access

This command defines access level using the SNMPv3 protocol.

The use of a negative form (no) of the command sets the default value.

Syntax
access <TYPE> 
no access
Parameters

<TYPE> – access level:

  • ro – read only;
  • rw – read/write.
Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# access rw
CODE

authentication access

This command defines security mode.

The use of a negative form (no) of the command disables the authentication.

Syntax
authentication access <TYPE>
no authentication access
Parameters

<TYPE> – security mode:

  • auth – only authentication is used;
  • priv – authentication and data encryption are used.
Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# authentication algorithm auth
CODE

authentication algorithm

This command defines SNMPv3 requests authentication algorithm.

The use of a negative form (no) of the command disables the authentication.

Syntax
authentication algorithm <ALGORITHM>
no authentication algorithm
Parameters

<ALGORITHM> – encryption algorithm:

  • md5 – password is encrypted by md5 algorithm.
  • sha1 – password is encrypted by sha1 algorithm.
Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# authentication algorithm md5
CODE

authentication key

This command sets a password for SNMPv3 requests authentication.

The use of a negative form (no) of the command removes the password.

Syntax
authentication key ascii-text { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
no authentication key
Parameters

<CLEAR-TEXT> – password, sets by string from 8 to 16 characters;

encrypted – when specifying a command, an encrypted password is set:

<ENCRYPTED-TEXT> – encrypted password from 8 bytes to 16 bytes (16 to 32 characters) in hexadecimal format (0xYYYY...) or (YYYY...).

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# authentication key ascii-text 123456789
esr(config-snmp-user)# authentication key ascii-text encrypted CDE65039E5591FA3F1
CODE

client-list

This command enables filtering and sets up a profile of IP addresses from which SNMPv3 packets with this user SNMPv3 name can be received.

The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.

Syntax
[no] client-list <NAME>
Parameters

<NAME> – name of the previously conscious object-group, specified in a string of up to 31 characters.

Default value

Restrictions disabled.

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# client-list OBG005
CODE

community

This command defines the SNMP community to send notifications to the remote server.

The use of a negative form (no) of the command removes the community value.

Syntax
community <COMMUNITY>
no community
Parameters

<COMMUNITY> – community for access via SNMP, set by a string [1..128] characters long;

Default value

The description is not specified.

Required privilege level

15

Command mode

CONFIG-SNMP-HOST

Example
esr(config-snmp-host)# community privatekey
CODE

ip address

This command enables the filtering and sets the IP address that is given access to the router under this SNMPv3 user.

The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.

Syntax
[no] ip address <ADDR>
Parameters

<ADDR> – IP address of client that have access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

Default value

Restrictions disabled.

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# ip address 192.168.85.33
CODE

ipv6 address

under this SNMPv3 user.

The use of a negative forn (no) of the command disables filtering of received SNMPv3 packets.

Syntax
[no] ipv6 address <IPV6-ADDR>
Parameters

<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# ipv6 address AC:05:12:44::24
CODE

enable

This command enables SNMPv3 user.

The use of a negative form (no) of the command disables SNMPv3 user.

Syntax
[no] enable
Parameters

The command does not contain parameters.

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# enable
CODE

oid-tree

This command sets OID and action applied to it (allow/deny). Longer OIDs have an advantage.

The OID is specified in numerical notation.

The use of a negative form (no) of the command removes the oid-tree entry.

Syntax
oid-tree <OID> <ACTION>
no oid-tree <OID>
Parameters

<OID> – OID, sets by string 255 characters;

<ACTION> – action applied to OID

  • excluded – deny OID usage;
  • included – allow OID usage.
Default value

Included.

Required privilege level

15

Command mode

CONFIG-SNMP-VIEW

Example
esr(config-snmp-view)# oid-tree 1.3.6.1.2.1.2.2 excluded
CODE

port

This command defines SNMP notifications collector port on the remote server.

The use of a negative form (no) of the command sets the default value.

Syntax
port <PORT>
no port
Parameters

<PORT> – UDP port number, set in the range of [1..65535].

Default value

162

Required privilege level

15

Command mode

CONFIG-SNMP-HOST

Example
esr(config-snmp-host)# port 5555
CODE

privacy algorithm

This command defines encryption algorithm of transmitted data.

The use of a negative form (no) of the command disables the encryption.

Syntax
privacy algorithm <ALGORITHM>
no privacy algorithm
Parameters

<ALGORITHM> – encryption algorithm:

  • aes128 – use AES-128 encryption algorithm;
  • des – use DES encryption algorithm.
Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# privacy algorithm des
CODE

privacy key

This command sets a password for encryption of transmitted data.

The use of a negative form (no) of the command removes the password.

