(ipCidrRouteNumber - Scalar) and 1.3.6.1.2.1.4.24.4.1 (ipCidrRouteEntry - Table).

SNMP Configuration Guide

78
 SNMP Support over VPNs—Context-Based Access Control
Configuring an SNMP Context and Associating the SNMP Context with a VPN

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server context context-name
4. ip vrf vrf-name
5. rd route-distinguisher
6. context context-name
7. route-target {import | export | both} route-target-ext-community
8. end
9. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server context context-name Creates and names an SNMP context.

Example:

Device(config)# snmp-server context context1

Step 4 ip vrf vrf-name Configures a VRF routing table and enters VRF
configuration mode.
Example:

Device(config)# ip vrf vrf1

Step 5 rd route-distinguisher Creates a VPN route distinguisher.

Example:

Device(config-vrf)# rd 100:120

Step 6 context context-name Associates an SNMP context with a particular VRF.

Example: Note Depending on your release, the context
command is replaced by the snmp context
Device(config-vrf)# context context1 command. See the Cisco IOS Network
Management Command Reference for more
information.

SNMP Configuration Guide

79
 SNMP Support over VPNs—Context-Based Access Control
Configuring SNMP Support and Associating an SNMP Context

Command or Action Purpose

Step 7 route-target {import | export | both} (Optional) Creates a route-target extended community for
route-target-ext-community a VRF.
Example:

Device(config-vrf)# route-target export 100:1000

Step 8 end Exits interface mode and enters global configuration mode.
Example:
Device(config-vrf)# end

Step 9 end Exits global configuration mode.

Example:
Device(config)# end

Configuring SNMP Support and Associating an SNMP Context

Perform this task to configure SNMP support and associate it with an SNMP context.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server user username group-name [remote host [udp-port port] [vrf vrf-name]] {v1 | v2c |
v3 [encrypted] [auth {md5 | sha} auth-password]} [access [ipv6 nacl] [priv {des | 3des | aes {128 |
192 | 256}} privpassword] {acl-number | acl-name}]
4. snmp-server group group-name {v1 | v2c | v3 {auth | noauth | priv}} [context context-name] [read
read-view] [write write-view] [notify notify-view] [access [ipv6 named-access-list] [acl-number|
acl-name]]
5. snmp-server view view-name oid-tree {included | excluded}
6. snmp-server enable traps [notification-type] [vrrp]
7. snmp-server community string [view view-name] [ro | rw] [ipv6 nacl] [access-list-number |
extended-access-list-number | access-list-name]
8. snmp-server host {hostname | ip-address} [vrf vrf-name] [traps | informs] [version {1 | 2c | 3 [auth
| noauth | priv]}] community-string [udp-port port] [notification-type]
9. snmp mib community-map community-name [context context-name] [engineid engine-id]
[security-name security-name][target-list upn-list-name]
10. snmp mib target list vpn-list-name {vrf vrf-name | host ip-address}
11. no snmp-server trap authentication vrf

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

SNMP Configuration Guide

80
 SNMP Support over VPNs—Context-Based Access Control
Configuring SNMP Support and Associating an SNMP Context

Command or Action Purpose

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server user username group-name [remote host Configures a new user to an SNMP group.
[udp-port port] [vrf vrf-name]] {v1 | v2c | v3 [encrypted]
[auth {md5 | sha} auth-password]} [access [ipv6 nacl]
[priv {des | 3des | aes {128 | 192 | 256}} privpassword]
{acl-number | acl-name}]
Example:

Device(config)# snmp-server user customer1 group1

v1

Step 4 snmp-server group group-name {v1 | v2c | v3 {auth | Configures a new SNMP group or a table that maps SNMP
noauth | priv}} [context context-name] [read read-view] users to SNMP views.
[write write-view] [notify notify-view] [access [ipv6
• Use the context context-name keyword argument pair
named-access-list] [acl-number| acl-name]]
to associate the specified SNMP group with a
Example: configured SNMP context.

Device(config)# snmp-server group group1 v1

context context1 read view1 write view1 notify
view1

Step 5 snmp-server view view-name oid-tree {included | Creates or updates a view entry.
excluded}
Example:

Device(config)# snmp-server view view1 ipForward

included

Step 6 snmp-server enable traps [notification-type] [vrrp] Enables all SNMP notifications (traps or informs) available
on your system.
Example:

Device(config)# snmp-server enable traps

Step 7 snmp-server community string [view view-name] [ro Sets up the community access string to permit access to
| rw] [ipv6 nacl] [access-list-number | the SNMP.
extended-access-list-number | access-list-name]
Example:

Device(config)# snmp-server community public view

view1 rw

Step 8 snmp-server host {hostname | ip-address} [vrf vrf-name] Specifies the recipient of an SNMP notification operation.
[traps | informs] [version {1 | 2c | 3 [auth | noauth |

SNMP Configuration Guide

81
 SNMP Support over VPNs—Context-Based Access Control
Configuration Examples for SNMP Support over VPNs—Context-Based Access Control

Command or Action Purpose

priv]}] community-string [udp-port port]
[notification-type]
Example:

Device(config)# snmp-server host 10.0.0.1 vrf vrf1

public udp-port 7002

Step 9 snmp mib community-map community-name [context Associates an SNMP community with an SNMP context,
context-name] [engineid engine-id] [security-name Engine ID, or security name.
security-name][target-list upn-list-name]
Example:

Device(config)# snmp mib community-map community1

context context1 target-list commAVpn

Step 10 snmp mib target list vpn-list-name {vrf vrf-name | host Creates a list of target VRFs and hosts to associate with
ip-address} an SNMP community.
Example:

Device(config)# snmp mib target list commAVpn vrf

vrf1

Step 11 no snmp-server trap authentication vrf (Optional) Disables all SNMP authentication notifications
(traps and informs) generated for packets that received on
Example:
VRF interfaces.
Device(config)# no snmp-server trap authentication • Use this command to disable authentication traps only
vrf for those packets on VRF interfaces with incorrect
community associations.

Configuration Examples for SNMP Support over

VPNs—Context-Based Access Control
Example: Configuring Context-Based Access Control
The following configuration example shows how to configure the SNMP Support over VPNs—Context-Based
Access Control feature for SNMPv1 or SNMPv2:

Note Depending on your releases, the context command is replaced by the snmp context command. See the Cisco
IOS Network Management Command Reference for more information.

snmp-server context A
snmp-server context B

SNMP Configuration Guide

82
 SNMP Support over VPNs—Context-Based Access Control
Additional References

ip vrf Customer_A
rd 100:110
context A
route-target export 100:1000
route-target import 100:1000
!
ip vrf Customer_B
rd 100:120
context B
route-target export 100:2000
route-target import 100:2000
!
interface Ethernet3/1
description Belongs to VPN A
ip vrf forwarding CustomerA
ip address 192.168.2.1 255.255.255.0

interface Ethernet3/2
description Belongs to VPN B
ip vrf forwarding CustomerB
ip address 192.168.2.2 255.255.255.0
snmp-server user commA grp1A v1
snmp-server user commA grp2A v2c
snmp-server user commB grp1B v1
snmp-server user commB grp2B v2c
snmp-server group grp1A v1 context A read viewA write viewA notify viewA
snmp-server group grp1B v1 context B read viewB write viewB notify viewB
snmp-server view viewA ipForward included
snmp-server view viewA ciscoPingMIB included
snmp-server view viewB ipForward included
snmp-server view viewB ciscoPingMIB included
snmp-server enable traps
snmp-server host 192.168.2.3 vrf CustomerA commA udp-port 7002
snmp-server host 192.168.2.4 vrf CustomerB commB udp-port 7002
snmp mib community-map commA context A target-list commAvpn
! Configures source address validation
snmp mib community-map commB context B target-list commBvpn
! Configures source address validation
snmp mib target list commAvpn vrf CustomerA
! Configures a list of VRFs or from which community commA is valid
snmp mib target list commBvpn vrf CustomerB
! Configures a list of VRFs or from which community commB is valid

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

Cisco IOS SNMP Support Command Reference Cisco IOS SNMP Support Command Reference

Standards and RFCs

Standard/RFC Title
CBC-DES (DES-56) standard Symmetric Encryption Protocol

SNMP Configuration Guide

83
 SNMP Support over VPNs—Context-Based Access Control
Additional References

Standard/RFC Title
Standard 58 Structure of Management Information Version 2 (SMIv2) >

