cisco.nxos.nxos_snmp_server module – SNMP Server resource module.

Note

This module is part of the cisco.nxos collection (version 2.9.1).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install cisco.nxos.

To use it in a playbook, specify: cisco.nxos.nxos_snmp_server.

New in version 2.8.0: of cisco.nxos

Synopsis

  • This module manages SNMP server configuration on devices running Cisco NX-OS.

Note

This module has a corresponding action plugin.

Parameters

Parameter

Comments

config

dictionary

A dict of SNMP server configuration

aaa_user

dictionary

Set duration for which aaa-cached snmp user exists.

cache_timeout

integer

Timeout for which aaa-cached user exists(in secs).

communities

list / elements=dictionary

Set community string and access privs.

group

string

Group to which the community belongs.

name

aliases: community

string

SNMP community string (Max Size 32).

ro

boolean

Read-only access with this community string.

Choices:

  • no

  • yes

rw

boolean

Read-write access with this community string.

Choices:

  • no

  • yes

use_ipv4acl

string

Specify IPv4 ACL, the ACL name specified must be IPv4 ACL.

use_ipv6acl

string

Specify IPv6 ACL, the ACL name specified after must be IPv6 ACL.

contact

string

Modify sysContact.

context

dictionary

SNMP context to be mapped.

instance

string

Name of the protocol instance (Max Size 32).

name

string

Name of the SNMP context (Max Size 32).

topology

string

Topology associated with the SNMP context.

vrf

string

VRF associated with the SNMP context.

counter

dictionary

Configure port counter configuration.

cache

dictionary

Port stats cache.

enable

boolean

Enable port stats cache.

Choices:

  • no

  • yes

timeout

integer

Timeout for which cached port stats exists(in secs).

drop

dictionary

Silently drop unknown v3 user packets.

unknown_engine_id

boolean

Unknown v3 engine id.

Choices:

  • no

  • yes

unknown_user

boolean

Unknown v3 user.

Choices:

  • no

  • yes

engine_id

dictionary

Configure a local SNMPv3 engineID.

local

string

EngineID of the local agent.

global_enforce_priv

boolean

Globally enforce privacy for all the users.

Choices:

  • no

  • yes

hosts

list / elements=dictionary

Specify hosts to receive SNMP notifications.

SNMP hosts config lines that appear separately in running-config must be added as individual dictionaries.

auth

string

Use the SNMPv3 authNoPriv Security Level.

community

string

SNMP community string or SNMPv3 user name (Max Size 32).

filter_vrf

string

Filters notifications to the notification host receiver based on the configured VRF.

host

string

IPv4 or IPv6 address or DNS Name of SNMP notification host.

informs

boolean

Send Inform messages to this host.

Choices:

  • no

  • yes

priv

string

Use the SNMPv3 authPriv Security Level.

source_interface

string

Source interface to be used for sending out SNMP notifications to this host.

traps

boolean

Send Traps messages to this host.

Choices:

  • no

  • yes

udp_port

integer

The notification host’s UDP port number.

use_vrf

string

Configures SNMP to use the selected VRF to communicate with the host receiver.

version

string

SNMP version to use for notification messages.

Choices:

  • 1

  • 2c

  • 3

location

string

Modify sysLocation.

mib

dictionary

Mib access parameters.

community_map

dictionary

SNMP community.

community

string

SNMP community string (Max Size 32).

context

string

Name of the SNMP context (Max Size 32).

packetsize

integer

Largest SNMP packet size

protocol

dictionary

Snmp protocol operations.

enable

boolean

Enable/Disable snmp protocol operations.

Choices:

  • no

  • yes

source_interface

dictionary

Source interface to be used for sending out SNMP notifications.

informs

string

SNMP Inform notifications for which this source interface needs to be used.

traps

string

SNMP Trap notifications for which this source interface needs to be used.

system_shutdown

boolean

Configure snmp-server for reload(2).

Choices:

  • no

  • yes

tcp_session

dictionary

Enable one time authentication for snmp over tcp session.

auth

boolean

Enable one time authentication for snmp over tcp session.

