SNMP Server

SNMP (Simple Network Management Protocol) server configuration enables comprehensive network monitoring and management by providing standardized access to device operational data, configuration parameters, and event notifications through Management Information Bases (MIBs). It supports multiple SNMP versions including SNMPv1, SNMPv2c, and SNMPv3 with advanced security features such as authentication, encryption, and access control through communities, users, groups, and views. SNMP server functionality includes extensive trap generation for proactive monitoring of network events, performance metrics collection, fault management, and integration with network management systems for centralized monitoring, alerting, and automated network operations.

Diagram

Classes

configuration (iosxe.devices)

Name	Type	Constraint	Mandatory	Default Value
snmp_server	Class	`[snmp_server]`	No

snmp_server (iosxe.devices.configuration)

Name	Type	Constraint	Mandatory
groups	List	`[groups]`	No
users	List	`[users]`	No
chassis_id	String		No
contact	String		No
ifindex_persist	Boolean	`true`, `false`	No
location	String		No
packet_size	Integer	min: `484`, max: `17892`	No
queue_length	Integer	min: `1`, max: `5000`	No
enable_logging_getop	Boolean	`true`, `false`	No
enable_logging_setop	Boolean	`true`, `false`	No
enable_informs	Boolean	`true`, `false`	No
enable_traps	Boolean	`true`, `false`	No
hosts	List	`[hosts]`	No
system_shutdown	Boolean	`true`, `false`	No
source_interface_informs_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`, `PortChannelSubinterface`	No
source_interface_informs_id	String		No
source_interface_traps_type	Choice	`Loopback`, `Vlan`, `GigabitEthernet`, `TenGigabitEthernet`, `FortyGigabitEthernet`, `HundredGigabitEthernet`, `PortChannel`, `PortChannelSubinterface`	No
source_interface_traps_id	String		No
traps	Class	`[traps]`	No
snmp_communities	List	`[snmp_communities]`	No
contexts	List	String	No
views	List	`[views]`	No

groups (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
v3_security_levels	List	`[v3_security_levels]`	No

users (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory
name	String		Yes
group	String		Yes
v3_authentication	Class	`[v3_authentication]`	Yes

hosts (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory
ip	IP		Yes
vrf	String		No
community	String		No
user	String		No
version	Choice	`1`, `2c`, `3`	No
encryption	Choice	`0`, `6`, `7`	No
security_level	Choice	`auth`, `noauth`, `priv`	No