RFC 1067 A Simple Network Management Protocol

RFC 1091 Telnet terminal-type option

RFC 1098 Simple Network Management Protocol (SNMP)

RFC 1157 Simple Network Management Protocol (SNMP)

RFC 1213 Management Information Base for Network Management of TCP/IP-based

internets:MIB-II

RFC 1215 Convention for defining traps for use with the SNMP

RFC 1901 Introduction to Community-based SNMPv2

RFC 1905 Common Management Information Services and Protocol over TCP/IP
(CMOT)

RFC 1906 Telnet X Display Location Option

RFC 1908 Simple Network Management Protocol (SNMP)

RFC 2104 HMAC: Keyed-Hashing for Message Authentication

RFC 2206 RSVP Management Information Base using SMIv2

RFC 2213 Integrated Services Management Information Base using SMIv2

RFC 2214 Integrated Services Management Information Base Guaranteed Service

Extensions using SMIv2

RFC 2233 The Interface Group MIB using SMIv2

RFC 2271 An Architecture for Describing SNMP Management Frameworks

RFC 2570 Introduction to Version 3 of the Internet-standard Network Management

Framework

RFC 2578 Structure of Management Information Version 2 (SMIv2)

RFC 2579 Textual Conventions for SMIv2

RFC 2580 Conformance Statements for SMIv2

RFC 2981 Event MIB

RFC 3413 SNMPv3 Applications

RFC 3415 View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)

SNMP Configuration Guide

84
 SNMP Support over VPNs—Context-Based Access Control
Feature Information for SNMP Support over VPNs—Context-Based Access Control

MIBs

MIB MIBs Link

• Cisco SNMPv2 To locate and download MIBs for selected

• Ethernet-like Interfaces MIB platforms, Cisco IOS XE software releases, and
• Event MIB feature sets, use Cisco MIB Locator found at the
• Expression MIB Support for Delta, Wildcarding, and following URL:
Aggregation http://www.cisco.com/go/mibs
• Interfaces Group MIB (IF-MIB)
• Interfaces Group MIB Enhancements
• MIB Enhancements for Universal Gateways and
Access Servers

Technical Assistance

Description Link

The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html

resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and
Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for SNMP Support over

VPNs—Context-Based Access Control
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

SNMP Configuration Guide

85
 SNMP Support over VPNs—Context-Based Access Control
Feature Information for SNMP Support over VPNs—Context-Based Access Control

Table 3: Feature Information for SNMP Support over VPNs—Context-Based Access Control

Feature Name Releases Feature Information

SNMP Support over The SNMP Support over VPNs—Context-Based Access Control
VPNs—Context-Based Access feature provides the infrastructure for multiple SNMP context
Control support in Cisco software and VPN-aware MIB infrastructure
using the multiple SNMP context support infrastructure.

SNMP Configuration Guide

86
 CHAPTER 4
AES and 3-DES Encryption Support for SNMP
Version 3
The AES and 3-DES Encryption Support for SNMP Version 3 feature enhances the encryption capabilities
of Simple Network Management Protocol (SNMP) Version 3.
The AES and 3-DES Encryption Support for SNMP Version 3 feature adds Advanced Encryption Standard
(AES) 128-bit encryption in compliance with RFC 3826.
• Finding Feature Information, on page 87
• Prerequisites for AES and 3-DES Encryption Support for SNMP Version 3, on page 87
• Information About AES and 3-DES Encryption Support for SNMP Version 3, on page 88
• How to Configure AES and 3-DES Encryption Support for SNMP Version 3, on page 89
• Additional References , on page 91
• Feature Information for AES and 3-DES Encryption Support for SNMP Version 3, on page 92

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Prerequisites for AES and 3-DES Encryption Support for SNMP

Version 3
• The network management station (NMS) must support Simple Network Management Protocol (SNMP)
Version 3 to be able to use this feature.
• This feature is available only in Cisco software images that support encryption algorithms.
• It is important to understand the SNMP architecture and the terminology of the architecture to understand
the security model used and how the security model interacts with the other subsystems in the architecture.

SNMP Configuration Guide

87
 AES and 3-DES Encryption Support for SNMP Version 3
Information About AES and 3-DES Encryption Support for SNMP Version 3

Information About AES and 3-DES Encryption Support for SNMP

Version 3
Cipher Block Chaining/Data Encryption Standard (CBC-DES) is the privacy protocol for the AES and 3-DES
Encryption Support for SNMP Version 3 feature. Prior to the introduction of this feature, only DES was
supported (as per RFC 3414). This feature adds support for AES-128 (as per RFC 3826) and AES-192, and
AES-256 and 3-DES (as per CISCO-SNMP-USM-OIDS-MIB). RFC 3826 extensions have been included in
the SNMP-USM-AES-MIB. In addition, Cisco-specific extensions to support Triple-Data Encryption Algorithm
(3-DES) and AES 192-bit and 256-bit encryption have been added to the CISCO-SNMP-USM-MIB. Additional
information can be found in the Internet-Draft titled Extension to the User-Based Security Model (USM) to
Support Triple-DES EDE in "Outside" CBC Mode .
The encryption key sizes are:
• AES encryption uses the Cipher Feedback (CFB) mode with encryption key sizes of 128, 192, or 256
bits.
• 3-DES encryption uses the 168-bit key size for encryption.

The AES Cipher Algorithm in the Simple Network Management Protocol (SNMP) User-based Security Model
(USM) draft describes the use of AES with 128-bit key size. However, the other options are also implemented
with the extension to use the USM. There is no standard for generating localized keys for 192- or 256-bit size
keys for AES or for 168-bit size key for 3-DES. There is no authentication protocol available for longer keys.
Support for SNMP Version 3 USM is compliant with RFC 3414, which defines DES as the only required
method of message encryption for SNMP Version 3 authPriv mode.
The AES and 3-DES Encryption Support for SNMP Version 3 feature supports the selection of privacy
protocols through the CLI and the MIB. A new standard MIB, SNMP-USM-AES-MIB, provides support for
the 128-bit key in the Advanced Encryption Standard (AES). The extended options of AES with 192- or
256-bit keys and 3-DES are supported as extensions to the SNMP-USM-MIB in the Cisco-specific
MIB—CISCO-SNMP-USM-EXT-MIB.

AES and 3-DES Encryption Support Overview

Each Simple Network Management Protocol (SNMP) entity includes a single SNMP engine. An SNMP engine
implements functions for sending and receiving messages, authenticating and encrypting/decrypting messages,
and controlling access to managed objects. These functions are provided as services to one or more applications
that are configured with the SNMP engine to form an SNMP entity. The RFC 3411 describes the SNMP
engine as composed of the following components:
• Dispatcher
• Message Processing Subsystem
• Security Subsystem
• Access Control Subsystem

Cipher Block Chaining/Data Encryption Standard (CBC-DES) is the privacy protocol for the AES and 3-DES
Encryption Support for SNMP Version 3 feature. Prior to the introduction of this feature, only DES was
supported (as per RFC 3414). This feature adds support for AES-128 (as per RFC 3826) and AES-192,

SNMP Configuration Guide

88
 AES and 3-DES Encryption Support for SNMP Version 3
Encryption Key Support

AES-256 and 3-DES (as per CISCO-SNMP-USM-OIDS-MIB). RFC 3826 extensions have been included in
the SNMP-USM-AES-MIB. In addition, Cisco-specific extensions to support Triple-Data Encryption Algorithm
(3-DES) and AES 192-bit and 256-bit encryption have been added to the CISCO-SNMP-USM-MIB. Additional
information can be found in the Internet-Draft titled Extension to the User-Based Security Model (USM) to
Support Triple-DES EDE in "Outside" CBC Mode .
The encryption key sizes are:
• AES encryption uses the Cipher Feedback (CFB) mode with encryption key sizes of 128, 192, or 256
bits.
• 3-DES encryption uses the 168-bit key size for encryption.