Choices:

  • no

  • yes

enable

boolean

Enable tcp-session.

Choices:

  • no

  • yes

traps

dictionary

Enable SNMP Traps

aaa

dictionary

AAA traps

enable

boolean

Enable AAA traps.

Choices:

  • no

  • yes

server_state_change

boolean

AAA server state change notification.

Choices:

  • no

  • yes

bridge

dictionary

Bridge traps.

enable

boolean

Enable bridge traps.

Choices:

  • no

  • yes

newroot

boolean

Enable SNMP STP Bridge MIB newroot traps.

Choices:

  • no

  • yes

topologychange

boolean

Enable SNMP STP Bridge MIB topologychange traps.

Choices:

  • no

  • yes

callhome

dictionary

Callhome traps.

enable

boolean

Enable callhome traps.

Choices:

  • no

  • yes

event_notify

boolean

Callhome External Event Notification.

Choices:

  • no

  • yes

smtp_send_fail

boolean

SMTP Message Send Fail notification.

Choices:

  • no

  • yes

cfs

dictionary

CFS traps.

enable

boolean

Enable cfs traps.

Choices:

  • no

  • yes

merge_failure

boolean

Merge failure notification.

Choices:

  • no

  • yes

state_change_notif

boolean

State change notification.

Choices:

  • no

  • yes

config

dictionary

Config traps.

ccmCLIRunningConfigChanged

boolean

Running config change trap.

Choices:

  • no

  • yes

enable

boolean

Enable config traps.

Choices:

  • no

  • yes

entity

dictionary

Entity traps.

cefcMIBEnableStatusNotification

boolean

CefcMIBEnableStatusNotification.

Choices:

  • no

  • yes

enable

boolean

Enable entity traps.

Choices:

  • no

  • yes

entity_fan_status_change

boolean

Entity Fan Status Change.

Choices:

  • no

  • yes

entity_mib_change

boolean

Entity MIB change.

Choices:

  • no

  • yes

entity_module_inserted

boolean

Entity Module Inserted.

Choices:

  • no

  • yes

entity_module_removed

boolean

Entity Module Removed.

Choices:

  • no

  • yes

entity_module_status_change

boolean

Entity Module Status Change.

Choices:

  • no

  • yes

entity_power_out_change

boolean

Entity Power Out Change.

Choices:

  • no

  • yes

entity_power_status_change

boolean

Entity Power Status Change.

Choices:

  • no

  • yes

entity_sensor

boolean

Entity sensor.

Choices:

  • no

  • yes

entity_unrecognised_module

boolean

Entity Unrecognised Module.

Choices:

  • no

  • yes

feature_control

dictionary

Feature-Control traps.

ciscoFeatOpStatusChange

boolean

Feature operation status change Notification.

Choices:

  • no

  • yes

enable

boolean

Enable feature-control traps.

Choices:

  • no

  • yes

featureOpStatusChange

boolean

Feature operation status change notification.

Choices:

  • no

  • yes

generic

dictionary

Generic traps.

coldStart

boolean

Generic coldStart trap.

Choices:

  • no

  • yes

enable

boolean

Enable generic traps.

Choices:

  • no

  • yes

warmStart

boolean

Generic warmStart trap.

Choices:

  • no

  • yes

license

dictionary

License traps.

enable

boolean

Enable license traps.

Choices:

  • no

  • yes

notify_license_expiry

boolean

License Expiry Notification.

Choices:

  • no

  • yes

notify_license_expiry_warning

boolean

License Expiry Warning Notification.

Choices:

  • no

  • yes

notify_licensefile_missing

boolean

License File Missing Notification.

Choices:

  • no

  • yes

notify_no_license_for_feature

boolean

No License installed for feature Notification.

Choices:

  • no

  • yes

dictionary

Link traps.

boolean

Err-disable state notification.

Choices:

  • no

  • yes

boolean

Cisco extended link state down notification.

Choices:

  • no

  • yes

boolean

Cisco extended link state up notification.

Choices:

  • no

  • yes

boolean

Cisco interface transceiver monitor status change notification.

