Skip to content
Click here to open the documentation of locally-managed switches, including the CLI and API guides.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=switch-management-snmp

SNMP

The Simple Network Management Protocol (SNMP) allows you to monitor and manage network devices connected to Sophos Switch.

Sophos Switch supports SNMP versions v1, v2c, and v3. The default is v3, the most secure version. However, v1 and v2c may be required to support older hardware.

General settings

Use the General settings section to turn SNMP on or off and configure the SNMP engine ID.

Option Description
SNMP status Turn SNMP on or off. When Not set is selected, no configuration is pushed from Sophos Central, and any local configuration is still applied.
Engine ID Enter the switch's Engine ID for the remote clients. Value must be 10 to 64 hexadecimal characters, or select the Default checkbox to use the engine ID generated by Sophos Switch.

Click Update to save.

Users and groups

Add users and groups for SNMP on Sophos Switch. When using access lists, you must create at least one group.

To add users and communities, do as follows:

  1. Under Users and Communities, click Add.
  2. In the Users and Communities window, enter a Name.

  3. Select a Privilege mode from the drop-down list. The available options are as follows:

    • No authentication
    • Authentication
    • Privilege

  4. Select the Authentication protocol from the drop-down list. The available options are as follows:

    • MD5
    • SHA

  5. Enter an Authentication password.

  6. Select the Encryption protocol from the drop-down list. The available options are as follows:

    • DES_CBC
    • AES_CBF128

  7. Enter an Encryption password.

  8. (Optional) To use SNMP v1/v2c for this user, select Enable SNMP v1/v2c for this user and enter a Transport tag.
  9. Click Add.

To add groups, do as follows:

  1. Under Groups, click Add.
  2. In the Groups window, enter a Name.
  3. Select users from the displayed list.
  4. Select the SNMP version for each user using the checkboxes.
  5. Click Add.

Note

To remove an entry, select the checkbox next to the entry in the list and click Delete.

Views and access list

Use the views and associated access lists to allow or deny access to network resources. The MIB view is a set of subtrees within the MIB hierarchy. A view subtree is identified by the Object Identifier (OID).

To configure a new view, do as follows:

  1. Under Views, click Add.
  2. In the Add view window, enter a View name.

  3. Click Add new mapping.

    A new line is created in the OID mappings table.

  4. Enter the Subtree OID.

  5. Enter the Subtree mask.

  6. Select the View type. The available options are as follows:

    • Included
    • Excluded

  7. Click Save.

You must have created at least one group to create an access list. To create an access list, do as follows:

  1. Under Access lists, click Add.

  2. In the Add access Policy window, select the group from the Group list drop-down list.

    The group details are shown in the table.

  3. Select Read view for each version of SNMP turned on for the group.

  4. Select Write view for each version of SNMP turned on for the group.
  5. Select Notify view for each version of SNMP turned on for the group.
  6. Click Save.

Note

To remove an entry, select the checkbox next to the entry in the list and click Delete.

Notifications

Create Target parameters and configure Notifications.

To add target parameters, do as follows:

  1. Under Target parameters, click Add.
  2. In the Add parameter window, enter a Name.
  3. Choose the Message processing model from the drop-down list.
  4. Choose the Security mode from the drop-down list.
  5. Select a User from the drop-down list.
  6. When using v3 as the security mode, select the Privilege mode from the drop-down list.
  7. Click Save.

To add notifications, do as follows:

  1. Under Notifications, click Add.
  2. In the Add notification window, enter a Name.
  3. Enter a Tag identifier.

  4. Select a Type from the drop-down list. The available options are as follows:

    • Trap
    • Informs

  5. Click Save.

You must have at least one target parameter configured before you can configure a target address.

To configure a target address, do as follows:

  1. Under Target address, click Add.
  2. In the Add address window, enter a Name.
  3. Enter an IP address.
  4. Enter the UDP port.
  5. Enter a Timeout in seconds.
  6. Enter the Retry number.
  7. Enter a Tag identifier.
  8. Select the Target parameter from the drop-down list.
  9. Click Save.

Note

To remove an entry, select the checkbox next to the entry in the list and click Delete.