The AES Cipher Algorithm in the Simple Network Management Protocol (SNMP) User-based Security Model
(USM) draft describes the use of AES with 128-bit key size. However, the other options are also implemented
with the extension to use the USM. There is no standard for generating localized keys for 192- or 256-bit size
keys for AES or for 168-bit size key for 3-DES. There is no authentication protocol available for longer keys.
Support for SNMP Version 3 USM is compliant with RFC 3414, which defines DES as the only required
method of message encryption for SNMP Version 3 authPriv mode.
The AES and 3-DES Encryption Support for SNMP Version 3 feature supports the selection of privacy
protocols through the CLI and the MIB. A new standard MIB, SNMP-USM-AES-MIB, provides support for
the 128-bit key in the Advanced Encryption Standard (AES). The extended options of AES with 192- or
256-bit keys and 3-DES are supported as extensions to the SNMP-USM-MIB in the Cisco-specific
MIB—CISCO-SNMP-USM-EXT-MIB.

Encryption Key Support

MIB Support

How to Configure AES and 3-DES Encryption Support for SNMP

Version 3
Adding a New User to an SNMP Group
SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server user username group-name [remote host [udp-port port]] {v1 | v2c | v3 [encrypted]
[auth {md5 | sha} auth-password]} [priv {des | 3des | aes {128 | 192 |256}} privpassword] [access [ipv6
nacl] {acl-number | acl-name}]
4. exit

SNMP Configuration Guide

89
 AES and 3-DES Encryption Support for SNMP Version 3
Verifying the SNMP User Configuration

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enters privileged EXEC mode.
Example: • Enter your password when prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server user username group-name [remote host
[udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 |
sha} auth-password]} [priv {des | 3des | aes {128 | 192
|256}} privpassword] [access [ipv6 nacl] {acl-number |
acl-name}]
Example:
Adds an SNMP user, specifies a group to which the user
belongs, specifies the authorization algorithm to be used
(MD5 or SHA), specifies the privacy algorithm to be used
(DES, 3-DES, AES, AES-192, or AES-256), and specifies
the password to be associated with this privacy protocol.

Device(config)# snmp-server user new-user new-group

v3 auth md5 secureone priv aes 128 privatetwo
access 2

Step 4 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# exit

Verifying the SNMP User Configuration

To display information about the configured characteristics of Simple Network Management Protocol (SNMP)
users, use the show snmp user command in privileged EXEC mode.

Note The show snmp user command displays all the users configured on the device. However, unlike other SNMP
configurations, the snmp-server user command will not appear on the “show running” output.

SUMMARY STEPS
1. enable
2. show snmp user [username]

DETAILED STEPS

Step 1 enable
Example:

SNMP Configuration Guide

90
 AES and 3-DES Encryption Support for SNMP Version 3
Additional References

Device> enable

Enters privileged EXEC mode. Enter your password when prompted.

Step 2 show snmp user [username]

Example:

Device# show snmp user abcd

User name: abcd

Engine ID: 00000009020000000C025808
storage-type: nonvolatile active access-list: 10
Rowstatus: active
Authentication Protocol: MD5
Privacy protocol: 3DES
Group name: VacmGroupName
Group name: VacmGroupName

The above example specifies the username as abcd, the engine ID string as 00000009020000000C025808, and the storage
type as nonvolatile:

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands

commands

Standards

Standard Title

MIBs

MIB MIBs Link

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco
MIB Locator found at the following URL:
http://www.cisco.com/go/mibs

RFCs

RFC Title

SNMP Configuration Guide

91
 AES and 3-DES Encryption Support for SNMP Version 3
Feature Information for AES and 3-DES Encryption Support for SNMP Version 3

Technical Assistance

Description Link

The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html

online resources to download documentation, software,
and tools. Use these resources to install and configure
the software and to troubleshoot and resolve technical
issues with Cisco products and technologies. Access to
most tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and password.

Feature Information for AES and 3-DES Encryption Support for

SNMP Version 3
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 4: Feature Information for AES and 3-DES Encryption Support for SNMP Version 3

Feature Name Releases Feature Information

AES and 3-DES The AES and 3-DES Encryption Support for SNMP Version 3 feature
Encryption Support for enhances the encryption capabilities of Simple Network Management
SNMP Version 3 Protocol (SNMP) Version 3. Data Encryption Standard (DES) support
was introduced in Cisco IOS Release 12.0 and expanded in Cisco IOS
Release 12.1. Support for SNMP 3 User-Based Security Model (USM)
is compliant with RFC 3414, which defines DES as the only required
method of message encryption for SNMP Version 3 authPriv mode.

SNMP Configuration Guide

92
 CHAPTER 5
SNMP Support for VLAN Subinterfaces
This feature module describes the SNMP Support for VLAN Subinterfaces feature. It includes information
on the benefits of the new feature, supported platforms, supported standards, and the commands necessary to
configure the SNMP Support for VLAN Subinterfaces feature.
The SNMP Support for VLAN Subinterfaces feature provides mib-2 interfaces sparse table support for Fast
Ethernet subinterfaces. This enhancement is similar to the functionality supported in Frame Relay subinterfaces.
• Finding Feature Information, on page 93
• Information About SNMP Support for VLAN Subinterfaces, on page 93
• How to SNMP Support for VLAN Subinterfaces, on page 94
• Configuration Examples for SNMP Support for VLAN Subinterfaces, on page 95
• Additional References, on page 96
• Feature Information for SNMP Support for VLAN Subinterfaces, on page 97

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Information About SNMP Support for VLAN Subinterfaces

Benefits
Sparse table support for the interfaces table on Fast Ethernet subinterfaces provides customers accustomed
to Frame Relay subinterfaces the same functionality.

Supported Platforms
• Cisco 2600 series

SNMP Configuration Guide

93
 SNMP Support for VLAN Subinterfaces
How to SNMP Support for VLAN Subinterfaces

• Cisco 3600 series

• Cisco 4000-m series
• Cisco 7200 series
• Cisco 7500 series

How to SNMP Support for VLAN Subinterfaces

Enabling the SNMP Agent on VLAN Subinterfaces
Perform the following task to enable the SNMP agent on VLAN subinterfaces.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp community string
4. interface type slot/port
5. encapsulation isl vlan-identifier
6. ip address ip-address mask
7. end
8. show vlans

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Router> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Router# configure terminal

Step 3 snmp community string Enables the SNMP agent for remote access.
Example:

Router(config)# snmp community public

Step 4 interface type slot/port Selects a particular Fast Ethernet interface for configuration.
Example:

Router(config)# interface FastEthernet 0/1.1

SNMP Configuration Guide

94
 SNMP Support for VLAN Subinterfaces
Configuration Examples for SNMP Support for VLAN Subinterfaces

Command or Action Purpose

Step 5 encapsulation isl vlan-identifier Enables the Inter-Switch Link.
Example:

Router(config-if)# encapsulation isl 10

Step 6 ip address ip-address mask Sets a primary or secondary IP address for an interface.
Example:

Router(config)# ip address 192.168.10.1

255.255.255.0

Step 7 end Returns to privileged EXEC mode.

Example:

Router(config-if)# end

Step 8 show vlans Displays VLAN subinterfaces.

Example:

Router# show vlans

Configuration Examples for SNMP Support for VLAN

Subinterfaces
Example Enabling the SNMP Agent for VLAN Subinterfaces
The following configuration example shows you how to enable the SNMP agent on the router with VLAN
subinterfaces to monitor the SNMP application remotely:

snmp community public

!
interface FastEthernet4/0.100
encapsulation isl 100
ip address 192.168.10.21 255.255.255.0
!
interface FastEthernet4/0.200
encapsulation isl 200
ip address 172.21.200.11 255.255.255.0
!
interface FastEthernet4/1.1
encapsulation isl 10
ip address 171.69.2.111 255.255.255.0

SNMP Configuration Guide

95
 SNMP Support for VLAN Subinterfaces
Additional References

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

SNMP commands Cisco IOS Network Management Command Reference

Standards

Standard Title

None --

MIBs

MIB MIBs Link

•enN
o To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use
Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs

RFCs

RFC Title

RFC 1573 Evolution of the Interfaces Group of MIB-II

Technical Assistance

Description Link

The Cisco Support and Documentation website provides http://www.cisco.com/cisco/web/support/index.html

online resources to download documentation, software,
and tools. Use these resources to install and configure
the software and to troubleshoot and resolve technical
issues with Cisco products and technologies. Access to
most tools on the Cisco Support and Documentation
website requires a Cisco.com user ID and password.

