SNMP
SNMP (Simple Network Management Protocol) provides network monitoring and management capabilities on NX-OS devices. Configuration includes system contact and location information, SNMPv3 user authentication and privacy settings with group assignments, trap host destinations with version and security options, source interface selection for trap messages, global trap enablement with granular per-category trap control, packet size tuning, TCP session authentication, logging level, global privacy enforcement, host VRF selection, and RMON event definitions for threshold-based monitoring.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”configuration (nxos.devices)
Section titled “configuration (nxos.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| snmp | Class | [snmp] | No |
snmp (nxos.devices.configuration)
Section titled “snmp (nxos.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| contact | String | No | ||
| location | String | No | ||
| engine_id | String | No | ||
| global_enforce_priv | Boolean | true, false | No | |
| logging_level | Choice | emergencies, alerts, critical, errors, warnings, notifications, information, debugging | No | |
| packetsize | Integer | min: 484, max: 17382 | No | |
| tcp_session_auth | Boolean | true, false | No | |
| source_interface_type | Choice | ethernet, loopback, mgmt, port-channel, vlan, vni | No | |
| source_interface_id | String | No | ||
| enable_traps | Boolean | true, false | No | |
| traps | Class | [traps] | No | |
| users | List | [users] | No | |
| hosts | List | [hosts] | No | |
| rmon_events | List | [rmon_events] | No |
traps (nxos.devices.configuration.snmp)
Section titled “traps (nxos.devices.configuration.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| aaa_server_state_change | Boolean | true, false | No | |
| bfd_session_down | Boolean | true, false | No | |
| bfd_session_up | Boolean | true, false | No | |
| bridge_newroot | Boolean | true, false | No | |
| bridge_topology_change | Boolean | true, false | No | |
| callhome_event_notify | Boolean | true, false | No | |
| callhome_smtp_send_fail | Boolean | true, false | No | |
| cfs_state_change_notif | Boolean | true, false | No | |
| cfs_merge_failure | Boolean | true, false | No | |
| config_ccm_cli_running_config_changed | Boolean | true, false | No | |
| entity_mib_change | Boolean | true, false | No | |
| entity_cefc_mib_enable_status_notification | Boolean | true, false | No | |
| entity_fan_status_change | Boolean | true, false | No | |
| entity_module_inserted | Boolean | true, false | No | |
| entity_module_removed | Boolean | true, false | No | |
| entity_module_status_change | Boolean | true, false | No | |
| entity_power_out_change | Boolean | true, false | No | |
| entity_power_status_change | Boolean | true, false | No | |
| entity_sensor | Boolean | true, false | No | |
| entity_unrecognised_module | Boolean | true, false | No | |
| fcdomain_domain_id_not_assigned | Boolean | true, false | No | |
| fcdomain_fabric_change | Boolean | true, false | No | |
| fcdomain_new_principal_switch | Boolean | true, false | No | |
| feature_control_feature_op_status_change | Boolean | true, false | No | |
| feature_control_cisco_feat_op_status_change | Boolean | true, false | No | |
| generic_cold_start | Boolean | true, false | No | |
| generic_warm_start | Boolean | true, false | No | |
| hsrp_state_change | Boolean | true, false | No | |
| license_notify_license_expiry | Boolean | true, false | No | |
| license_notify_license_expiry_warning | Boolean | true, false | No | |
| license_notify_license_file_missing | Boolean | true, false | No | |
| license_notify_no_license_for_feature | Boolean | true, false | No | |
| link_cie_link_down | Boolean | true, false | No | |
| link_cie_link_up | Boolean | true, false | No | |
| link_cisco_xcvr_mon_status_chg | Boolean | true, false | No | |
| link_cmn_mac_move_notification | Boolean | true, false | No | |
| link_delayed_link_state_change | Boolean | true, false | No | |
| link_extended_link_down | Boolean | true, false | No | |
| link_extended_link_up | Boolean | true, false | No | |
| link_link_down | Boolean | true, false | No | |
| link_link_up | Boolean | true, false | No | |
| link_err_disable_interface_event_rev1 | Boolean | true, false | No | |
| lldp_rem_tables_change | Boolean | true, false | No | |
| mmode_cse_maint_mode_change_notify | Boolean | true, false | No | |
| mmode_cse_normal_mode_change_notify | Boolean | true, false | No | |
| mpls_ldp | Boolean | true, false | No | |
| mpls_ldp_session_down | Boolean | true, false | No | |
| mpls_ldp_session_up | Boolean | true, false | No | |
| mpls_vpn | Boolean | true, false | No | |
| mpls_vpn_vrf_max_thresh_cleared | Boolean | true, false | No | |
| mpls_vpn_vrf_max_thresh_exceeded | Boolean | true, false | No | |
| mpls_vpn_vrf_mid_thresh_exceeded | Boolean | true, false | No | |
| mpls_vpn_vrf_down | Boolean | true, false | No | |
| mpls_vpn_vrf_up | Boolean | true, false | No | |
| msdp_backward_transition | Boolean | true, false | No | |
| pim_neighbor_loss | Boolean | true, false | No | |
| port_security_access_secure_mac_violation | Boolean | true, false | No | |
| port_security_trunk_secure_mac_violation | Boolean | true, false | No | |
