Summary: Ready-to-use IOS-XE SNMP configuration — copy, adjust community string or SNMPv3 credentials and NMS IP, paste.
Minimal config for polling-only monitoring. Use when your NMS does not support SNMPv3 or for quick bring-up. Avoid in production where possible — community strings are transmitted in cleartext.
! SNMPv2c read-only community and NMS host
snmp-server community <COMMUNITY_STRING> RO
snmp-server location <SITE_LOCATION>
snmp-server contact <NOC_CONTACT>
snmp-server host <NMS_IP> version 2c <COMMUNITY_STRING>
Preferred for production. Uses SHA-256 authentication and AES-128 encryption. Replace all angle-bracket values before applying.
⚠️ IOS-XE Version Requirement
auth sha256requires IOS-XE 16.9 or later. On older releases,sha(SHA-1) is the only available option — use it only if upgrading is not possible and document the deviation.
! SNMPv3 group and user — authentication + privacy (most secure)
snmp-server group <GROUP_NAME> v3 priv
snmp-server user <USERNAME> <GROUP_NAME> v3 auth sha256 <AUTH_PASSWORD> priv aes 128 <PRIV_PASSWORD>
snmp-server host <NMS_IP> version 3 priv <USERNAME>
snmp-server location <SITE_LOCATION>
snmp-server contact <NOC_CONTACT>
show snmp
show snmp community
show snmp user
show snmp group
show snmp host
| Command | What to look for |
|---|---|
show snmp |
Packets In/Out incrementing; no auth failures |
show snmp community |
Community string listed with correct access (RO) |
show snmp user |
Username listed with correct auth (sha256) and priv (aes-128) |
show snmp group |
Group listed with security model v3 and priv |
show snmp host |
NMS IP listed with correct version and community/user |
<COMMUNITY_STRING> — replace with your site-specific read-only community string; avoid public or private<NMS_IP> — IP address of the Network Management System (e.g. LibreNMS, PRTG, SolarWinds)<GROUP_NAME> — arbitrary label for the SNMPv3 group, e.g. MONITORING<USERNAME> — SNMPv3 username configured on both the device and the NMS<AUTH_PASSWORD> — SNMPv3 authentication password; use a randomly generated string of at least 20 characters<PRIV_PASSWORD> — SNMPv3 privacy password; use a randomly generated string of at least 20 characters; must differ from <AUTH_PASSWORD><SITE_LOCATION> and <NOC_CONTACT> — these populate sysLocation and sysContact OIDs; useful for NMS inventoryshow snmp user will not reveal passwordssnmp-server user with plaintext passwords is accepted on IOS-XE and stored encrypted in the config; this is not a cleartext risk in the running configauth sha256 uses HMAC-SHA-256 (NIST SP 800-131A compliant); auth sha uses HMAC-SHA-1 (deprecated — avoid on IOS-XE 16.9+)