SNMP Configuration Guide

96
 SNMP Support for VLAN Subinterfaces
Feature Information for SNMP Support for VLAN Subinterfaces

Feature Information for SNMP Support for VLAN Subinterfaces

The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 5: Feature Information for SNMP Support for VLAN Subinterfaces

Feature Name Releases Feature Information

SNMP Support for VLAN 12.2 The SNMP Support for VLAN Subinterfaces feature provides
Subinterfaces mib-2 interfaces sparse table support for Fast Ethernet
subinterfaces. This enhancement is similar to the functionality
supported in Frame Relay subinterfaces.

SNMP Configuration Guide

97
 SNMP Support for VLAN Subinterfaces
Feature Information for SNMP Support for VLAN Subinterfaces

SNMP Configuration Guide

98
 CHAPTER 6
Memory Pool—SNMP Notification Support
This feature adds Cisco command line interface commands to enable Simple Network Management Protocol
(SNMP) notifications for the Cisco Enhanced Memory Pool MIB (CISCO-ENHANCED-MEMPOOL-MIB).
• Finding Feature Information, on page 99
• Prerequisites for Memory Pool—SNMP Notification Support, on page 99
• Restrictions for Memory Pool—SNMP Notification Support, on page 100
• Information About Memory Pool—SNMP Notification Support, on page 100
• How to Enable Memory Pool—SNMP Notification Support, on page 100
• Configuration Examples for Memory Pool—SNMP Notification Support, on page 101
• Additional References, on page 101
• Feature Information for Memory Pool—SNMP Notification Support, on page 103

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Prerequisites for Memory Pool—SNMP Notification Support

Before you can compile CISCO-ENHANCED-MEMPOOL-MIB, you need to compile the following MIBs
in the order listed:
1. SNMPv2-SM (SNMP configuration MIB)
2. SNMPv2-TC (SNMP configuration MIB)
3. SNMPv2-CONF (SNMP configuration MIB)
4. SNMP-FRAMEWORK-MIB (SNMP configuration MIB)
5. CISCO-SMI (SNMP configuration MIB)

SNMP Configuration Guide

99
 Memory Pool—SNMP Notification Support
Restrictions for Memory Pool—SNMP Notification Support

6. ENTITY-MIB (core MIB)

7. CISCO-ENHANCED-MEMPOOL-MIB (infrastructure MIB)

All MIBs used on Cisco devices are available at http://www.cisco.com/go/mibs.

Restrictions for Memory Pool—SNMP Notification Support

Access to the MIB is restricted to a read-only level.

Information About Memory Pool—SNMP Notification Support

The CISCO-ENHANCED-MEMPOOL-MIB module describes SNMP objects that enable users to remotely
monitor the memory pool statistics of all physical entities, such as line cards and route processors, in a managed
device. This is particularly useful for high-end devices that may have a large number of line cards. Lately,
the MIB has been enhanced to provide buffer pool and buffer cache statistics.
In addition to the statistics provided by the MIB, SNMP notifications (traps or informs) can be configured to
be sent when the maximum number of memory buffers changes (in other words, when a new buffer peak is
reached).

How to Enable Memory Pool—SNMP Notification Support

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server enable traps memory [bufferpeak]
4. snmp-server host {hostname | ip-address} [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}]
community-string [udp-port port] [notification-type] [vrf vrf-name]
5. exit

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

SNMP Configuration Guide

100
 Memory Pool—SNMP Notification Support
Configuration Examples for Memory Pool—SNMP Notification Support

Command or Action Purpose

Step 3 snmp-server enable traps memory [bufferpeak] Enables only buffer peak notifications (traps or informs) in
the CISCO-ENHANCED-MEMPOOL-MIB.
Example:

Device(config)# snmp-server enable traps memory

bufferpeak

Step 4 snmp-server host {hostname | ip-address} [traps | Enables buffer peak notifications to be sent to the specified
informs] [version {1 | 2c | 3 [auth | noauth | priv]}] host.
community-string [udp-port port] [notification-type] [vrf
vrf-name]
Example:

Device(config)# snmp-server host

NMS-host1.example.com community1 memory

Step 5 exit Exits global configuration mode and returns to privileged

EXEC mode.
Example:
Device(config)# exit

Configuration Examples for Memory Pool—SNMP Notification

Support
Enabling Memory Pool—SNMP Notification Support Example
In the following example, all available memory-related SNMP notifications are enabled and configured to be
sent as informs to the host myhost.cisco.com using the community string public:

Device(config)# snmp-server enable traps memory bufferpeak

Device(config)# snmp-server host myhost.cisco.com informs version 3 public memory

Note that as of this release, only the buffer peak memory notification type is available. Additional memory
notification type keywords may be added in future releases.

Additional References
Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Commands List, All Releases

Cisco IOS SNMP Support Command Reference Cisco IOS SNMP Support Command Reference

SNMP Configuration Guide

101
 Memory Pool—SNMP Notification Support
Additional References

Standards and RFCs

Standard/RFC Title
CBC-DES (DES-56) standard Symmetric Encryption Protocol

Standard 58 Structure of Management Information Version 2 (SMIv2) >

RFC 1067 A Simple Network Management Protocol

RFC 1091 Telnet terminal-type option

RFC 1098 Simple Network Management Protocol (SNMP)

RFC 1157 Simple Network Management Protocol (SNMP)

RFC 1213 Management Information Base for Network Management of TCP/IP-based

internets:MIB-II

RFC 1215 Convention for defining traps for use with the SNMP

RFC 1901 Introduction to Community-based SNMPv2

RFC 1905 Common Management Information Services and Protocol over TCP/IP
(CMOT)

RFC 1906 Telnet X Display Location Option

RFC 1908 Simple Network Management Protocol (SNMP)

RFC 2104 HMAC: Keyed-Hashing for Message Authentication

RFC 2206 RSVP Management Information Base using SMIv2

RFC 2213 Integrated Services Management Information Base using SMIv2

RFC 2214 Integrated Services Management Information Base Guaranteed Service

Extensions using SMIv2

RFC 2233 The Interface Group MIB using SMIv2

RFC 2271 An Architecture for Describing SNMP Management Frameworks

RFC 2570 Introduction to Version 3 of the Internet-standard Network Management

Framework

RFC 2578 Structure of Management Information Version 2 (SMIv2)

RFC 2579 Textual Conventions for SMIv2

RFC 2580 Conformance Statements for SMIv2

RFC 2981 Event MIB

RFC 3413 SNMPv3 Applications

SNMP Configuration Guide

102
 Memory Pool—SNMP Notification Support
Feature Information for Memory Pool—SNMP Notification Support

Standard/RFC Title
RFC 3415 View-based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)

MIBs

MIB MIBs Link

• Cisco SNMPv2 To locate and download MIBs for selected

• Ethernet-like Interfaces MIB platforms, Cisco IOS XE software releases, and
• Event MIB feature sets, use Cisco MIB Locator found at the
• Expression MIB Support for Delta, Wildcarding, and following URL:
Aggregation http://www.cisco.com/go/mibs
• Interfaces Group MIB (IF-MIB)
• Interfaces Group MIB Enhancements
• MIB Enhancements for Universal Gateways and
Access Servers

Technical Assistance

Description Link

The Cisco Support website provides extensive online http://www.cisco.com/cisco/web/support/index.html

resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter, and
Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for Memory Pool—SNMP Notification

Support
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

SNMP Configuration Guide

103
 Memory Pool—SNMP Notification Support
Feature Information for Memory Pool—SNMP Notification Support

Table 6: Feature Information for Memory Pool—SNMP Notification Support

Feature Name Releases Feature Information

Memory Pool—SNMP 12.3(4)T 12.2(22)S This feature adds CLI commands to enable
Notification Support 12.2(33)SRA 12.2(33)SXH SNMP notifications for the Cisco Enhanced
Memory Pool MIB
(CISCO-ENHANCED-MEMPOOL-MIB).

SNMP Configuration Guide

104
 CHAPTER 7
Periodic MIB Data Collection and Transfer
Mechanism
The Periodic MIB Data Collection and Transfer Mechanism feature provides the ability to periodically transfer
selected MIB data from Cisco IOS XE-based devices to specified Network Management Stations (NMS).
Using the command-line interface (CLI), data from multiple MIBs can be grouped into lists, and a polling
interval (frequency of data collection) can be configured. All the MIB objects in a list are periodically polled
using this specified interval. The collected data from the lists can then be transferred to a specified NMS at a
user-specified transfer interval (frequency of data transfer) using TFTP, rcp, or FTP.
• Finding Feature Information, on page 105
• Prerequisites for Periodic MIB Data Collection and Transfer Mechanism, on page 105
• Restrictions for Periodic MIB Data Collection and Transfer Mechanism, on page 106
• Information About Periodic MIB Data Collection and Transfer Mechanism, on page 106
• How to Configure Periodic MIB Data Collection and Transfer Mechanism, on page 107
• Configuration Examples for Periodic MIB Data Collection and Transfer Mechanism, on page 117
• Additional References, on page 121
• Feature Information for Periodic MIB Data Collection and Transfer Mechanism, on page 122

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to https://cfnng.cisco.com/. An account on Cisco.com is not required.

