SNMPv3 2

Wendell
By Wendell September 21, 2016 09:05

In real life, you will probably configure SNMP correctly, use a similar configuration on all routers and switches, and then forget the details of how to configure all the other possible options. For the CCNA R&S exams, it helps to make yourself think through the configuration options a few times across the variety of possible settings. This latest lab gives you another change, listing straightforward SNMPv3 requirements with a chance to configure those settings.

Requirements

This lab uses a small network with two routers. Your job is to create a configuration that would work on both routers to enable SNMPv3, per the following requirements:

  • Use username Youdda
  • Use group name Certskills
  • Use text string mysecretpassword for any passwords or keys
  • Support reading (Get) the MIB but not writing (Set) to the MIB
  • Use the default MIB view (V1Default) if any MIB views need to be configured
  • Use an IPv4 ACL named ServerOnly that allows SNMP messages from the one SNMP manager only (172.20.2.9)
  • Support Informs, but not Traps, sent to the SNMP manager at address 172.20.2.9
  • Use SNMPv3 authentication with SHA
  • Use SNMPv3 privacy with 128-bit AES
  • As for the topology:
    • Assume all interfaces shown in the figure are up and working, that is, there is connectivity between each router and the SNMP server.

 

Figure 1: Topology Used for SNMPv3 Labs

 

Initial Configuration

Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.

Example 1: Router R1 Initial Configuration

 

Example 2: Router R2 Initial Configuration

 

Answer on Paper, or Maybe Test in Lab

As always, you should at least answer on paper or by typing in a text editor.

If you do implement this config lab on real gear or some other tool, it is difficult to verify without having an SNMP manager with which to test. The challenge is that the router will accept combinations of commands that fail when trying to communicate with the SNMP manager. For those of you who want to dig a little deeper, and you have at least one router or switch in your home lab, then consider downloading any free SNMP manager. Then make sure your manager can successfully do an SNMP Get to pull information from your router or switch after adding the kind of configuration you build in this lab.

Note that for the purposes of learning SNMPv3, I found that the ManageEngine MIB Browser was a good tool. It gives you enough direct control so that you can see what is happening. However, it may be a more difficult tool to use for someone starting out, in that it requires you to navigate the MIB structure.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

The virl topology matches this lab topology exactly. The host info does as well.

 

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node within the topology: telnet 10.1.1.1

Answers: SNMPv3 2
Answers: MLPPP 1
Wendell
By Wendell September 21, 2016 09:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Search

Categories