SNMPv3 1

By Chris August 23, 2016 09:05

SNMPv3 configuration may be the most challenging new configuration topic added to the new CCNA R&S exams introduced in May 2016 (that is, CCNA R&S 200-125). The configuration commands have many options, and it is possible to configure an incorrect combination of options that just does not work. So you need to take extra care to combine the right options. This lab sets up a straightforward set of SNMPv3 requirements so that you can then focus on practicing getting the command options right.


This lab uses a small network with two routers. Your job is to create a configuration that would work on both routers to enable SNMPv3, per the following requirements:

  • Use username Youdda
  • Use group name Certskills
  • Use text string mysecretpassword for any passwords or keys
  • Support both reading (Get) and writing (Set) to the MIB
  • Use the default MIB view (V1Default) if any MIB views need to be configured
  • Support traps, but not informs, sent to the SNMP manager at address
  • Use SNMPv3 authentication with SHA, but do not use privacy
  • Do not filter messages based on an ACL
  • As for the topology:
    • Assume all interfaces shown in the figure are up and working, that is, there is connectivity between each router and the SNMP server.


Figure 1: Topology Used for SNMPv3 Labs


Initial Configuration

Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.


Example 1: Router R1 Initial Configuration


Example 2: Router R2 Initial Configuration


Answer on Paper, or Maybe Test in Lab

As always, you should at least answer on paper or by typing in a text editor.

If you do implement this config lab on real gear or some other tool, it is difficult to verify without having an SNMP manager with which to test. The challenge is that the router will accept combinations of commands that fail when trying to communicate with the SNMP manager. For those of you who want to dig a little deeper, and you have at least one router or switch in your home lab, then consider downloading any free SNMP manager. Then make sure your manager can successfully do an SNMP Get to pull information from your router or switch after adding the kind of configuration you build in this lab.

Note that for the purposes of learning SNMPv3, I found that the ManageEngine MIB Browser was a good tool. It gives you enough direct control so that you can see what is happening. However, it may be a more difficult tool to use for someone starting out, in that it requires you to navigate the MIB structure.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

The CML/VIRL topology matches this lab topology exactly. The host info does as well.


Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4

Trace example: tracepath

To connect to another node within the topology: telnet

Answers: IPv6 Static Routes 3
Answers: SNMPv3 1
By Chris August 23, 2016 09:05
Write a comment


  1. John Phillips July 24, 07:01

    Hi Wendall,
    I spotted this slight error in the requirements section:
    “Support traps, but not informs, sent to the SNMP manager at address”.
    The network address should be, according to the topology.

    Reply to this comment
  2. lucas February 18, 10:43

    I read the ICND2 book but you did not mention about engine id of snmpv3
    Do we have to specify the remote engine id to send inform messages to a remote NMS ?

    Reply to this comment
    • certskills February 28, 15:35

      Short answer: you do not have to configure it. All those examples in the book on SNMP, I did them just as shown, with a free SNMP manager app on a windows host, and confirmed that it worked… mainly because SNMP has too many moving parts. While I generally test everything in lab before putting it in the books, spent a disproportionate amount of time on the SNMP labbing for the current books because there was enough misdirection in some of the documentation vs. what appeared to actually work. But yep, no engine ID needed.

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.