traps (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory
snmp_authentication	Boolean	`true`, `false`	No
snmp_coldstart	Boolean	`true`, `false`	No
snmp_linkdown	Boolean	`true`, `false`	No
snmp_linkup	Boolean	`true`, `false`	No
snmp_warmstart	Boolean	`true`, `false`	No
flowmon	Boolean	`true`, `false`	No
entity_perf_throughput_notif	Boolean	`true`, `false`	No
call_home_message_send_fail	Boolean	`true`, `false`	No
call_home_server_fail	Boolean	`true`, `false`	No
tty	Boolean	`true`, `false`	No
ospfv3_config_state_change	Boolean	`true`, `false`	No
ospfv3_config_errors	Boolean	`true`, `false`	No
ospf_config_retransmit	Boolean	`true`, `false`	No
ospf_config_lsa	Boolean	`true`, `false`	No
ospf_nssa_trans_change	Boolean	`true`, `false`	No
ospf_shamlink_interface	Boolean	`true`, `false`	No
ospf_shamlink_neighbor	Boolean	`true`, `false`	No
ospf_errors_enable	Boolean	`true`, `false`	No
ospf_retransmit_enable	Boolean	`true`, `false`	No
lsa_enable	Boolean	`true`, `false`	No
eigrp	Boolean	`true`, `false`	No
auth_framework_sec_violation	Boolean	`true`, `false`	No
rep	Boolean	`true`, `false`	No
vtp	Boolean	`true`, `false`	No
vlancreate	Boolean	`true`, `false`	No
vlandelete	Boolean	`true`, `false`	No
port_security	Boolean	`true`, `false`	No
license	Boolean	`true`, `false`	No
smart_license	Boolean	`true`, `false`	No
cpu_threshold	Boolean	`true`, `false`	No
memory_bufferpeak	Boolean	`true`, `false`	No
stackwise	Boolean	`true`, `false`	No
udld_link_fail_rpt	Boolean	`true`, `false`	No
udld_status_change	Boolean	`true`, `false`	No
fru_ctrl	Boolean	`true`, `false`	No
flash_insertion	Boolean	`true`, `false`	No
flash_removal	Boolean	`true`, `false`	No
flash_lowspace	Boolean	`true`, `false`	No
energywise	Boolean	`true`, `false`	No
power_ethernet_group	Boolean	`true`, `false`	No
power_ethernet_police	Boolean	`true`, `false`	No
entity	Boolean	`true`, `false`	No
pw_vc	Boolean	`true`, `false`	No
envmon	Boolean	`true`, `false`	No
cef_resource_failure	Boolean	`true`, `false`	No
cef_peer_state_change	Boolean	`true`, `false`	No
cef_peer_fib_state_change	Boolean	`true`, `false`	No
cef_inconsistency	Boolean	`true`, `false`	No
isis	Boolean	`true`, `false`	No
ipsla	Boolean	`true`, `false`	No
bgp	Boolean	`true`, `false`	No
cbgp2	Boolean	`true`, `false`	No
entity_diag_boot_up_fail	Boolean	`true`, `false`	No
entity_diag_hm_test_recover	Boolean	`true`, `false`	No
entity_diag_hm_thresh_reached	Boolean	`true`, `false`	No
entity_diag_scheduled_test_fail	Boolean	`true`, `false`	No
bfd	Boolean	`true`, `false`	No
ike_policy_add	Boolean	`true`, `false`	No
ike_policy_delete	Boolean	`true`, `false`	No
ike_tunnel_start	Boolean	`true`, `false`	No
ike_tunnel_stop	Boolean	`true`, `false`	No
ipsec_cryptomap_add	Boolean	`true`, `false`	No
ipsec_cryptomap_attach	Boolean	`true`, `false`	No
ipsec_cryptomap_delete	Boolean	`true`, `false`	No
ipsec_cryptomap_detach	Boolean	`true`, `false`	No
ipsec_tunnel_start	Boolean	`true`, `false`	No
ipsec_tunnel_stop	Boolean	`true`, `false`	No
ipsec_too_many_sas	Boolean	`true`, `false`	No
config_copy	Boolean	`true`, `false`	No
config	Boolean	`true`, `false`	No
config_ctid	Boolean	`true`, `false`	No
dhcp	Boolean	`true`, `false`	No
event_manager	Boolean	`true`, `false`	No
hsrp	Boolean	`true`, `false`	No
ip_multicast	Boolean	`true`, `false`	No
msdp	Boolean	`true`, `false`	No
ospf_config_state_change	Boolean	`true`, `false`	No
ospf_config_errors	Boolean	`true`, `false`	No
pim_invalid_pim_message	Boolean	`true`, `false`	No
pim_neighbor_change	Boolean	`true`, `false`	No
pim_rp_mapping_change	Boolean	`true`, `false`	No
bridge_newroot	Boolean	`true`, `false`	No
bridge_topologychange	Boolean	`true`, `false`	No
stpx_inconsistency	Boolean	`true`, `false`	No
stpx_root_inconsistency	Boolean	`true`, `false`	No