Choices:

  • no

  • yes

boolean

Mac addr move trap.

Choices:

  • no

  • yes

boolean

Delayed link state change.

Choices:

  • no

  • yes

boolean

Enable link traps.

Choices:

  • no

  • yes

boolean

IETF extended link state down notification.

Choices:

  • no

  • yes

boolean

IETF extended link state up notification.

Choices:

  • no

  • yes

boolean

IETF Link state down notification.

Choices:

  • no

  • yes

boolean

IETF Link state up notification.

Choices:

  • no

  • yes

mmode

dictionary

MMode traps.

cseMaintModeChangeNotify

boolean

Maint Mode Change Notification.

Choices:

  • no

  • yes

cseNormalModeChangeNotify

boolean

Normal Mode Change Notification.

Choices:

  • no

  • yes

enable

boolean

Enable mmode traps.

Choices:

  • no

  • yes

rf

dictionary

RF traps.

enable

boolean

Enable rf traps.

Choices:

  • no

  • yes

redundancy_framework

boolean

Redundancy_Framework (RF) Sup switchover MIB.

Choices:

  • no

  • yes

rmon

dictionary

RMON traps.

enable

boolean

Enable rmon traps.

Choices:

  • no

  • yes

fallingAlarm

boolean

Rmon falling alarm.

Choices:

  • no

  • yes

hcFallingAlarm

boolean

High capacity Rmon falling alarm.

Choices:

  • no

  • yes

hcRisingAlarm

boolean

High capacity Rmon rising alarm.

Choices:

  • no

  • yes

risingAlarm

boolean

Rmon rising alarm.

Choices:

  • no

  • yes

snmp

dictionary

SNMP traps.

authentication

boolean

SNMP authentication trap.

Choices:

  • no

  • yes

enable

boolean

Enable snmp traps.

Choices:

  • no

  • yes

storm_control

dictionary

Storm-Control traps.

cpscEventRev1

boolean

Port-Storm-Control-Event.

Choices:

  • no

  • yes

enable

boolean

Enable storm-control traps.

Choices:

  • no

  • yes

trap_rate

boolean

Number of traps per minute.

Choices:

  • no

  • yes

stpx

dictionary

Stpx traps.

enable

boolean

Enable stpx traps.

Choices:

  • no

  • yes

inconsistency

boolean

Enable SNMP STPX MIB InconsistencyUpdate traps.

Choices:

  • no

  • yes

loop_inconsistency

boolean

Enable SNMP STPX MIB LoopInconsistencyUpdate traps.

Choices:

  • no

  • yes

root_inconsistency

boolean

Enable SNMP STPX MIB RootInconsistencyUpdate traps.

Choices:

  • no

  • yes

syslog

dictionary

Enable syslog traps.

enable

boolean

Enable syslog traps.

Choices:

  • no

  • yes

message_generated

boolean

Message Generated Notification.

Choices:

  • no

  • yes

sysmgr

dictionary

Sysmgr traps.

cseFailSwCoreNotifyExtended

boolean

Software Core Notification.

Choices:

  • no

  • yes

enable

boolean

Enable sysmgr traps.

Choices:

  • no

  • yes

system

dictionary

System traps.

clock_change_notification

boolean

Clock-change-notification traps.

Choices:

  • no

  • yes

enable

boolean

Enable system traps.

Choices:

  • no

  • yes

upgrade

dictionary

Upgrade traps.

enable

boolean

Enable upgrade traps.

Choices:

  • no

  • yes

upgradeJobStatusNotify

boolean

Upgrade Job Status Notification.

Choices:

  • no

  • yes

upgradeOpNotifyOnCompletion

boolean

Upgrade Global Status Notification.

Choices:

  • no

  • yes

vtp

dictionary

VTP traps.

enable

boolean

Enable VTP traps.

Choices:

  • no

  • yes

notifs

boolean

Enable vtpConfigRevNumberError vtpConfigDigestEnable vtpConfigRevNumberError vtpConfigDigestError vtpServerDisabled vtpVersionOneDeviceDetected vlanTrunkPortDynamicStatusChange vtpLocalModeChanged vtpVersionInUseChanged notification.

