cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Q&A - How is SNMP configured on a 1560 ASE switch?

Q&A - How is SNMP configured on a 1560 ASE switch?

Question: 
How is SNMP configured on a 1560 ASE switch via the CLI?

 

Answer: 

By default SNMP is disabled on all ASE switches for security reasons. See below for examples on how to configure basic SNMP for v2c and V3.

 

ASE Syntax for v1/v2c
 
!
snmp-server
snmp-server engine-id local 80000285463cc66181a9876
snmp-server contact <contact name>
snmp-server contact phone <contact phone number>
snmp-server contact email <contact email>
snmp-server location <location name>
snmp-server chassis-id <chassis Identification, i.e. serial number>
snmp-server community <security group name> ip-range 0.0.0.0 0.0.0.0  (all 0's allows any IP range) <snmp_community_name_RO>  *becomes encrypted, aka community secret
snmp-server community <security group name> ip-range 0.0.0.0 0.0.0.0 (all 0's allows any IP range) <snmp_community_name_RW> *becomes encrypted, , aka community secret
snmp-server community <security group name> ipv6-range ::/0  (::/0 allows any IPv6 range)  <snmp_community_name_RO> *becomes encrypted, , aka community secret
snmp-server community <security group name> ipv6-range ::/0  (::/0 allows any IPv6 range)  <snmp_community_name_RW> *becomes encrypted, , aka community secret
snmp-server security-to-group model v1 name <security group name> group <group name>
snmp-server security-to-group model v1 name <security group name> group <group name>
snmp-server security-to-group model v2c name <security group name> group <group name>
snmp-server security-to-group model v2c name <security group name> group <group name>
snmp-server view <view name> .1 include
snmp-server access <group name> model <[any][v1][v2c][v3]> level <[auth][noauth][priv]> read <view name>
snmp-server access <group name> model <[any][v1][v2c][v3]> level <[auth][noauth][priv]> read <view name> write <view name>
!
 
ASE Example for v1/v2c using default public and private security group
 
!
snmp-server
snmp-server engine-id local 80000285463cc66181a9876
snmp-server contact ADTRAN
snmp-server contact phone 2569639000
snmp-server contact email adtran@adtran.com
snmp-server chassis-id LBADTN1234AE9876
snmp-server community public ip-range 0.0.0.0 0.0.0.0   AdtranSNMP
snmp-server community private ip-range 0.0.0.0 0.0.0.0  AdtranSNMPrw
snmp-server community public ipv6-range ::/0  AdtranSNMP
snmp-server community private ipv6-range ::/0  AdtranSNMPrw
snmp-server security-to-group model v1 name public group default_ro_group
snmp-server security-to-group model v1 name private group default_rw_group
snmp-server security-to-group model v2c name public group default_ro_group
snmp-server security-to-group model v2c nameprivate group default_rw_group
snmp-server view default_view .1 include
snmp-server access default_ro_group model any level noauth read default_view
snmp-server access default_rw_group model any level noauth read default_view write default_view
!
 
Because ASE wants to use V3 by default the last 2 lines in the example are the most important as they allow noauth which allows v2c SNMP servers to communicate with the switch.
 
ASE Syntax for V3
 
!
snmp-server
snmp-server engine-id local 80000285463cc66181a9876
snmp-server contact <contact name>
snmp-server contact phone <contact phone number>
snmp-server contact email <contact email>
snmp-server chassis-id <chassis Identification, i.e. serial number>
snmp-server community <security group name> ip-range 0.0.0.0 0.0.0.0  (all 0's allows any IP range) <snmp_community_name_RO>  *becomes encrypted
snmp-server community <security group name> ip-range 0.0.0.0 0.0.0.0 (all 0's allows any IP range) <snmp_community_name_RW> *becomes encrypted
snmp-server community <security group name> ipv6-range ::/0  (::/0 allows any IPv6 range)  <snmp_community_name_RO> *becomes encrypted
snmp-server community <security group name> ipv6-range ::/0  (::/0 allows any IPv6 range)  <snmp_community_name_RW> *becomes encrypted
snmp-server user <username> engine-id 80000285463cc66181a9876 authentication protocol <[ md5][sha]> <authentication password> priv  <privacy protocol [ DES/AES]> <privacy password>
snmp-server security-to-group model v3 name <username> group <group name>
snmp-server view <view name> .1 include
snmp-server access <group name> model <[any][v1][v2c][v3]> level <[auth][noauth][priv]> read <view name>
snmp-server access <group name> model <[any][v1][v2c][v3]> level <[auth][noauth][priv]> read <view name> write <view name>
!
 
ASE Example for V3
 
!
snmp-server
snmp-server engine-id local 80000285463cc66181a9876
snmp-server contact ADTRAN
snmp-server contact phone 2569639000
snmp-server contact email adtran@adtran.com
snmp-server chassis-id LBADTN1234AE9876
snmp-server community public ip-range 0.0.0.0 0.0.0.0   AdtranSNMP
snmp-server community private ip-range 0.0.0.0 0.0.0.0  AdtranSNMPrw
snmp-server community public ipv6-range ::/0  AdtranSNMP
snmp-server community private ipv6-range ::/0  AdtranSNMPrw
snmp-server user USER1 engine-id 80000285463cc66181a9876 MD5  PASSWORD priv des PASSWORD
snmp-server security-to-group model v3 name USER1 group USER1v3GROUP
snmp-server view default_view .1 include
snmp-server access USER1v3GROUP model v3 level priv read default_view write default_view
!

When configuring V3 some elements must be created before others, this typically only affects GUI users . Adtran recommends completing configuration as follows: COMMUNITY, USER, SECURITY, VIEW, and then ACCESS. 
 
When configuring v3 it is recomended to remove the default noauth access groups and v1/v2c security groups for additional security.
!

no snmp-server security-to-group model v1 name public
no snmp-server security-to-group model v1 name private
no snmp-server security-to-group model v2c name public
no snmp-server security-to-group model v2c name private
no snmp-server access default_ro_group model any level noauth
no snmp-server access default_rw_group model any level noauth
!

 
 
MIBS
 
Custom MIBS to load onto your SNMP server for the ASE switches are located here in the support community.
 
Troubleshooting
 
First verify the switch can ping the SNMP browser and the browser is using the ASE device IP address , default port of 161, and the correct community strings.
 
To view all SNMP configurations on the switch use: show run feature snmp all-defaults at the command prompt.
 
Alternative views can be seen with the: show snmp commands.
Version history
Last update:
‎08-04-2023 01:01 PM
Updated by:
Contributors