Prerequisites for Periodic MIB Data Collection and Transfer

Mechanism
To use this feature, you should be familiar with the Simple Network Management Protocol (SNMP) model
of management information. You should also know what MIB information you want to monitor on your
network devices, and the OIDs or object names for the MIB objects to be monitored.

SNMP Configuration Guide

105
 Periodic MIB Data Collection and Transfer Mechanism
Restrictions for Periodic MIB Data Collection and Transfer Mechanism

Restrictions for Periodic MIB Data Collection and Transfer

Mechanism
Cisco Data Collection MIB configuration using SNMP is not currently implemented.
For specific restrictions, see the tasks in the How to Configure Periodic MIB Data Collection and Transfer
Mechanism, on page 107.

Information About Periodic MIB Data Collection and Transfer

Mechanism

Note The Periodic MIB Data Collection and Transfer Mechanism is also referred to as the Bulk Statistics feature.

SNMP Objects and Instances

A type (or class) of SNMP management information is called an object. A specific instance from a type of
management information is called an object instance (or SNMP variable). To configure a bulk statistics
collection, you must specify the object types to be monitored using a bulk statistics object list and the specific
instances of those objects to be collected using a bulk statistics schema.
MIBs, MIB tables, MIB objects, and object indices can all be specified using a series of numbers called an
object identifier (OID). OIDs are used in configuring a bulk statistics collection in both the bulk statistics
object lists (for general objects) and in the bulk statistics schemas (for specific object instances).

Bulk Statistics Object Lists

To group the MIB objects to be polled, you will need to create one or more object lists. A bulk statistics object
list is a user-specified set of MIB objects that share the same MIB index. Object lists are identified using a
name that you specify. Named bulk statistics object lists allow the same configuration to be reused in different
bulk statistics schemas.
All the objects in an object list must share the same MIB index. However, the objects do not need to be in the
same MIB and do not need to belong to the same MIB table. For example, it is possible to group ifInOctets
and an Fast Ethernet MIB object in the same schema, because the containing tables for both objects are indexed
by the ifIndex.

Bulk Statistics Schemas

Data selection for the Periodic MIB Data Collection and Transfer Mechanism requires the definition of a
schema with the following information:
• Name of an object list.
• Instance (specific or wildcarded) that needs to be retrieved for objects in above object list.

SNMP Configuration Guide

106
 Periodic MIB Data Collection and Transfer Mechanism
Bulk Statistics Transfer Options

• How often the specified instances need to be sampled (polling interval).

A bulk statistics schema is also identified using a name that you specify. This name is used when configuring
the transfer options.

Bulk Statistics Transfer Options

After configuring the data to be collected, a single virtual file (VFile or “bulk statistics file”) with all collected
data is created. This file can be transferred to a network management station (NMS) using FTP, rcp, or TFTP.
You can specify how often this file should be transferred. The default transfer interval is once every 30 minutes.
You can also configure a secondary destination for the file to be used if, for whatever reason, the file cannot
be transferred to the primary network management station.
The value of the transfer interval is also the collection period (collection interval) for the local bulk statistics
file. After the collection period ends, the bulk statistics file is frozen, and a new local bulk statistics file is
created for storing data. The frozen bulk statistics file is then transferred to the specified destination.
By default, the local bulk statistics file is deleted after successful transfer to an NMS. However, you can
configure the routing device to keep the bulk statistics file in memory for a specified amount of time.
An SNMP notification (trap) can be sent to the NMS if a transfer to the primary or secondary NMS is not
successful. Additionally, a syslog message will be logged on the local device if transfers are unsuccessful.

Benefits of the Periodic MIB Data Collection and Transfer Mechanism

The Periodic MIB Data Collection and Transfer Mechanism (Bulk Statistics feature) allows many of the same
functions as the Bulk File MIB (CISCO-BULK-FILE-MIB.my), but offers some key advantages.
The main advantage is that this feature can be configured through the CLI and does not require an external
monitoring application.
The Periodic MIB Data Collection and Transfer Mechanism is mainly targeted for medium to high-end
platforms that have sufficient local storage (volatile or permanent) to store bulk statistics files. Locally storing
bulk statistics files helps minimize loss of data during temporary network outages.
This feature also has more powerful data selection features than the Bulkfile MIB; it allows grouping of MIB
objects from different tables into data groups (object lists). It also incorporates a more flexible instance selection
mechanism, where the application is not restricted to fetching an entire MIB table.

How to Configure Periodic MIB Data Collection and Transfer

Mechanism
Configuring a Bulk Statistics Object List
The first step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one
or more object lists.

SNMP Configuration Guide

107
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Object List

Note All the objects in a bulk statistics object list have to be indexed by the same MIB index. However, the objects
in the object list do not need to belong to the same MIB or MIB table.
When specifying an object name instead of an OID (using the add command), only object names from the
Interfaces MIB (IF-MIB.my), Cisco Committed Access Rate MIB (CISCO-CAR-MIB.my) and the MPLS
Traffic Engineering MIB (MPLS-TE-MIB.my) may be used.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib bulkstat object-list list-name
4. add {oid | object-name}
5. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib bulkstat object-list list-name Defines an SNMP bulk statistics object list and enters Bulk
Statistics Object List configuration mode.
Example:

Device(config)# snmp mib bulkstat object-list ifMib

Step 4 add {oid | object-name} Adds a MIB object to the bulk statistics object list.
Example: • Repeat as desired until all objects to be monitored in
this list are added.
Device(config-bulk-objects)# add
1.3.6.1.2.1.2.2.1.11

Example:

Device(config-bulk-objects)# add ifAdminStatus

Example:

Device(config-bulk-objects)# add ifDescr

Example:

SNMP Configuration Guide

108
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Schema

Command or Action Purpose

Example:

Example:

Step 5 end Exits from Bulk Statistics Object List configuration mode
returns to privileged EXEC mode.
Example:

Device(config-bulk-objects)# end

Configuring a Bulk Statistics Schema

The next step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure one
or more schemas.

Before you begin

The bulk statistics object list to be used in the schema must be defined.

Note Only one object list can be associated with a schema at a time.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib bulkstat schema schema-name
4. object-list list-name
5. instance {exact | wild} {interface interface-id [sub-if] | controller controller-id [sub-if] | oid oid}
6. instance range start oid end oid
7. instance repetition oid - instance max repeat-number
8. poll-interval minutes
9. end

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

SNMP Configuration Guide

109
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Schema

Command or Action Purpose

Step 2 configure terminal Enters global configuration mode.
Example:

Device# configure terminal

Step 3 snmp mib bulkstat schema schema-name Names the bulk statistics schema and enters Bulk Statistics
Schema (config-bulk-sc) configuration mode.
Example:

Device(config)# snmp mib bulkstat schema intE0

Step 4 object-list list-name Specifies the bulk statistics object list to be included in this
schema. Specify only one object list per schema.
Example:
(If multiple object-listcommands are executed, the earlier
Device(config-bulk-sc)# object-list ifMib ones are overwritten by newer commands.)

Step 5 instance {exact | wild} {interface interface-id [sub-if] | Specifies the instance information for objects in this schema.
controller controller-id [sub-if] | oid oid}
• The instance exactcommand indicates that the
Example: specified instance, when appended to the object list,
is the complete OID.
Device(config-bulk-sc)# instance wild oid 1 • The instance wildcommand indicates that all
Example: subindices of the specified OID belong to this schema.
The wild keyword allows you to specify a partial,
Device(config-bulk-sc)# instance exact interface “wild carded” instance.
gigabitinterface0/0/1 sub-if • Instead of specifying an instance OID, you can specify
a specific interface. The interface interface-id syntax
allows you to specify an interface name and number
(for example, Fast Ethernet interface 0) instead of
specifying the ifIndex OID for the interface. Similarly,
the controller controller-id syntax allows you to
specify a controller card (interface). This option is
platform dependent.
• The optional sub-if keyword, when added after
specifying an interface or controller, includes the
ifIndexes for all subinterfaces of the interface you
specified.
• Only one instance command can be configured per
schema. (If multiple instance commands are executed,
the earlier ones are overwritten by new commands.)