Choices:

  • no

  • yes

vlancreate

boolean

Enable vtpVlanCreated notification.

Choices:

  • no

  • yes

vlandelete

boolean

Enable vtpVlanDeleted notification.

Choices:

  • no

  • yes

users

dictionary

Define users who can access the SNMP engine.

auth

list / elements=dictionary

SNMP User authentication related settings

authentication

dictionary

Authentication parameters for the user.

algorithm

string

Select algorithm for authentication.

Choices:

  • md5

  • sha

engine_id

string

EngineID for configuring notif target user (for V3 informs).

This value needs to be enclosed in quotes in the task.

localized_key

boolean

Specifies whether the passwords are in localized key format.

Choices:

  • no

  • yes

password

string

Authentication password for user (Max Size 127).

If this value is localized, it has to be enclosed in quotes in the task.

priv

dictionary

Encryption parameters for the user.

aes_128

boolean

Use 128-bit AES algorithm for privacy.

Choices:

  • no

  • yes

privacy_password

string

Privacy password for user (Max Size 130).

If this value is localized, it has to be enclosed in quotes in the task.

group

string

Group name (ignored for notif target user) (Max Size 28).

user

string

Name of the user (Max Size 28).

use_acls

list / elements=dictionary

Set IPv4 and IPv6 ACL to use.

ipv4

string

Specify IPv4 ACL, the ACL name specified after must be IPv4 ACL.

ipv6

string

Specify IPv6 ACL, the ACL name specified after must be IPv6 ACL.

user

string

Name of the user (Max Size 28).

running_config

string

This option is used only with state parsed.

The value of this option should be the output received from the NX-OS device by executing the command show running-config | section ‘^snmp-server’.

The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module’s argspec and the value is then returned in the parsed key within the result.

state

string

The state the configuration should be left in.

The states replaced and overridden have identical behaviour for this module.

Please refer to examples for more details.

Choices:

  • merged ← (default)

  • replaced

  • overridden

  • deleted

  • parsed

  • gathered

  • rendered

Notes

Note

  • Tested against NX-OS 9.3.6.

  • This module works with connection network_cli and httpapi.

Examples

# Using merged

# Before state:
# -------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey

- name: Merge the provided configuration with the existing running configuration
  cisco.nxos.nxos_snmp_server:
    config:
      aaa_user:
        cache_timeout: 36000
      communities:
        - community: public
          group: network-operator
        - community: private
          group: network-admin
      contact: nxosswitchadmin@localhost
      location: serverroom-1
      traps:
        aaa:
          server_state_change: True
        system:
          clock_change_notification: True
      hosts:
        - host: 192.0.2.1
          traps: True
          version: '1'
          community: public
        - host: 192.0.2.1
          source_interface: Ethernet1/1
        - host: 192.0.2.2
          informs: True
          version: '3'
          auth: NMS
      users:
        auth:
          - user: snmp_user_1
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True
          - user: snmp_user_2
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True
              priv:
                privacy_password: '0x5632724fb8ac3699296af26281e1d0f1'
                aes_128: True
        use_acls:
          - user: snmp_user_1
            ipv4: acl1
            ipv6: acl2
          - user: snmp_user_2
            ipv4: acl3
            ipv6: acl4