Syntax
privacy key ascii-text { <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }
no privacy key
Parameters

<CLEAR-TEXT> – password, sets by string from 8 to 16 characters;

<ENCRYPTED-TEXT> – encrypted password from 8 bytes to 16 bytes (16 to 32 characters) in hexadecimal format (0xYYYY...) or (YYYY...).

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# privacy key ascii-text 123456789
esr(config-snmp-user)# privacy key ascii-text encrypted CDE65039E5591FA3F1
CODE

rmon collection statistics

This command enables RMON statistics saving for physical interface.

The use of a negative form (no) of the command disables RMON statistics saving for physical interface.

Syntax
rmon collection statistics <INDEX> owner <OWNER>
no rmon collection statistics
Parameters

<INDEX> – specified interface RMON index;

<OWNER> – text field with [1..127] characters length that describes owner, that created this process.

Required privilege level

10

Command mode

CONFIG-GI

CONFIG-TE

Example
esr(config-if)# rmon collection statistics 17 owner admin
CODE

snmp-server

This command enables the SNMP server in the global routing table as well as in all created VRFs.

The use of a negative form (no) of the command disables SNMP server.

Syntax
[no] snmp-server
Parameters

The command does not contain parameters.

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server
CODE

snmp-server community

This command defines access community using the SNMP protocol.

The use of a negative form (no) of the command removes a community configurations.

Syntax
[no] snmp-server community <COMMUNITY> [ <TYPE> ] [ { <ADDR> | <IPV6-ADDR> } ] [client-list <OBJ-GROUP-NETWORK-NAME> ] [ <VERSION> ] [ view <VIEW-NAME> ] [ vrf <VRF> ]
Parameters

<COMMUNITY> – community for access via SNMP, set by a string [1..128] characters long;

<TYPE> – access level:

  • ro – read only;
  • rw – read/write.

<ADDR> – IP address of client that have access, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

<IPV6-ADDR> – client IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

<OBJ-GROUP-NETWORK-NAME> – profile name of IP addresses, from which snmp requests are processing, set by the string of up to 31 characters.

<VERSION> – the snmp version supported by this community takes the values v1 or v2c.

<VIEW-NAME> – name of SNMP view profile, on which based access to OID.

<VRF> – VRF instance name, set by the string of up to 31 characters, for which access will be granted.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server community public rw
CODE

snmp-server contact

This command sets SNMP variable value, that contains contact information (doesn't defined by default). For convenience, you can specify the person responsible for the equipment, such as his last name, in the parameters.

The use of a negative form (no) of the command removes SNMP variable value, that contains contact information.

Syntax
[no] snmp-server contact <CONTACT>
Parameters

<CONTACT> – contact information, sets by string with 255 characters length.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server contact ivanov_ivan
CODE

snmp-server dscp

The command sets the DSCP code value for the use in IP headers of SNMP server outgoing packets.

The use of a negative form (no) of the command sets the default DSCP value.

Syntax
snmp-server dscp <DSCP>
no snmp-server dscp
Parameters

<DSCP> – DSCP code value, takes values in the range of [0..63].

Default value

61

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server dscp 40
CODE

snmp-server enable traps

This command allows sending all types of SNMP notifications.

The use of a negative form (no) of the command forbids sending all types of SNMP notifications.

Syntax
[no] snmp-server enable traps
Parameters

None.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps
CODE

snmp-server enable traps config

This command allows sending SNMP notifications about configuration operations.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps config [ <ACT> ]
Parameters

<ACT> – configuration change fact traps:

  • commit – configuration change appliance;
  • confirm – configuration change confirmance.

Without specifying the <ACT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps config commit
CODE

snmp-server enable traps entity

This command allows sending SNMP notifications about running-config operations.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps entity [ <ENT> ]
Parameters

<ENT> – types of environment parameter filters:

  • config-change – running-config operations information.

Without specifying the <ENT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps entity
CODE

snmp-server enable traps entity-sensor

This command allows sending SNMP notifications about environment parameters changes.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps entity-sensor [ <ENT> ]
Parameters

<ENT> – types of environment parameter filters:

  • threshold – information on triggering threshold crossing.

Without specifying the <ENT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps entity-sensor
CODE

snmp-server enable traps environment

This command allows sending SNMP notifications about environment parameters changes.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps environment [ <ENV> ]
Parameters

<ENV> – types of environment parameter filters:

  • pwrin – power supply failure;
  • pwrin-insert – power supply installed;
  • fan – fan failure;
  • fan-speed-changed – fan speed changed;
  • fan-speed-high – fan rotating speed exceeded the maximal threshold;
  • memory-flash-low – NAND free space less than specified threshold;
  • memory-flash-critical-low – NAND free space less than specified critical threshold;
  • memory-ram-low – RAM free space less than specified maximal threshold;
  • memory-ram-critical-low – RAM free space less than specified critical threshold;
  • cpu-load – high CPU load;
  • cpu-overheat-temp – CPU temperature exceeded specified maximal threshold;
  • cpu-critical-temp – CPU temperature exceeded specified critical threshold;
  • cpu-supercooling-temp – CPU temperature is lower than specified minimal threshold;
  • switch-overheat-temp – switch temperature exceeded specified maximal threshold;
  • switch-supercooling-temp – switch temperature is lower than specified minimal threshold;
  • board-overheat-temp – board overheat;
  • board-supercooling-temp – board supercooling;
  • sfp-overheat-temp – SFP module overheat;
  • sfp-supercooling-temp – SFP module supercooling.

