Configuring SNMPv2

Owned by Tracy Yang (Unlicensed)
Apr 26, 2023
2 min read


NOTE:

Once created, the loopback interface will always remain UP. Unlike any VLAN interface which can go down accidentally, the loopback interfaces are more stable and hence a much better choice for the SNMP configuration.
If the Pica8 switch is used as an SNMP Agent device and communicates with the SNMP NMS through the inband port, it is highly recommended to use the IP address of the route reachable loopback interface on the Pica8 switch as the communication address for Snmpwalk, which will ensure that communication is not interrupted and provide stablibility to the SNMP process.

Configuring SNMPv2 Parameters

By default, SNMP is disabled. You can enable SNMP and configure its parameters (e.g. community, contact, location).

You can configure the source  interface on the device from which traps are sent. The system specifies the IP address of this interface as the source IP address of traps. In this way, the trap source can be identified on the NMS. To ensure device security, it is recommended that you set the source interface to the loopback interface.

admin@Xorplus# set l3-interface loopback lo address 10.10.1.201 prefix-length 32
admin@XorPlus# set protocols snmp community Pica8-data-center
admin@XorPlus# set protocols snmp community Pica8-data-center authorization read-only
admin@XorPlus# set protocols snmp contact support@pica8.com
admin@XorPlus# set protocols snmp location Beijing
admin@XorPlus# set protocols snmp trap-group targets 10.10.1.1 security-name Pica8-data-center
admin@XorPlus# set protocols snmp trap-group version v2
admin@Xorplus# set protocols snmp trap-group source-interface loopback
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

In version 2.8.1,security-name has to be configured for trap-group targets whichever the version is .

Configuring an SNMP ACL

By default, all hosts can snmpwalk the information of the switch. Configure an SNMP ACL to control which hosts within the subnetwork can snmpwalk the switch.

admin@XorPlus# set system snmp-acl network 1.1.1.0/24
admin@XorPlus# set system snmp-acl network 2.2.2.0/24
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

Configuring SNMPset

User can use "snmpset" (OID1.3.6.1.4.1.35098.2.0.0) to load a configuration and can use "snmpset" (OID 1.3.6.1.4.1.35098.2.1.0) to delete or load a configuration. However, only set and delete commands can be included in the command batch (which is OID 1.3.6.1.4.1.35098.2.1.0). Other commands are invalid and ignored. Note that clearing a dependent configuration is not allowed.

admin@XorPlus# set protocols snmp community private authorization read-write
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.

Using snmpset to load a filter configuration:

root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.0.0 s "tftp:1.1.5.1:/pica8/acl.conf"
iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/acl.conf"

Using snmpset to delete a filter configuration:

root@dev:~# snmpset -v 2c -c private IP .1.3.6.1.4.1.35098.2.1.0 s "tftp:1.1.5.1:/pica8/delete-acl.conf"
iso.3.6.1.4.1.35098.2.0.0 = STRING: "tftp:1.1.5.1:/pica8/delete-acl.conf"

Enable or Disable LLDP SNMP Trap

The LLDP SNMP trap is enabled by default. You can use the following command to disable LLDP SNMP trap, then there will be no more LLDP trap message sends to snmp.

admin@Xorplus# set protocols lldp snmp-trap false
admin@Xorplus# commit
Waiting for merging configuration.
Commit OK.
Save done.

Copyright © 2024 Pica8 Inc. All Rights Reserved.