Chapter 23
Configuring SNMP
SNMP Terminology
data integrity—A condition or state of data in which a message packet has not been altered or destroyed
in an unauthorized manner.
data origin authentication—The ability to verify the identity of a user on whose behalf the message is
supposedly sent. This ability protects users against both message capture and replay by a different SNMP
engine, and against packets received or sent to a particular user that uses an incorrect password or
security level.
encryption—A method of hiding data from an unauthorized user by scrambling the contents of an
SNMP packet.
group—A set of users belonging to a particular security model. A group defines the access rights for all
the users belonging to it. Access rights define the SNMP objects that can be read, written to, or created.
In addition, the group defines the notifications that a user is allowed to receive.
notification host—An SNMP entity to which notifications (traps) are to be sent.
notify view—A view name (not to exceed 64 characters) for each group; the view name defines the list
of notifications that can be sent to each user in the group.
privacy—An encrypted state of the contents of an SNMP packet; in this state the contents are prevented
from being disclosed on a network. Encryption is performed with an algorithm called CBC-DES
(DES-56).
read view—A view name (not to exceed 64 characters) for each group; the view name defines the list of
object identifiers (OIDs) that can be read by users belonging to the group.
security level—A type of security algorithm performed on each SNMP packet. There are three levels:
noauth, auth, and priv. The noauth level authenticates a packet by a string match of the username. The
auth level authenticates a packet by using either the HMAC MD5 or SHA algorithms. The priv level
authenticates a packet by using either the HMAC MD5 or SHA algorithms and encrypts the packet using
the CBC-DES (DES-56) algorithm.
security model—The security strategy used by the SNMP agent. Currently, Cisco IOS supports three
security models: SNMPv1, SNMPv2c, and SNMPv3.
Simple Network Management Protocol (SNMP)—A network management protocol that provides a
means to monitor and control network devices, and to manage configurations, statistics collection,
performance, and security.
Simple Network Management Protocol Version 2c (SNMPv2c)—This second version of SNMP
supports centralized and distributed network management strategies and includes improvements in the
Structure of Management Information (SMI), protocol operations, management architecture, and
security.
SNMP engine—A copy of SNMP that can reside on the local or remote device.
SNMP group—A collection of SNMP users that belong to a common SNMP list that defines an access
policy, in which object identification numbers (OIDs) are both read-accessible and write-accessible.
Users belonging to a particular SNMP group inherit all of these attributes defined by the group.
SNMP user—A person for which an SNMP management operation is performed. For informs, the user
is the person on a remote SNMP engine who receives the informs.
SNMP view—A mapping between SNMP objects and the access rights available for those objects. An
object can have different access rights in each view. Access rights indicate whether the object is
accessible by either a community string or a user.
trap—A message sent by an SNMP agent to a console or terminal indicates a significant event occurred.
write view—A view name (not to exceed 64 characters) for each group; the view name defines the list
of object identifiers (OIDs) that are able to be created or modified by users of the group.
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
23-2
78-12647-02