Without specifying the <ENV> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps enviroment pwrin
CODE

snmp-server enable traps envmоn

This command allows sending SNMP notifications about environment parameters changes.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps envmon [ <ENV> ]
Parameters

<ENV> – types of environment parameter filters:

  • fan – information on the operation of fan blocks;
  • shutdown – information about disconnecting the router;
  • supply – information about the operation of power supplies;
  • temperature – information about the operation of temperature sensors.

Without specifying the <ENV> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps envmon fun
CODE

snmp-server enable traps files-operations

This command allows sending SNMP notifications about file operations.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps files-operations [ <ACT> ]
Parameters

<ACT> – types of file operation parameter filters:

  • successful;
  • failed;
  • canceled – canceled;

canceled – canceled.

Without specifying the <ACT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps files-operations canceled
CODE

snmp-server enable traps flash

This command allows sending SNMP notifications about operations with external flash drives.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps flash [ <ACT> ]
Parameters

<ACT> – types of file operation parameter filters:

  • insertion – flash drive connection;
  • removal – flash drive removal.

Without specifying the <ACT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps flash removal
CODE

snmp-server enable traps interfaces

This command allows sending SNMP notifications about interface status changes.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps interfaces [ <ACT> ]
Parameters

<ACT> – types of environment parameter filters:

  • rx-utilization-high – incoming data stream exceeds threshold;
  • tx-utilization-high – outgoing data stream exceeds threshold;
  • number-high – excess number of IP interfaces;

Without specifying the <ACT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps interfaces rx-utilization-high
CODE

snmp-server enable traps ports

This command allows sending SNMP notifications about errors on the interfaces of the switching chip.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps ports [ <TYPE> ]
Parameters

<TYPE> – types of port status filters:

  • port-counters-errors – errors on the switching chip interfaces.

Without specifying the <TYPE> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps ports
CODE

snmp-server enable traps screens

This command allows broadcast of SNMP notifications about protection from a certain type of DoS attacks.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps screens [ <SCREEN> ]
Parameters

<SCREEN> – types of DoS attacks protection filters:

  • dest-limit – limiting the number of simultaneous sessions based on the destination address;
  • source-limit – limiting the number of simultaneous sessions based on the source address;
  • icmp-threshold – protection from ICMP flood attacks;
  • udp-threshold – protection from UDP flood attacks;
  • syn-flood – protection from SYN flood attacks;
  • land – protection from land attacks;
  • winnuke – protection from winnuke attacks;
  • icmp-frag – fragmented ICMP packets blocking;
  • syn-flag – fragmented TCP packets blocking, with SYN flag;
  • unknown-proto – blocking of packets, with the protocol ID contained in IP header equal to 137 and more;
  • ip-frag – fragmented packets blocking;
  • port-scan – protection from port scan attacks;
  • ip-sweep – protection from IP-sweep attacks;
  • syn-fin – blocking of TCP packets, with the SYN and FIN flags set;
  • fin-no-ack – blocking of TCP packets with the FIN flag set and the ACK flag not set;
  • no-flag – blocking of TCP packets with the null flag field;
  • spoofing – protection from IP spoofing attacks;
  • reserved – blocking of all ICMP packets of types 2 and 7 (reserved);
  • quench – blocking of all ICMP packets of type 4 (source quench);
  • echo-request – blocking of all ICMP packets of type 8 (echo-request);
  • time-exceeded – blocking of all ICMP packets of type 11 (time exceeded);
  • unreachable – blocking of all ICMP packets of type 3 (destination-unreachable);
  • icmp-large – blocking ICMP packets with large size;
  • tcp-all-flags – blocking tcp packets with flags;
  • udp-frag – blocking udp packets with flags.

Without specifying the <LINK> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps screens reserved
CODE

snmp-server enable traps snmp

This command allows sending SNMP notifications about environment parameters changes.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps snmp [ <ACT> ]
Parameters

<ACT> – types of environment parameter filters:

  • authentication – notifications about snmp requests to the router with the wrong community or snmpv3 password;
  • coldstart – notifications about restarting the snmp server on the router;
  • linkdown – information about link status change to down;
  • linkup – information about link status change to up;

Without specifying the <ACT> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps snmp linkup
CODE

snmp-server enable traps syslog

This command allows sending SNMP notifications with syslog messages.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps syslog
Parameters

None.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps syslog
CODE

snmp-server enable traps wifi

This command allows SNMP notifications to be sent with messages about the operation of the Wi-Fi controller.

