Answers: SNMPv3 1

Wendell
By Wendell August 25, 2016 09:10

This lab gave you six or seven separate facts about how to configure SNMPv3. Focus on remembering all those little moving parts of the various SNMPv3 configuration commands. Most people will not memorize those, but you should think and practice these combinations so that you can see the configuration not as a long confusing set of words, but as separate ideas, and to understand each idea. As always, do the lab, then check your answers here.

Answers

Figure 1: Topology Used for SNMPv3 Labs

 

Example 3: Router R1 and R2 – Identical Config

 

Commentary

The four configuration commands show the correct syntax that then matches the logic shown in the requirements. Working through the sample answer’s four commands in the same order as listed in Example 3:

Command 1: snmp-server group

The first command creates an SNMP group, which is a configuration concept which gathers some SNMPv3 parameters for easy reference by the snmp-user user command. It is simply the way Cisco’s team built the SNMPv3 configuration.

The command lists these key parameters:

group Certskills: defines the name of the group with a name that I made up, and that you used based on the requirements for the lab.

v3: keyword that defines the version.

auth: defines that this group performs authentication, but not privacy

write v1default: two combined parameters that enable the use of Sets (for writing to the router’s MIB), with MIB view v1default.

Also, this command can be the starting point for some common mistakes. In this case, note that the use of the auth keyword on this command means that auth must be used on any snmp-server user commands that refer to this group.

 

Command 2: snmp-server user

The second command completes the work to enable support for Get and Set commands.  This command defines the user (Youdda per the instructions) and links it to the first command. Specifically:

Certskills: refers to the name listed in the snmp-server group Certskills command.

v3: keyword that defines the version.

auth sha mysecretpassword: defines that the user should use authentication, with SHA as the protocol, with a password of mysecretpassword.

 

Command 3: snmp-server enable traps

The third command is simple: it enables the router to send Trap (and Inform) messages assuming the rest of the related configuration in command 4 is completed.

 

Command 4: snmp-server host

The last command completes the Trap configuration. Traps (and Informs) require that the router know to what IP address to send the Trap or Inform message, that is, the address of the SNMP manager. This command defines the address, and whether to send Traps or Informs, as follows:

host 172.20.2.9: Identifies the IP address of the SNMP manager.

version 3: keywords that define the version.

auth: defines that the user should use authentication (not privacy).

Youdda: defines the username (per the snmp-server user command) used for SNMPv3 authentication.

Local Span 1
SNMPv3 1
Wendell
By Wendell August 25, 2016 09:10
Write a comment

4 Comments

  1. Nabil October 12, 23:20

    Hi,

    snmp-server host 10.1.3.3 version 3 auth Youdda

    This address is not correct for the diagram showing in the lab. It should be in network 172.20.2.0/24

    Reply to this comment
  2. Andrejs Gorins November 8, 09:55

    Hi,
    Looks like,
    Command 2: snmp-server host
    must be
    Command 2: snmp-server user

    Reply to this comment
    • certskills November 9, 08:41

      Thanks Andrejs – yep. Took me a second – that error was in the heading line. The config snip looked good. Regardless, it’s fixed. Thanks for the heads up.
      Wendell

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Search

Categories