stpx_loop_inconsistency	Boolean	`true`, `false`	No
syslog	Boolean	`true`, `false`	No
bgp_cbgp2	Boolean	`true`, `false`	No
nhrp_nhs	Boolean	`true`, `false`	No
nhrp_nhc	Boolean	`true`, `false`	No
nhrp_nhp	Boolean	`true`, `false`	No
nhrp_quota_exceeded	Boolean	`true`, `false`	No
mpls_traffic_eng	Boolean	`true`, `false`	No
mpls_vpn	Boolean	`true`, `false`	No
mpls_rfc_ldp	Boolean	`true`, `false`	No
mpls_ldp	Boolean	`true`, `false`	No
fast_reroute_protected	Boolean	`true`, `false`	No
local_auth	Boolean	`true`, `false`	No
vlan_membership	Boolean	`true`, `false`	No
errdisable	Boolean	`true`, `false`	No
rf	Boolean	`true`, `false`	No
transceiver_all	Boolean	`true`, `false`	No
bulkstat_collection	Boolean	`true`, `false`	No
bulkstat_transfer	Boolean	`true`, `false`	No
mac_notification_change	Boolean	`true`, `false`	No
mac_notification_move	Boolean	`true`, `false`	No
mac_notification_threshold	Boolean	`true`, `false`	No
vrfmib_vrf_up	Boolean	`true`, `false`	No
vrfmib_vrf_down	Boolean	`true`, `false`	No
vrfmib_vnet_trunk_up	Boolean	`true`, `false`	No
vrfmib_vnet_trunk_down	Boolean	`true`, `false`	No
aaa_server	Boolean	`true`, `false`	No
adslline	Boolean	`true`, `false`	No
alarm_type	String		No
casa	Boolean	`true`, `false`	No
cnpd	Boolean	`true`, `false`	No
dial	Boolean	`true`, `false`	No
dlsw	Boolean	`true`, `false`	No
ds1	Boolean	`true`, `false`	No
dsp_card_status	Boolean	`true`, `false`	No
dsp_oper_state	Boolean	`true`, `false`	No
ether_oam	Boolean	`true`, `false`	No
ethernet_cfm_alarm	Boolean	`true`, `false`	No
ethernet_cfm_cc_config	Boolean	`true`, `false`	No
ethernet_cfm_cc_cross_connect	Boolean	`true`, `false`	No
ethernet_cfm_cc_loop	Boolean	`true`, `false`	No
ethernet_cfm_cc_mep_down	Boolean	`true`, `false`	No
ethernet_cfm_cc_mep_up	Boolean	`true`, `false`	No
ethernet_cfm_crosscheck_mep_missing	Boolean	`true`, `false`	No
ethernet_cfm_crosscheck_mep_unknown	Boolean	`true`, `false`	No
ethernet_cfm_crosscheck_service_up	Boolean	`true`, `false`	No
ethernet_evc_create	Boolean	`true`, `false`	No
ethernet_evc_delete	Boolean	`true`, `false`	No
ethernet_evc_status	Boolean	`true`, `false`	No
firewall_serverstatus	Boolean	`true`, `false`	No
frame_relay_config_bundle_mismatch	Boolean	`true`, `false`	No
frame_relay_config_only	Boolean	`true`, `false`	No
frame_relay_config_subif_configs	Boolean	`true`, `false`	No
frame_relay_multilink_bundle_mismatch	Boolean	`true`, `false`	No
frame_relay_subif_count	Integer	min: `1`, max: `1000`	No
frame_relay_subif_interval	Integer	min: `1`, max: `3600`	No
ip_local_pool	Boolean	`true`, `false`	No
isdn_call_information	Boolean	`true`, `false`	No
isdn_chan_not_avail	Boolean	`true`, `false`	No
isdn_ietf	Boolean	`true`, `false`	No
isdn_layer2	Boolean	`true`, `false`	No
l2tun_pseudowire_status	Boolean	`true`, `false`	No
l2tun_session	Boolean	`true`, `false`	No
l2tun_tunnel	Boolean	`true`, `false`	No
lisp	Boolean	`true`, `false`	No
mpls	Boolean	`true`, `false`	No
mpls_rfc	Boolean	`true`, `false`	No
mvpn	Boolean	`true`, `false`	No
pfr	Boolean	`true`, `false`	No
pimstdmib_interface_election	Boolean	`true`, `false`	No
pimstdmib_invalid_join_prune	Boolean	`true`, `false`	No
pimstdmib_invalid_register	Boolean	`true`, `false`	No
pimstdmib_neighbor_loss	Boolean	`true`, `false`	No
pimstdmib_rp_mapping_change	Boolean	`true`, `false`	No
pki	Boolean	`true`, `false`	No
pppoe	Boolean	`true`, `false`	No
resource_policy	Boolean	`true`, `false`	No
rsvp	Boolean	`true`, `false`	No
sonet	Boolean	`true`, `false`	No
srp	Boolean	`true`, `false`	No
vdsl2line	Boolean	`true`, `false`	No
voice	Boolean	`true`, `false`	No
vrrp	Boolean	`true`, `false`	No
entity_qfp_mem_res_thresh	Boolean	`true`, `false`	No
entity_qfp_throughput_notif	Boolean	`true`, `false`	No
entity_sensor	Boolean	`true`, `false`	No
entity_state	Boolean	`true`, `false`	No