The use of a negative form (no) of the command forbids sending SNMP notifications about configuration operations.

Syntax
[no] snmp-server enable traps wifi [ <NAME> ]
Parameters

<NAME> – types of softgre tunnels traps:

  • wifi-tunnels-number-in-bridge-high – enable traps on exceeding the number of sub-gre tunnels included in the bridge
  • wifi-tunnels-operation – enable traps on the result of snmp operations with softgre tunnels.

Without specifying the <NAME> key – activates sending of all traps of this group.

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server enable traps syslog
CODE

snmp-server host

This command enables the transmission of SNMP notifications to the specified IP address and switches to the SNMP notifications configuration mode.

The use of a negative form (no) of the command disables the transmission of notifications to the specified SNMP notification collector.

Syntax
[no] snmp-server host { <ADDR> | <IPV6-ADDR> } [vrf <VRF>]
Parameters

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF];

<VRF> – VRF instance name, set by the string of up to 31 characters, which contains SNMP notification collector.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp host 192.168.2.2
CODE

snmp-server location

This command sets SNMP variable value, that contains information about equipment location (doesn't defined by default). For convenience, you can specify the city, street, district, room number, etc. in the parameters.

The use of a negative form (no) of the command removes the value of the variable containing the equipment location information.

Syntax
[no] snmp-server location <LOCATION>
Parameters

<LOCATION> – information about equipment location, set by the string up to 255 characters.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server location duglasa_adamsa_42
CODE

snmp-server system-shutdown

This command allows the router to be rebooted using snmp messages.

The use of a negative form (no) of the command denies the router to be rebooted using snmp messages.

Syntax
[no] snmp-server system-shutdown
Parameters

The command does not contain parameters.

Default value

Disabled.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server system-shutdown
CODE

This command sets the send mode of SNMP-trap.

The use of a negative form (no) of the command sets the default mode.

Syntax
snmp-server trap link <MODE>
no snmp-server host
Parameters

<MODE> – SNMP-trap transmission mode. Takes the following values:

  • ietf;
  • cisco.
Default value

ietf

Required privilege level

10

Command mode

CONFIG

Example
esr(config)# snmp-server trap link cisco
CODE

snmp-server user

This command creates SNMPv3 user.

The use of a negative form (no) of the command removes SNMPv3 user.

Syntax
[no] snmp-server user <NAME>
Parameters

<NAME> – user name, set by the string from 1 to 128 characters.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server user admin
esr(config-snmp-user)#
CODE

snmp-server view

This command creates a snmp view profile that allows you to allow or deny access to certain OIDs for the community (SNMPv2) and user (SNMPv3).

The use of a negative form (no) of the command removes snmp view profile.

Syntax
[no] snmp-server view <VIEW-NAME>
Parameters

<VIEW-NAME> – SNMP view profile name, set by the string of up to 31 characters.

Required privilege level

15

Command mode

CONFIG

Example
esr(config)# snmp-server view user_access
esr(config-snmp-view)#
CODE

source-address

This command defines the IP address to send notifications to the remote server.

The use of a negative form (no) of the command sets the default value.

Syntax
source-address { <ADDR> | <IPV6-ADDR> }
no source-address
Parameters

<ADDR> – IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

<IPV6-ADDR> – IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

Default value

IPv4/IPv6 – The address of the interface closest to the remote SNMP server.

Required privilege level

15

Command mode

CONFIG-SNMP-HOST

Example
esr(config-snmp-host)# source-address 192.168.22.17
CODE

source-interface

This command defines the interface or tunnel of the router whose IPv4/IPv6 address will be used to send notifications to the remote server.

The use of a negative form (no) of the command removes a specified interface or tunnel.

Syntax
source-interface { <IF> | <TUN> }
no source-interface
Parameters

<IF> – an interface's name, specified in the form described in Section Types and naming order of router interfaces;

<TUN> – the name of the tunnel is specified as described in section Types and naming order of router tunnels.

Required privilege level

15

Command mode

CONFIG-SNMP-HOST

Example
esr(config-snmp-host)# source-interface gigabitethernet 1/0/1
CODE

view

This command sets a snmp view profile that allows you to allow or deny access to certain OIDs for SNMPv3 user.

The use of a negative form (no) of the command removes snmp view profile.

Syntax
[no] view <VIEW-NAME>
Parameters

<VIEW-NAME> – name of SNMP view profile, on which based access to OID, set by the string up to 31 characters.

Required privilege level

15

Command mode

CONFIG-SNMP-USER

Example
esr(config-snmp-user)# view user_view
CODE