# Task output
# -------------
# before:
#   users:
#     auth:
#       - user: admin
#         group: network-admin
#         authentication:
#           algorithm: md5
#           password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#           localized_key: True
#           priv:
#             privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#
# commands:
#   - snmp-server contact nxosswitchadmin@localhost
#   - snmp-server location serverroom-1
#   - snmp-server aaa-user cache-timeout 36000
#   - snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#   - snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#   - snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
#   - snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
#   - snmp-server host 192.0.2.1 traps version 1 public
#   - snmp-server host 192.0.2.1 source-interface Ethernet1/1
#   - snmp-server host 192.0.2.2 informs version 3 auth NMS
#   - snmp-server community private group network-admin
#   - snmp-server community public group network-operator
#   - snmp-server enable traps aaa server-state-change
#   - snmp-server enable traps system Clock-change-notification
#
# after:
#   aaa_user:
#      cache_timeout: 36000
#    communities:
#      - community: private
#        group: network-admin
#      - community: public
#        group: network-operator
#    contact: nxosswitchadmin@localhost
#    location: serverroom-1
#    traps:
#      aaa:
#        server_state_change: True
#      system:
#        clock_change_notification: True
#    hosts:
#      - host: 192.0.2.1
#        traps: true
#        version: "1"
#        community: public
#
#      - host: 192.0.2.1
#        source_interface: Ethernet1/1
#
#      - host: 192.0.2.2
#        informs: true
#        version: "3"
#        auth: NMS
#    users:
#      auth:
#        - user: admin
#          group: network-admin
#          authentication:
#            algorithm: md5
#            password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#            localized_key: True
#            priv:
#              privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#
#        - user: snmp_user_1
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            localized_key: True
#
#        - authentication:
#            algorithm: md5
#            localized_key: true
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            priv:
#              aes_128: true
#              privacy_password: "0x5632724fb8ac3699296af26281e1d0f1"
#          group: network-operator
#          user: snmp_user_2
#
#      use_acls:
#        - user: snmp_user_1
#          ipv4: acl1
#          ipv6: acl2
#        - user: snmp_user_2
#          ipv4: acl3
#          ipv6: acl4

# After state:
# ------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server contact nxosswitchadmin@localhost
# snmp-server location serverroom-1
# snmp-server aaa-user cache-timeout 36000
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey
# snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
# snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
# snmp-server host 192.0.2.1 traps version 1 public
# snmp-server host 192.0.2.1 source-interface Ethernet1/1
# snmp-server host 192.0.2.2 informs version 3 auth NMS
# snmp-server community private group network-admin
# snmp-server community public group network-operator
# snmp-server enable traps aaa server-state-change
# snmp-server enable traps system Clock-change-notification

# Using replaced

# Before state:
# ------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server contact nxosswitchadmin@localhost
# snmp-server location serverroom-1
# snmp-server aaa-user cache-timeout 36000
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey
# snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
# snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
# snmp-server host 192.0.2.1 traps version 1 public
# snmp-server host 192.0.2.1 source-interface Ethernet1/1
# snmp-server host 192.0.2.2 informs version 3 auth NMS
# snmp-server community private group network-admin
# snmp-server community public group network-operator
# snmp-server enable traps aaa server-state-change
# snmp-server enable traps system Clock-change-notification

- name: Replace snmp-server configurations of listed snmp-server with provided configurations
  cisco.nxos.nxos_snmp_server:
    config:
      aaa_user:
        cache_timeout: 36000
      communities:
        - community: public
          group: network-operator
        - community: secret
          group: network-operator
      contact: nxosswitchadmin2@localhost
      location: serverroom-2
      traps:
        aaa:
          server_state_change: True
      hosts:
        - host: 192.0.2.1
          traps: True
          version: '1'
          community: public
        - host: 192.0.2.1
          source_interface: Ethernet1/1
        - host: 192.0.3.2
          informs: True
          version: '3'
          auth: NMS
      users:
        auth:
          - user: admin
            group: network-admin
            authentication:
              algorithm: md5
              password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
              localized_key: True
              priv:
                privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"

          - user: snmp_user_1
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True

          - user: snmp_user_2
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True
              priv:
                privacy_password: '0x5632724fb8ac3699296af26281e1d0f1'
                aes_128: True
        use_acls:
          - user: snmp_user_1
            ipv4: acl1
            ipv6: acl2
    state: replaced