Step 6 instance range start oid end oid (Optional) When used in conjunction with the snmp mib
bulkstat schema command, the instance range command
Example:
can be used to configure a range of instances on which to
collect data.
Device(config-bulk-sc)# instance range start 1 end
2

Step 7 instance repetition oid - instance max repeat-number (Optional) When used in conjunction with the snmp mib
bulkstat schema command, the instance repetition
Example:

SNMP Configuration Guide

110
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Transfer Options

Command or Action Purpose

command can be used to configure data collection to repeat
Device(config-bulk-sc)# instance repetition 1 max
for a certain number of instances of a MIB object.
4

Step 8 poll-interval minutes Sets how often data should be collected from the object
instances specified in this schema, in minutes. The default
Example:
is once every 5 minutes.
Device(config-bulk-sc)# poll-interval 10 The valid range is from 1 to 20000.

Step 9 end Exits from Bulk Statistics Schema configuration mode

returns to privileged EXEC mode.
Example:
Device(config-bulk-sc)# end

Configuring a Bulk Statistics Transfer Options

The final step in configuring the Periodic MIB Data Collection and Transfer Mechanism is to configure the
transfer options. The collected MIB data are kept in a local file-like entity called a VFile (virtual file, referred
to as a bulk statistics file in this document). This file can be transferred to a remote network management
station (NMS) at intervals you specify.

Before you begin

The bulk statistics object lists and bulk statistics schemas should be defined before configuring the bulk
statistics transfer options.

Note Transfers can only be performed using schemaASCII (cdcSchemaASCII) format. SchemaASCII is an ASCII
format that contains parser-friendly hints for parsing data values.

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp mib bulkstat transfer transfer-id
4. buffer-size bytes
5. format {bulkBinary | bulkASCII | schemaASCII}
6. schema schema-name
7. transfer-interval minutes
8. url primary url
9. url secondary url
10. retry number
11. retain minutes
12. enable
13. end

SNMP Configuration Guide

111
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Transfer Options

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp mib bulkstat transfer transfer-id Identifies the transfer configuration with a name
(transfer-id) and enters Bulk Statistics Transfer
Example:
configuration mode.
Device(config)# snmp mib bulkstat transfer
bulkstat1

Step 4 buffer-size bytes (Optional) Specifies the maximum size for the bulk
statistics data file, in bytes. The valid range is from 1024
Example:
to 2147483647 bytes. The default buffer size is 2048 bytes.
Device(config-bulk-tr)# buffer-size 3072 Note A configurable buffer size limit is available
only as a safety feature. Normal bulk statistics
files should not generally meet or exceed the
default value.

Step 5 format {bulkBinary | bulkASCII | schemaASCII}
Example:
Device(config-bulk-tr)# format schemaASCII
(Optional) Specifies the format of the bulk statistics data
file (VFile). The default is schemaASCII.
Note Transfers can only be performed using
schemaASCII (cdcSchemaASCII) format.
SchemaASCII is a human-readable format that
contains parser-friendly hints for parsing data
values.

Step 6 schema schema-name Specifies the bulk statistics schema to be transferred.

Repeat this command as desired. Multiple schemas can be
Example:
associated with a single transfer configuration; all collected
data will be in a single bulk data file (VFile).
Device(config-bulk-tr)# schema ATM2/0-IFMIB

Example:

Device(config-bulk-tr)# schema ATM2/0-CAR

Example:

Device(config-bulk-tr)# schema
FastEthernet2/1-IFMIB

Example:

SNMP Configuration Guide

112
 Periodic MIB Data Collection and Transfer Mechanism
Configuring a Bulk Statistics Transfer Options

Command or Action Purpose

Example:

Example:

Step 7 transfer-interval minutes (Optional) Specifies how often the bulk statistics file
should be transferred, in minutes. The default value is once
Example:
every 30 minutes. The transfer interval is the same as the
collection interval.
Device(config-bulk-tr)# transfer-interval 20

Step 8 url primary url Specifies the network management system (host) that the
bulk statistics data file should be transferred to, and the
Example:
protocol to use for transfer. The destination is specified as
a Uniform Resource Locator (URL).
Device(config-bulk-tr)# url primary
ftp://user:password@host/folder/bulkstat1 • FTP, rcp, or TFTP can be used for the bulk statistics
file transfer.

Step 9 url secondary url (Optional) Specifies a backup transfer destination and
protocol for use in the event that transfer to the primary
Example:
location fails.
Device(config-bulk-tr)# url secondary • FTP, rcp, or TFTP can be used for the bulk statistics
tftp://10.1.0.1/tftpboot/user/bulkstat1 file transfer.

Step 10 retry number (Optional) Specifies the number of transmission retries.

The default value is 0 (in other words, no retries).
Example:
• If an attempt to send the bulk statistics file fails, the
Device(config-bulk-tr)# retry 1 system can be configured to attempt to send the file
again using this command. One retry includes an
attempt first to the primary destination then, if the
transmission fails, to the secondary location; for
example, if the retry value is 1, an attempt will be
made first to the primary URL, then to the secondary
URL, then to the primary URL again, then to the
secondary URL again.
• The valid range is from 0 to 100.

Step 11 retain minutes (Optional) Specifies how long the bulk statistics file should
be kept in system memory, in minutes, after the completion
Example:
of the collection interval and a transmission attempt is
made. The default value is 0.
Device(config-bulk-tr)# retain 60
• Zero (0) indicates that the file will be deleted
immediately after a successful transfer.

SNMP Configuration Guide

113
 Periodic MIB Data Collection and Transfer Mechanism
Troubleshooting Tips

Command or Action Purpose

Note If the retry command is used, you should
configure a retain interval larger than 0. The
interval between retries is the retain interval
divided by the retry number. For example, if
retain 10 and retry 2 are configured, retries
will be attempted once every 5 minutes.
Therefore, if retain 0 is configured, no retries
will be attempted.
• The valid range is from 0 to 20000.

Step 12 enable Begins the bulk statistics data collection and transfer
process for this configuration.
Example:
• For successful execution of this action, at least one
Device(config-bulk-tr)# enable schema with non-zero number of objects should be
configured.
• Periodic collection and file transfer operations will
commence only if this command is configured.
Conversely, the no enable command will stop the
collection process. A subsequent enable will start the
operations again.
• Each time the collection process is started using the
enable command, data is collected into a new bulk
statistics file. When the no enable command is used,
the transfer process for any collected data will
immediately begin (in other words, the existing bulk
statistics file will be transferred to the specified
management station).

Step 13 end Exits from Bulk Statistics Transfer configuration mode

returns to privileged EXEC mode.
Example:

Device(config-bulk-tr)# end

Troubleshooting Tips
An alternative to using the ifAlias value for the identification of interfaces across reboots is to use the cciDescr
object in the Cisco Circuit Interface MIB (CISCO-CIRCUIT-INTERFACE-MIB.my). This MIB object can
be used only for circuit-based interfaces such as ATM or Frame Relay interfaces. Cisco IOS feature FTS-731
introduced the Circuit Interface Identification Persistence for the Simple Network Management Protocol
(SNMP), which maintains the user-defined name of the circuit (defined in the cciDescr object) across reboots
and allows consistent identification of circuit-based interfaces.

Enabling Monitoring for Bulk Statistics Collection

Optionally, you can enable SNMP notifications to be sent, which provide information on the transfer status
of the Periodic MIB Data Collection and Transfer Mechanism (Bulk Statistics feature).

SNMP Configuration Guide

114
 Periodic MIB Data Collection and Transfer Mechanism
Enabling Monitoring for Bulk Statistics Collection

SUMMARY STEPS
1. enable
2. configure terminal
3. snmp-server community string [view view-name] [ro | rw] [acl-number]
4. snmp-server enable traps bulkstat [collection | transfer]
5. snmp-server host host-address [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}]
community-string [udp-port port] [bulkstat]
6. exit
7. copy running-config startup-config

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 configure terminal Enters global configuration mode.

