Answers: SNMPv3 1

By Chris August 25, 2016 09:10

This lab gave you six or seven separate facts about how to configure SNMPv3. Focus on remembering all those little moving parts of the various SNMPv3 configuration commands. Most people will not memorize those, but you should think and practice these combinations so that you can see the configuration not as a long confusing set of words, but as separate ideas, and to understand each idea. As always, do the lab, then check your answers here.


Figure 1: Topology Used for SNMPv3 Labs


Example 3: Router R1 and R2 – Identical Config



The four configuration commands show the correct syntax that then matches the logic shown in the requirements. Working through the sample answer’s four commands in the same order as listed in Example 3:

Command 1: snmp-server group

The first command creates an SNMP group, which is a configuration concept which gathers some SNMPv3 parameters for easy reference by the snmp-user user command. It is simply the way Cisco’s team built the SNMPv3 configuration.

The command lists these key parameters:

group Certskills: defines the name of the group with a name that I made up, and that you used based on the requirements for the lab.

v3: keyword that defines the version.

auth: defines that this group performs authentication, but not privacy

write v1default: two combined parameters that enable the use of Sets (for writing to the router’s MIB), with MIB view v1default.

Also, this command can be the starting point for some common mistakes. In this case, note that the use of the auth keyword on this command means that auth must be used on any snmp-server user commands that refer to this group.


Command 2: snmp-server user

The second command completes the work to enable support for Get and Set commands.  This command defines the user (Youdda per the instructions) and links it to the first command. Specifically:

Certskills: refers to the name listed in the snmp-server group Certskills command.

v3: keyword that defines the version.

auth sha mysecretpassword: defines that the user should use authentication, with SHA as the protocol, with a password of mysecretpassword.


Command 3: snmp-server enable traps

The third command is simple: it enables the router to send Trap (and Inform) messages assuming the rest of the related configuration in command 4 is completed.


Command 4: snmp-server host

The last command completes the Trap configuration. Traps (and Informs) require that the router know to what IP address to send the Trap or Inform message, that is, the address of the SNMP manager. This command defines the address, and whether to send Traps or Informs, as follows:

host Identifies the IP address of the SNMP manager.

version 3: keywords that define the version.

auth: defines that the user should use authentication (not privacy).

Youdda: defines the username (per the snmp-server user command) used for SNMPv3 authentication.

SNMPv3 1
Protecting CLI Access 2
By Chris August 25, 2016 09:10
Write a comment


  1. Nabil October 12, 23:20


    snmp-server host version 3 auth Youdda

    This address is not correct for the diagram showing in the lab. It should be in network

    Reply to this comment
  2. Andrejs Gorins November 8, 09:55

    Looks like,
    Command 2: snmp-server host
    must be
    Command 2: snmp-server user

    Reply to this comment
    • certskills November 9, 08:41

      Thanks Andrejs – yep. Took me a second – that error was in the heading line. The config snip looked good. Regardless, it’s fixed. Thanks for the heads up.

      Reply to this comment
  3. Gabriel Moran December 5, 01:06

    Hi I am confused with the traps portion. In the ICND2 book it does not show the command ‘snmp-server enable traps’ in the examples, it only shows ‘snmp-server host version 3 auth Youdda’ (this is from the book not the previous question)

    Please advise.

    Reply to this comment
    • Gabriel Moran December 5, 01:08

      Nevermind I found it in the previous example for v2c

      Reply to this comment
    • Gabriel Moran December 5, 01:12

      Just so I understand the command correctly –
      snmp-server host version 3 auth Youdda

      Is it setting the user/pass for the SNMP manager to authenticate to the agent, or the agent to authenticate to the SNMP manager?

      Reply to this comment
  4. Punya Atma February 20, 02:41

    I study Wendell’s ccent/ccna icnd1 100-105 book for the purpose of next exam. I practice certskills labs at the end of every chapter. But recently I noticed when I clicked the term, ‘certskills labs’ it brings a page where 200-301 parts titles appear, but not 100-105 parts, and thereby, book exercises also not replicate the 100-105 exercises. It is a slight inconvenience, and, there are certain confusions also, that, was RIPv2 removed and OSPF included, in the routers subjects, was STP included in the switches section?, some of them to mention here.

    Reply to this comment
    • certskills March 12, 09:29

      Hi Punya,
      The 100-105, 200-105, and 200-125 exams are retired as of February 2020. So I updated the blog site to organize the labs based on the current single exam, 200-301. Same idea, different details. And when I revised the CCNA books for the CCNA 200-301 exam, I removed, moved, and added topics vs. the books you read. In short, the blog site is hopefully in sync with the current books and exams. FYI.

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.