# Task output
# -------------
# before:
#   aaa_user:
#      cache_timeout: 36000
#    communities:
#      - community: private
#        group: network-admin
#      - community: public
#        group: network-operator
#    contact: nxosswitchadmin@localhost
#    location: serverroom-1
#    traps:
#      aaa:
#        server_state_change: True
#      system:
#        clock_change_notification: True
#    hosts:
#      - host: 192.0.2.1
#        traps: true
#        version: "1"
#        community: public
#
#      - host: 192.0.2.1
#        source_interface: Ethernet1/1
#
#      - host: 192.0.2.2
#        informs: true
#        version: "3"
#        auth: NMS
#    users:
#      auth:
#        - user: admin
#          group: network-admin
#          authentication:
#            algorithm: md5
#            password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#            localized_key: True
#            priv:
#              privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#
#        - user: snmp_user_1
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            localized_key: True
#
#        - authentication:
#            algorithm: md5
#            localized_key: true
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            priv:
#              aes_128: true
#              privacy_password: "0x5632724fb8ac3699296af26281e1d0f1"
#          group: network-operator
#          user: snmp_user_2
#
#      use_acls:
#        - user: snmp_user_1
#          ipv4: acl1
#          ipv6: acl2
#        - user: snmp_user_2
#          ipv4: acl3
#          ipv6: acl4
#
# commands:
#   - snmp-server contact nxosswitchadmin2@localhost
#   - no snmp-server enable traps system Clock-change-notification
#   - snmp-server location serverroom-2
#   - no snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
#   - no snmp-server host 192.0.2.2 informs version 3 auth NMS
#   - snmp-server host 192.0.3.2 informs version 3 auth NMS
#   - no snmp-server community private group network-admin
#   - snmp-server community secret group network-operator
#
# after:
#   aaa_user:
#      cache_timeout: 36000
#    communities:
#      - community: public
#        group: network-operator
#      - community: secret
#        group: network-operator
#    contact: nxosswitchadmin2@localhost
#    location: serverroom-2
#    traps:
#      aaa:
#        server_state_change: True
#    hosts:
#      - host: 192.0.2.1
#        traps: True
#        version: '1'
#        community: public
#      - host: 192.0.2.1
#        source_interface: Ethernet1/1
#      - host: 192.0.3.2
#        informs: True
#        version: '3'
#        auth: NMS
#    users:
#      auth:
#        - user: admin
#          group: network-admin
#          authentication:
#            algorithm: md5
#            password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#            localized_key: True
#            priv:
#              privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#
#        - user: snmp_user_1
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: '0x5632724fb8ac3699296af26281e1d0f1'
#            localized_key: True
#
#        - user: snmp_user_2
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: '0x5632724fb8ac3699296af26281e1d0f1'
#            localized_key: True
#            priv:
#              privacy_password: '0x5632724fb8ac3699296af26281e1d0f1'
#              aes_128: True
#
#      use_acls:
#        - user: snmp_user_1
#          ipv4: acl1
#          ipv6: acl2
#

# After state:
# ------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server contact nxosswitchadmin2@localhost
# snmp-server location serverroom-2
# snmp-server aaa-user cache-timeout 36000
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey
# snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
# snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
# snmp-server host 192.0.2.1 traps version 1 public
# snmp-server host 192.0.2.1 source-interface Ethernet1/1
# snmp-server host 192.0.2.2 informs version 3 auth NMS
# snmp-server community secret group network-operator
# snmp-server community public group network-operator
# snmp-server enable traps aaa server-state-change
# snmp-server enable traps system Clock-change-notification

# Using deleted

# Before state:
# ------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server contact nxosswitchadmin@localhost
# snmp-server location serverroom-1
# snmp-server aaa-user cache-timeout 36000
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey
# snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
# snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
# snmp-server host 192.0.2.1 traps version 1 public
# snmp-server host 192.0.2.1 source-interface Ethernet1/1
# snmp-server host 192.0.2.2 informs version 3 auth NMS
# snmp-server community private group network-admin
# snmp-server community public group network-operator
# snmp-server enable traps aaa server-state-change
# snmp-server enable traps system Clock-change-notification

- name: Delete SNMP Server configurations from the device (admin user will not be deleted)
  cisco.nxos.nxos_snmp_server:
    state: deleted