Example:

Device# configure terminal

Step 3 snmp-server community string [view view-name] [ro | Specifies the SNMP community and access options for the
rw] [acl-number] device.
Example:

Device(config)# snmp-server community public

Step 4 snmp-server enable traps bulkstat [collection | transfer] Enables the sending of bulk statistics SNMP notifications
(traps or informs). The following notifications (defined in
Example:
the CISCO-DATA-COLLECTION-MIB) are enabled with
this command:
Device(config)# snmp-server enable traps bulkstat
• transfer (cdcFileXferComplete)—Sent when a transfer
attempt is successful and when a transfer attempt fails.
(The varbind cdcFilXferStatus object in the trap defines
tells if the transfer is successful or not).
• collection (cdcVFileCollectionError)—Sent when data
collection could not be carried out successfully.One
possible reason for this condition could be insufficient
memory on the device to carry out data collection.

Step 5 snmp-server host host-address [traps | informs] [version Specifies the recipient (host) for the SNMP notifications,
{1 | 2c | 3 [auth | noauth | priv]}] community-string and additional transfer options.
[udp-port port] [bulkstat]
Example:

SNMP Configuration Guide

115
 Periodic MIB Data Collection and Transfer Mechanism
Monitoring and Troubleshooting Periodic MIB Data Collection and Transfer Mechanism

Command or Action Purpose

Device(config)# snmp-server host informs public

bulkstat

Step 6 exit Exits from global configuration mode.

Example:

Device(config)# exit

Step 7 copy running-config startup-config (Optional) Saves the current configuration to NVRAM as
the startup configuration file.
Example:

Device# copy running-config startup-config

Monitoring and Troubleshooting Periodic MIB Data Collection and Transfer

Mechanism
The show command for this feature displays the status of the bulk statistics processes. The debug command
enables the standard set of debugging messages for technical support purposes.

SUMMARY STEPS
1. enable
2. show snmp mib bulkstat transfer [transfer-name]
3. debug snmp bulkstat

DETAILED STEPS

Command or Action Purpose

Step 1 enable Enables privileged EXEC mode.
Example: • Enter your password if prompted.

Device> enable

Step 2 show snmp mib bulkstat transfer [transfer-name] (Optional) The show command for this feature lists all bulk
statistics virtual files (VFiles) on the system that have
Example:
finished collecting data. (Data files that are not complete
are not displayed.)
Device# show snmp mib bulkstat transfer
The output lists all of the completed local bulk statistics
Transfer Name : ifmib
Retained files
files, the remaining time left before the bulk statistics file
File Name : Time Left (in seconds) :STATE is deleted (remaining retention period), and the state of the
------------------------------------------------------------- bulk statistics file.
ifmib_Router_020421_100554683 : 173 : Retry (2
Retry attempt(s) Left) The “STATE” of the bulk statistics file will be one of the
ifmib_Router_020421_100554683 : 53 : Retained following:
• Queued—Indicates that the data collection for this
bulk statistics file is completed (in other words, the

SNMP Configuration Guide

116
 Periodic MIB Data Collection and Transfer Mechanism
Configuration Examples for Periodic MIB Data Collection and Transfer Mechanism

Command or Action Purpose

transfer interval has been met) and that the bulk
statistics file is waiting for transfer to the configured
destination(s).
• Retry—Indicates that one or more transfer attempts
have failed and that the file transfer will be attempted
again. The number of retry attempts remaining will be
displayed in parenthesis.
• Retained—Indicates that the bulk statistics file has
either been successfully transmitted or that the
configured number of retries have been completed.
Tip To determine if a transfer was successful, enable
the bulk statistics SNMP notification.

To display only the status of a named transfer (as opposed

to all configured transfers), specify the name of the transfer
in the transfer-name argument.

Step 3 debug snmp bulkstat (Optional) Enables standard debugging output for the Bulk
Statistics feature. Debugging output includes messages
Example:
about the creation, transfer, and deletion of bulk statistics
files.
Device# debug snmp bulkstat

Configuration Examples for Periodic MIB Data Collection and

Transfer Mechanism
Configuring Periodic MIB Data Collection and Transfer Mechanism Example
This section provides a complete example of configuring the Periodic MIB Data Collection and Transfer
Mechanism (Bulk Statistics feature). The example is described in the following subsections:

Transfer Parameters
The following transfer parameters are used for the “Configuring the Periodic MIB Data Collection and Transfer
Mechanism” example:
• Transfer interval (collection interval)—30 minutes
• Primary URL—ftp://john:pswrd@cbin2-host/users/john/bulkstat1
• Secondary URL—tftp://[email protected]/tftpboot/john/bulkstat1
• Transfer format—schemaASCII
• Retry interval—Retry after 6 minutes (retry = 5, retain = 30; 5 retry attempts over the 30-minute retention
interval.)

SNMP Configuration Guide

117
 Periodic MIB Data Collection and Transfer Mechanism
Polling Requirements

Polling Requirements
The following polling requirements for ATM interface 2/0 and Fast Ethernet interface 2/1 are used for the
“Configuring the Periodic MIB Data Collection and Transfer Mechanism” example:

ATM interface 2/0

• Objects to be polled—ifInOctets, ifOutOctets, ifInUcastPkts, ifInDiscards, CcarStatSwitchedPkts,
CcarStatSwitchedBytes, CcarStatFilteredBytes
• Polling interval—Once every 5 minutes
• Instances—Main interface and all subinterfaces
• For CAR MIB objects, poll all instances related to the specified interface

Fast Ethernet Interface 2/1

• Objects to be polled—ifInOctets, ifOutOctets, ifInUcastPkts, ifInDiscards, CcarStatSwitchedPkts,
CcarStatSwitchedBytes, CcarStatFilteredBytes
• Polling interval—Once every 10 minutes
• Instances—Only main interface is to be monitored
• For CAR MIB objects, only include instances pertaining to packets in the incoming direction (on the
main interface)

Object List Configuration

Note that since the IF-MIB objects and the CAR-MIB objects do not have the same index, they will have to
be a part of different schemas. However, since the objects required are the same for the ATM interface and
the Fast Ethernet interface, the object list can be reused for each schema. Therefore, in the following example,
an object list is created for the for the IF-MIB objects and another object list is created for the CAR-MIB
objects.

snmp mib bulkstat object-list ifmib

add ifInoctets
add ifOutoctets
add ifInUcastPkts
add ifInDiscards
exit
snmp mib bulkstat object-list CAR-mib
add CcarStatSwitchedPkts
add CcarStatSwitchedBytes
add CcarStatFilteredBytes
exit

Schema Definition Configuration

For the following bulk statistics schema configuration, two schemas are defined for each interface—one for
the IF-MIB object instances and one for the CAR-MIB object instances.

! ATM IF-MIB schema

snmp mib bulkstat schema ATM2/0-IFMIB
! The following command points to the IF-MIB object list, defined above.

SNMP Configuration Guide

118
 Periodic MIB Data Collection and Transfer Mechanism
Transfer Parameter Configuration

object-list ifmib
poll-interval 5
instance exact interface ATM2/0 subif
exit
! ATM CAR-MIB schema
snmp mib bulkstat schema-def ATM2/0-CAR
object-list CAR-mib
poll-interval 5
instance wildcard interface ATM2/0 subif
exit
!FastEthernet IF-MIB schema
snmp mib bulkstat schema FastEthernet2/1-IFMIB
object-list ifmib
poll-interval 5
instance exact interface FastEthernet2/1
exit
! FastEthernet CAR-MIB schema
snmp mib bulkstat schema FastEthernet2/1-CAR
object-list CAR-mib
poll-interval 5
! Note: ifindex of FastEthernet2/1 is 3
instance wildcard oid 3.1
exit

Transfer Parameter Configuration

For the transfer of the bulk statistics file, the transfer configuration is given the name bulkstat1. All of the
four schema definitions are included in the following transfer configuration.

snmp mib bulkstat transfer bulkstat1

schema ATM2/0-IFMIB
schema ATM2/0-CAR
schema FastEthernet2/1-IFMIB
schema FastEthernet2/1-CAR
url primary ftp://username1:pswrd@cbin2-host/users/username1/bulkstat1
url secondary tftp://[email protected]/tftpboot/username1/bulkstat1
format schemaASCII
transfer-interval 30
retry 5
buffer-size 1024
retain 30
end
copy running-config startup-config