| rf_redundancy_framework | Boolean | true, false | No | |
| rmon_rising_alarm | Boolean | true, false | No | |
| rmon_falling_alarm | Boolean | true, false | No | |
| rmon_hc_rising_alarm | Boolean | true, false | No | |
| rmon_hc_falling_alarm | Boolean | true, false | No | |
| snmp_authentication | Boolean | true, false | No | |
| storm_control_cpsc_event_rev1 | Boolean | true, false | No | |
| stpx_inconsistency | Boolean | true, false | No | |
| stpx_loop_inconsistency | Boolean | true, false | No | |
| stpx_root_inconsistency | Boolean | true, false | No | |
| syslog_message_generated | Boolean | true, false | No | |
| sysmgr_cse_fail_sw_core_notify_extended | Boolean | true, false | No | |
| system_clock_change_notification | Boolean | true, false | No | |
| upgrade_job_status_notify | Boolean | true, false | No | |
| upgrade_op_notify_on_completion | Boolean | true, false | No | |
| vtp_notifs | Boolean | true, false | No | |
| vtp_vlan_create | Boolean | true, false | No | |
| vtp_vlan_delete | Boolean | true, false | No |
users (nxos.devices.configuration.snmp)
Section titled “users (nxos.devices.configuration.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| groups | List | String | No | |
| authentication_type | Choice | md5, sha, sha-256, sha-224, sha-384, sha-512 | No | |
| authentication_password | String | No | ||
| privacy_type | Choice | des, aes128, aes256 | No | |
| privacy_password | String | No | ||
| enforce_privacy | Boolean | true, false | No | |
| localized_key | Boolean | true, false | No | |
| localized_v2_key | Boolean | true, false | No | |
| engine_id | String | No | ||
| ipv4_acl | String | No | ||
| ipv6_acl | String | No |
hosts (nxos.devices.configuration.snmp)
Section titled “hosts (nxos.devices.configuration.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| host | String | Yes | ||
| udp_port | Integer | min: 0, max: 65535 | No | |
| version | Choice | v1, v2c, v3 | No | |
| notification_type | Choice | traps, informs | No | |
| community | String | No | ||
| security_level | Choice | noauth, auth, priv | No | |
| vrf | String | No |
rmon_events (nxos.devices.configuration.snmp)
Section titled “rmon_events (nxos.devices.configuration.snmp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| number | Integer | min: 1, max: 65535 | Yes | |
| description | String | No | ||
| log | Boolean | true, false | No | |
| owner | String | No | ||
| trap | String | No |
Examples
Section titled “Examples”Example 1: Basic SNMP with system info and a v2c trap host
nxos: devices: - name: LEAF1 configuration: snmp: contact: noc@example.com location: DC1-Room42-Rack5 enable_traps: true hosts: - host: 10.50.100.10 version: v2c community: publicExample 2: SNMPv3 user with authentication and privacy
nxos: devices: - name: SPINE1 configuration: snmp: contact: netops@example.com location: DC1-Room42 engine_id: "00:00:00:63:00:01:00:10:20:15:10:03" enable_traps: true source_interface_type: loopback source_interface_id: "0" users: - name: snmpv3user groups: - network-operator authentication_type: sha authentication_password: AuthP@ss123 privacy_type: aes128 privacy_password: PrivP@ss456 hosts: - host: 10.50.100.10 version: v3 notification_type: traps community: snmpv3user security_level: privExample 3: Multiple trap hosts with RMON events
nxos: devices: - name: BORDER-LEAF1 configuration: snmp: contact: noc@example.com location: DC2-Room10 packetsize: 8192 tcp_session_auth: true enable_traps: true hosts: - host: 10.50.100.10 version: v3 notification_type: traps community: snmpv3user security_level: auth - host: 10.50.100.11 udp_port: 1162 version: v2c notification_type: informs community: public rmon_events: - number: 1 description: High CPU alert log: true owner: admin trap: publicExample 4: SNMPv3 user with ACL filtering
nxos: devices: - name: LEAF1 configuration: ip_access_lists: - name: SNMP-ACL-V4 entries: - sequence_number: 10 action: permit protocol: ip source_address: 10.50.100.0 source_wildcard: 0.0.0.255 snmp: contact: noc@example.com location: DC1-Room42 enable_traps: true users: - name: monitoruser groups: - network-operator authentication_type: sha-256 authentication_password: StrongAuth!99 privacy_type: aes256 privacy_password: StrongPriv!99 enforce_privacy: true ipv4_acl: SNMP-ACL-V4Example 5: Granular trap enablement with per-category controls
nxos: devices: - name: LEAF1 configuration: snmp: contact: noc@example.com location: DC1-Room42 enable_traps: true traps: link_link_down: true link_link_up: true bridge_topology_change: true bridge_newroot: true stpx_inconsistency: true entity_fan_status_change: true entity_power_status_change: true entity_sensor: true syslog_message_generated: true snmp_authentication: true hsrp_state_change: true config_ccm_cli_running_config_changed: trueExample 6: SNMP host with VRF selection and global privacy enforcement
nxos: devices: - name: SPINE1 configuration: snmp: contact: netops@example.com location: DC2-Room10 global_enforce_priv: true logging_level: warnings enable_traps: true hosts: - host: 10.50.100.10 version: v3 notification_type: traps community: snmpv3user security_level: priv vrf: management - host: 10.50.200.10 version: v3 notification_type: informs community: snmpv3user security_level: priv vrf: management