snmp_communities (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory
name	String		Yes
view	String		No
permission	Choice	`ro`, `rw`	No
ipv6_acl	String		No
ipv4_acl	String		No

views (iosxe.devices.configuration.snmp_server)

Name	Type	Constraint	Mandatory
name	String		Yes
mib	String		Yes
scope	Choice	`included`, `excluded`	No

v3_security_levels (iosxe.devices.configuration.snmp_server.groups)

Name	Type	Constraint	Mandatory
security_level	String		Yes
context_node	String		No
match_node	Choice	`exact`, `prefix`	No
read_node	String		No
write_node	String		No
notify_node	String		No
access_ipv6_acl	String		No
access_standard_acl	Integer	min: `1`, max: `99`	No
access_acl_name	String		No

v3_authentication (iosxe.devices.configuration.snmp_server.users)

Name	Type	Constraint	Mandatory
algorithm	Choice	`md5`, `sha`	Yes
password	String		Yes
access	Class	`[access]`	No
privacy	Class	`[privacy]`	No

access (iosxe.devices.configuration.snmp_server.users.v3_authentication)

Name	Type	Constraint	Mandatory
ipv6_acl	String		No
standard_acl	Integer	min: `1`, max: `99`	No
acl_name	String		No

privacy (iosxe.devices.configuration.snmp_server.users.v3_authentication)

Name	Type	Constraint	Mandatory
aes	Class	`[aes]`	No
des	Class	`[des]`	No
des3	Class	`[des3]`	No

aes (iosxe.devices.configuration.snmp_server.users.v3_authentication.privacy)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
algorithm	Choice	`128`, `192`, `256`	No
password	String		No
access	Class	`[access]`	No

des (iosxe.devices.configuration.snmp_server.users.v3_authentication.privacy)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
password	String		No
access	Class	`[access]`	No

des3 (iosxe.devices.configuration.snmp_server.users.v3_authentication.privacy)

Name	Type	Constraint	Mandatory
enabled	Boolean	`true`, `false`	No
password	String		No
access	Class	`[access]`	No

By configuring SNMP server parameters, you enable secure, centralized monitoring and management of network devices, supporting proactive event notification and operational visibility.

SNMP Server Parameters

Key Components:

Groups (groups): Define SNMP groups with security levels, access controls, and context mappings.
Users (users): Configure SNMP users, authentication, privacy settings, and group associations.
Hosts (hosts): Specify SNMP trap or inform destinations.
Communities (snmp_communities): Set SNMPv1/v2c community strings, permissions, and views.
Contexts (contexts): Define SNMP contexts for MIB access.
Views (views): Specify MIB views for granular access control.
Chassis ID (chassis_id): Set device chassis identification.
Contact (contact): Configure administrative contact information.
Location (location): Set device physical location.
IfIndex Persistence (ifindex_persist): Enable persistent interface indexing.
Packet Size (packet_size): Set maximum SNMP packet size.
Queue Length (queue_length): Configure SNMP message queue length.
Logging (enable_logging_getop, enable_logging_setop): Enable logging for SNMP get/set operations.
Informs/Traps (enable_informs, enable_traps): Enable SNMP informs and traps.
System Shutdown (system_shutdown): Enable SNMP system shutdown notification.
Traps (traps): Configure specific SNMP traps for event notification.