Displaying Status
The following sample output for the show snmp mib bulkstat transfer command shows that the initial
transfer attempt and the first retry has failed for the newest file, and four additional retry attempts will be
made:

Device# show snmp mib bulkstat transfer

Transfer Name : bulkstat1

Primary URL ftp://user:[email protected]/
Secondary ftp://user:[email protected]/
Retained files

File Name : Time Left (in seconds) : STATE

----------------------------------------------------------------------
bulkstat1_Router_030307_102519739: 1196 :Retry(4 Retry attempt(s) Left)

SNMP Configuration Guide

119
 Periodic MIB Data Collection and Transfer Mechanism
Bulk Statistics Output File

bulkstat1_Router_030307_102219739: 1016 :Retained

bulkstat1_Router_030307_101919739: 836 :Retained

The filename for the bulk statistics file is generated with the following extensions to the name you specify in
the url command:
specified-filename _device-name _date_time-stamp
The device name is the name of the sending device, as specified in the CLI prompt.
The time-stamp format will depend on your system configuration. Typically, the format for the date is
YYYYMMDD or YYMMDD. The time stamp uses a 24-hour clock notation, and the format is HHMMSSmmm
(where mmm are milliseconds).
In the example above, the files were created on March 7, 2003, at 10:25 a.m., 10:22 a.m., and 10:19 a.m.

Bulk Statistics Output File

The following is sample output as it appears in the bulk statistics file received at the transfer destination. In
this output, the name of the bulk statistics file is bulkstat1_Router_20030131_193354234. Also, note that the
schema definition (Schema-def) for the schema Fast Ethernet2/1-IFMIB was added to the file as the
configuration was changed (see comment lines indicated by “!”).

Schema-def ATM2/0-IFMIB “%u, %s, %u, %u, %u, %u”

epochtime ifDescr instanceoid ifInOctets ifOutOctets ifInUcastPkts ifInDiscards
Schema-def ATM2/0-CAR “%u, %s, %s, %u, %u, %u, %u “
epochtime ifDescr instanceoid CcarStatSwitchedPkts ccarStatSwitchedBytes CcarStatSwitchedPkts
ccarStatSwitchedBytes
Schema-def FastEthernet2/1-IFMIB “%u, %u, %u, %u, %u, %u”
epochtime ifDescr instanceoid ifInOctets ifOutOctets ifInUcastPkts ifInDiscards
Schema-def FastEthernet2/1-CAR “%u, %s, %u, %u, %u, %u “
Epochtime instanceoid CcarStatSwitchedPkts ccarStatSwitchedBytes CcarStatSwitchedPkts
ccarStatSwitchedBytes
Schema-def GLOBAL “%s, %s, %s, %u, %u, %u, %u”
hostname data timeofday sysuptime cpu5min cpu1min cpu5sec
ATM2/0-IFMIB: 954417080, ATM2/0, 2, 95678, 23456, 234, 3456
ATM2/0-IFMIB: 954417080, ATM2/0.1, 8, 95458, 54356, 245, 454
ATM2/0-IFMIB: 954417080, ATM2/0.2, 9, 45678, 8756, 934, 36756
ATM2/0-CAR: 954417083, ATM2/0, 2.1.1, 234, 345, 123, 124
ATM2/0-CAR: 954417083, ATM2/0, 2.2.1, 452, 67, 132, 145
ATM2/0-CAR: 954417083, ATM2/0.1, 8.1.1, 224, 765, 324 234
ATM2/0-CAR: 954417083, ATM2/0.1, 8.2.1, 234, 345, 123, 124
ATM2/0-CAR: 954417083, ATM2/0.2, 9.1.1, 234, 345, 123, 124
ATM2/0-CAR: 954417083, ATM2/0.2, 9.2.1, 452, 67, 132, 145
FastEthernet2/1-IFMIB: 954417090, FastEthernet2/1, 3, 45678, 8756, 934, 36756
FastEthernet2/1-CAR: 954417093, 3.1.1, 234, 345, 123, 124
FastEthernet2/1-CAR: 954417093, 3.1.2, 134, 475, 155, 187
ATM2/0-IFMIB: 954417100, ATM2/0, 2, 95678, 23456, 234, 3456
ATM2/0-IFMIB: 954417101, ATM2/0.1, 8, 95458, 54356, 245, 454
ATM2/0-IFMIB: 954417102, ATM2/0.2, 9, 45678, 8756, 934, 36756
ATM2/0-CAR: 954417106, ATM2/0, 2.1.1, 234, 345, 123, 124
ATM2/0-CAR: 954417107, ATM2/0, 2.2.1, 452, 67, 132, 145
ATM2/0-CAR: 954417107, ATM2/0.1, 8.1.1, 224, 765, 324 234
ATM2/0-CAR: 954417108, ATM2/0.1, 8.2.1, 234, 345, 123, 124
ATM2/0-CAR: 954417113, ATM2/0.2, 9.1.1, 234, 345, 123, 124
ATM2/0-CAR: 954417114, ATM2/0.2, 9.2.1, 452, 67, 132, 145
! Here the Schema-def for “Ehternet2/1-IFMIB” was changed on the originating device.
Schema-def FastEthernet2/1-IFMIB “%u, %u, %u, %u, %u, %u”
! The object ifOutDiscards has been added to the object list for this schema.

epochtime ifDescr instanceoid ifInOctets ifOutOctets ifInUcastPkts ifInDiscards

ifOutDiscards

SNMP Configuration Guide

120
 Periodic MIB Data Collection and Transfer Mechanism
Additional References

! The following data sample reflects the change in the configuration.

FastEthernet2/1-IFMIB: 954417090, FastEthernet2/1, 3, 45678, 8756, 934, 36756, 123
FastEthernet2/1-CAR: 954417093, 3.1.1, 234, 345, 123, 124
FastEthernet2/1-CAR: 954417093, 3.1.2, 134, 475, 155, 187
GLOBAL: Govinda, 20020129, 115131, 78337, 783337, 2%, 0%, 62%

Additional References
The following sections provide references related to the Periodic MIB Data Collection and Transfer Mechanism.

Related Documents

Related Topic Document Title

Cisco IOS commands Cisco IOS Master Command List, All Releases

SNMP commands Cisco IOS SNMP Support Command Reference

SNMP configuration tasks “Configuring SNMP Support” module in the Cisco IOS XE Network Management
Configuration Guide

Standards and RFCs

RFC Title

None —

MIBs

MIBs MIBs Link

This feature supports all Cisco implemented MIBs. To locate and download MIBs for selected
platforms, Cisco IOS XE software releases,
This feature uses the Cisco Data Collection MIB
and feature sets, use Cisco MIB Locator found
(CISCO-DATA-COLLECTION-MIB.my) function of
at the following URL:
reporting errors and statistics during data collection and
transfer. http://www.cisco.com/go/mibs
The Cisco Data Collection MIB also supports configuring
data collection using the CLI, as well as with SNMP.

SNMP Configuration Guide

121
 Periodic MIB Data Collection and Transfer Mechanism
Feature Information for Periodic MIB Data Collection and Transfer Mechanism

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including http://www.cisco.com/techsupport
documentation and tools for troubleshooting and resolving technical issues
with Cisco products and technologies.
To receive security and technical information about your products, you
can subscribe to various services, such as the Product Alert Tool (accessed
from Field Notices), the Cisco Technical Services Newsletter, and Really
Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com
user ID and password.

Feature Information for Periodic MIB Data Collection and

Transfer Mechanism
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 7: Feature Information for Periodic MIB Data Collection and Transfer Mechanism

Feature Name Releases Feature Information

CISCO-DATA-COLLECTION-MIB Cisco IOS The Periodic MIB Data Collection and Transfer
XE Release Mechanism feature provides the ability to periodically
2.1 transfer selected MIB data from Cisco IOS XE-based
devices to specified Network Management Stations
(NMS).
The following commands were introduced or modified
by this feature:
add (bulkstat object) , buffer-size (bulkstat), debug
snmp bulkstat, enable (bulkstat), format (bulkstat),
instance (MIB), instance range, instance repetition,
object-list, poll-interval, retain, retry (bulkstat),
schema, show snmp mib bulkstat transfer, snmp mib
bulkstat object-list, snmp mib bulkstat schema, snmp
mib bulkstat transfer, snmp-server enable traps
bulkstat, transfer-interval, url (bulkstat).

SNMP Configuration Guide

122