# Task output
# -------------
# before:
#   aaa_user:
#      cache_timeout: 36000
#    communities:
#      - community: private
#        group: network-admin
#      - community: public
#        group: network-operator
#    contact: nxosswitchadmin@localhost
#    location: serverroom-1
#    traps:
#      aaa:
#        server_state_change: True
#      system:
#        clock_change_notification: True
#    hosts:
#      - host: 192.0.2.1
#        traps: true
#        version: "1"
#        community: public
#
#      - host: 192.0.2.1
#        source_interface: Ethernet1/1
#
#      - host: 192.0.2.2
#        informs: true
#        version: "3"
#        auth: NMS
#    users:
#      auth:
#        - user: admin
#          group: network-admin
#          authentication:
#            algorithm: md5
#            password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#            localized_key: True
#            priv:
#              privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#
#        - user: snmp_user_1
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            localized_key: True
#
#        - authentication:
#            algorithm: md5
#            localized_key: true
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            priv:
#              aes_128: true
#              privacy_password: "0x5632724fb8ac3699296af26281e1d0f1"
#          group: network-operator
#          user: snmp_user_2
#
#      use_acls:
#        - user: snmp_user_1
#          ipv4: acl1
#          ipv6: acl2
#        - user: snmp_user_2
#          ipv4: acl3
#          ipv6: acl4
#
# commands:
#   - no snmp-server contact nxosswitchadmin@localhost
#   - no snmp-server location serverroom-1
#   - no snmp-server aaa-user cache-timeout 36000
#   - no snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey
#   - no snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#   - no snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#   - no snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
#   - no snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
#   - no snmp-server host 192.0.2.1 traps version 1 public
#   - no snmp-server host 192.0.2.1 source-interface Ethernet1/1
#   - no snmp-server host 192.0.2.2 informs version 3 auth NMS
#   - no snmp-server community private group network-admin
#   - no snmp-server community public group network-operator
#   - no snmp-server enable traps aaa server-state-change
#   - no snmp-server enable traps system Clock-change-notification
#
# after:
#   users:
#     auth:
#       - user: admin
#         group: network-admin
#         authentication:
#           algorithm: md5
#           password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"
#           localized_key: True
#           priv:
#             privacy_password: "0xcbde46b02c46e0bcd3ac5af6a8b13da9"

# After state:
# ------------
# nxos-9k-rdo# show running-config | section "^snmp-server"
# snmp-server user admin network-admin auth md5 0xcbde46b02c46e0bcd3ac5af6a8b13da9 priv 0xcbde46b02c46e0bcd3ac5af6a8b13da9 localizedkey

# Using rendered
# ---------------

- name: Render platform specific configuration lines with state rendered (without connecting to the device)
  cisco.nxos.nxos_snmp_server:
    config:
      aaa_user:
        cache_timeout: 36000
      communities:
        - community: public
          group: network-operator
        - community: private
          group: network-admin
      contact: nxosswitchadmin@localhost
      location: serverroom-1
      traps:
        aaa:
          server_state_change: True
        system:
          clock_change_notification: True
      hosts:
        - host: 192.0.2.1
          traps: True
          version: '1'
          community: public
        - host: 192.0.2.1
          source_interface: Ethernet1/1
        - host: 192.0.2.2
          informs: True
          version: '3'
          auth: NMS
      users:
        auth:
          - user: snmp_user_1
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True
          - user: snmp_user_2
            group: network-operator
            authentication:
              algorithm: md5
              password: '0x5632724fb8ac3699296af26281e1d0f1'
              localized_key: True
              priv:
                privacy_password: '0x5632724fb8ac3699296af26281e1d0f1'
                aes_128: True
        use_acls:
          - user: snmp_user_1
            ipv4: acl1
            ipv6: acl2
          - user: snmp_user_2
            ipv4: acl3
            ipv6: acl4
    state: rendered