Key Parameters Briefly Explained:

groups: SNMP group configuration.
users: SNMP user authentication and privacy.
hosts: Trap/inform destinations.
snmp_communities: SNMPv1/v2c community strings.
contexts, views: MIB access control.
chassis_id, contact, location: Device identification.
ifindex_persist: Persistent interface indexing.
packet_size, queue_length: SNMP operational settings.
enable_logging_getop, enable_logging_setop: SNMP operation logging.
enable_informs, enable_traps: SNMP notification settings.
system_shutdown: System shutdown notification.
traps: Specific SNMP trap configuration.

You can use these SNMP server parameters to enable secure, flexible, and comprehensive network monitoring and management. Customize groups, users, communities, trap settings, and operational parameters to fit your network’s monitoring, security, and management needs.

Sample Configuration

The following configuration describes how to set up SNMP server on a Cisco IOS-XE device, including group, user, community, host, view, and trap settings for secure and comprehensive network management.

snmp-server group Group1 v3 priv context CON1 match exact read VIEW1 write VIEW2 notify VIEW3 access ipv6 V6ACL1 access ACL1 access 50
snmp-server group Group2 v3 priv context CON2 match exact read VIEW4 write VIEW5 notify VIEW6 access ipv6 V6ACL2 access ACL2 access 43
snmp-server user SNMP_USER1 ADMIN_GROUP v3 auth sha SecretAuthPassword123 priv aes 256 SecretAesPassword456
snmp-server host 192.168.1.1 user
snmp-server community community view VIEW1 RO
snmp-server context CON1
snmp-server context CON2
snmp-server view VIEW1 interfaces included
snmp-server chassis-id SampleChassisID
snmp-server contact admin@example.com
snmp-server ifindex persist
snmp-server location Data Center 1
snmp-server packetsize 1500
snmp-server queue-length 100
snmp-server enable-logging getop
snmp-server enable-logging setop
snmp-server enable traps
snmp-server enable informs
snmp-server system-shutdown
snmp-server trap authentication
snmp-server trap linkdown
snmp-server trap linkup
snmp-server trap entity
snmp-server trap config
snmp-server trap dhcp
snmp-server trap hsrp
snmp-server trap ipmulticast
snmp-server trap msdp
snmp-server trap ospf
snmp-server trap pim
snmp-server trap vlancreate
snmp-server trap vtp
snmp-server trap port-security
snmp-server trap cpu-threshold
snmp-server trap transceiver
snmp-server trap bulkstat
snmp-server trap mac-notification
snmp-server trap vrfmib

Example YAML Code

The following YAML code sets up SNMP server on an IOS-XE device, specifying groups, users, hosts, communities, contexts, views, chassis ID, contact, location, operational settings, and trap configuration.