# Task Output (redacted)
# -----------------------
#  rendered:
#    - snmp-server contact nxosswitchadmin@localhost
#    - snmp-server location serverroom-1
#    - snmp-server aaa-user cache-timeout 36000
#    - snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#    - snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
#    - snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
#    - snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
#    - snmp-server host 192.0.2.1 traps version 1 public
#    - snmp-server host 192.0.2.1 source-interface Ethernet1/1
#    - snmp-server host 192.0.2.2 informs version 3 auth NMS
#    - snmp-server community private group network-admin
#    - snmp-server community public group network-operator
#    - snmp-server enable traps aaa server-state-change
#    - snmp-server enable traps system Clock-change-notification

# Using parsed

# parsed.cfg
# ------------
# snmp-server contact nxosswitchadmin@localhost
# snmp-server location serverroom-1
# snmp-server aaa-user cache-timeout 36000
# snmp-server user snmp_user_1 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_2 network-operator auth md5 0x5632724fb8ac3699296af26281e1d0f1 priv aes-128 0x5632724fb8ac3699296af26281e1d0f1 localizedkey
# snmp-server user snmp_user_1 use-ipv4acl acl1 use-ipv6acl acl2
# snmp-server user snmp_user_2 use-ipv4acl acl3 use-ipv6acl acl4
# snmp-server host 192.0.2.1 traps version 1 public
# snmp-server host 192.0.2.1 source-interface Ethernet1/1
# snmp-server host 192.0.2.2 informs version 3 auth NMS
# snmp-server community private group network-admin
# snmp-server community public group network-operator
# snmp-server enable traps aaa server-state-change
# snmp-server enable traps system Clock-change-notification

- name: Parse externally provided snmp-server configuration
  cisco.nxos.nxos_snmp_server:
    running_config: "{{ lookup('file', './parsed.cfg') }}"
    state: parsed

# Task output (redacted)
# -----------------------
#  parsed:
#   aaa_user:
#      cache_timeout: 36000
#    communities:
#      - community: private
#        group: network-admin
#      - community: public
#        group: network-operator
#    contact: nxosswitchadmin@localhost
#    location: serverroom-1
#    traps:
#      aaa:
#        server_state_change: True
#      system:
#        clock_change_notification: True
#    hosts:
#      - host: 192.0.2.1
#        traps: true
#        version: "1"
#        community: public
#
#      - host: 192.0.2.1
#        source_interface: Ethernet1/1
#
#      - host: 192.0.2.2
#        informs: true
#        version: "3"
#        auth: NMS
#    users:
#      auth:
#        - user: snmp_user_1
#          group: network-operator
#          authentication:
#            algorithm: md5
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            localized_key: True
#
#        - authentication:
#            algorithm: md5
#            localized_key: true
#            password: "0x5632724fb8ac3699296af26281e1d0f1"
#            priv:
#              aes_128: true
#              privacy_password: "0x5632724fb8ac3699296af26281e1d0f1"
#          group: network-operator
#          user: snmp_user_2
#
#      use_acls:
#        - user: snmp_user_1
#          ipv4: acl1
#          ipv6: acl2
#        - user: snmp_user_2
#          ipv4: acl3
#          ipv6: acl4
#

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

after

dictionary

The resulting configuration after module execution.

Returned: when changed

Sample: “This output will always be in the same format as the module argspec.\n”

before

dictionary

The configuration prior to the module execution.

Returned: when state is merged, replaced, overridden, deleted or purged

Sample: “This output will always be in the same format as the module argspec.\n”

commands

list / elements=string

The set of commands pushed to the remote device.

Returned: when state is merged, replaced, overridden, deleted or purged

Sample: [“sample command 1”, “sample command 2”, “sample command 3”]

gathered

list / elements=string

Facts about the network resource gathered from the remote device as structured data.

Returned: when state is gathered

Sample: “This output will always be in the same format as the module argspec.\n”

parsed

list / elements=string

The device native config provided in running_config option parsed into structured data as per module argspec.

Returned: when state is parsed

Sample: “This output will always be in the same format as the module argspec.\n”

rendered

list / elements=string

The provided configuration in the task rendered in device-native format (offline).

Returned: when state is rendered

Sample: [“sample command 1”, “sample command 2”, “sample command 3”]

Authors

  • Nilashish Chakraborty (@NilashishC)