iosxe:
  devices:
    - name: Device1
      configuration:
        snmp_server:
          groups:
          - name: Group1
            v3_security_levels:
            - security_level: priv
              context_node: CON1
              match_node: exact
              read_node: VIEW1
              write_node: VIEW2
              notify_node: VIEW3
              access_ipv6_acl: V6ACL1
              access_acl_name: ACL1
              access_standard_acl: 50
          - name: Group2
            v3_security_levels:
            - security_level: priv
              context_node: CON2
              match_node: exact
              read_node: VIEW4
              write_node: VIEW5
              notify_node: VIEW6
              access_ipv6_acl: V6ACL2
              access_acl_name: ACL2
              access_standard_acl: 43
          users:
          - name: SNMP_USER1
            group: ADMIN_GROUP
            v3_authentication:
              algorithm: sha
              password: SecretAuthPassword123
              privacy:
                aes:
                  enabled: true
                  algorithm: 256
                  password: SecretAesPassword456
          hosts:
          - ip: 192.168.1.1
            user: user
          snmp_communities:
          - name: community
            view: VIEW1
            permission: ro
          contexts: [CON1, CON2]
          views:
          - name: VIEW1
            mib: interfaces
            scope: included
          chassis_id: SampleChassisID
          contact: admin@example.com
          ifindex_persist: true
          location: Data Center 1
          packet_size: 1500
          queue_length: 100
          enable_logging_getop: true
          enable_logging_setop: true
          enable_informs: false #true causes DB problems
          enable_traps: true
          system_shutdown: false
          traps:
            snmp_authentication: true
            snmp_coldstart: false
            snmp_linkdown: true
            snmp_linkup: true
            snmp_warmstart: false
            flowmon: false
            entity_perf_throughput_notif: true
            call_home_message_send_fail: false
            call_home_server_fail: false
            tty: true
            ospfv3_config_state_change: false
            ospfv3_config_errors: false
            ospf_config_retransmit: true
            ospf_config_lsa: true
            ospf_nssa_trans_change: false
            ospf_shamlink_interface: false
            ospf_shamlink_neighbor: false
            ospf_errors_enable: true
            ospf_retransmit_enable: true
            lsa_enable: true
            eigrp: false
            auth_framework_sec_violation: false
            rep: false
            vtp: true
            vlancreate: true
            vlandelete: false
            port_security: true
            license: false
            smart_license: true
            cpu_threshold: true
            memory_bufferpeak: false
            stackwise: false
            udld_link_fail_rpt: false
            udld_status_change: false
            fru_ctrl: false
            flash_insertion: true
            flash_removal: false
            flash_lowspace: true
            energywise: false
            entity: false
            pw_vc: false
            envmon: false
            cef_resource_failure: false
            cef_peer_state_change: true
            cef_peer_fib_state_change: false
            cef_inconsistency: true
            isis: false
            ipsla: true
            entity_diag_boot_up_fail: false
            entity_diag_hm_test_recover: true
            entity_diag_hm_thresh_reached: false
            entity_diag_scheduled_test_fail: true
            bfd: false
            ike_policy_add: false
            ike_policy_delete: false
            ike_tunnel_start: false
            ike_tunnel_stop: false
            ipsec_cryptomap_add: false
            ipsec_cryptomap_attach: false
            ipsec_cryptomap_delete: false
            ipsec_cryptomap_detach: false
            ipsec_tunnel_start: false
            ipsec_tunnel_stop: false
            ipsec_too_many_sas: false
            config_copy: false
            config: true
            config_ctid: false
            dhcp: true
            event_manager: false
            hsrp: true
            ip_multicast: false
            msdp: true
            ospf_config_state_change: false
            ospf_config_errors: true
            pim_invalid_pim_message: false
            pim_neighbor_change: true
            pim_rp_mapping_change: false
            bridge_newroot: false
            bridge_topologychange: false
            stpx_inconsistency: false
            stpx_root_inconsistency: false
            stpx_loop_inconsistency: false
            syslog: false
            bgp_cbgp2: true
            nhrp_nhs: false
            nhrp_nhc: false
            nhrp_nhp: false
            nhrp_quota_exceeded: false
            mpls_traffic_eng: false
            mpls_vpn: false
            mpls_rfc_ldp: false
            mpls_ldp: false
            fast_reroute_protected: false
            local_auth: false
            vlan_membership: false
            errdisable: false
            rf: false
            transceiver_all: true
            bulkstat_collection: false
            bulkstat_transfer: true
            mac_notification_change: false
            mac_notification_move: false
            mac_notification_threshold: false
            vrfmib_vrf_up: true
            vrfmib_vrf_down: false
            vrfmib_vnet_trunk_up: true
            vrfmib_vnet_trunk_down: false