SNMPv3 2
In real life, you will probably configure SNMP correctly, use a similar configuration on all routers and switches, and then forget the details of how to configure all the other possible options. For the CCNA R&S exams, it helps to make yourself think through the configuration options a few times across the variety of possible settings. This latest lab gives you another change, listing straightforward SNMPv3 requirements with a chance to configure those settings.
Requirements
This lab uses a small network with two routers. Your job is to create a configuration that would work on both routers to enable SNMPv3, per the following requirements:
- Use username Youdda
- Use group name Certskills
- Use text string mysecretpassword for any passwords or keys
- Support reading (Get) the MIB but not writing (Set) to the MIB
- Use the default MIB view (V1Default) if any MIB views need to be configured
- Use an IPv4 ACL named ServerOnly that allows SNMP messages from the one SNMP manager only (172.20.2.9)
- Support Informs, but not Traps, sent to the SNMP manager at address 172.20.2.9
- Use SNMPv3 authentication with SHA
- Use SNMPv3 privacy with 128-bit AES
- As for the topology:
- Assume all interfaces shown in the figure are up and working, that is, there is connectivity between each router and the SNMP server.
Figure 1: Topology Used for SNMPv3 Labs
Initial Configuration
Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.
Example 1: Router R1 Initial Configuration
hostname R1 ! interface GigabitEthernet0/1 no shutdown ip address 172.20.1.1 255.255.255.0 ! interface gigabitethernet0/2 no shutdown ip address 172.20.12.1 255.255.255.0 ! router ospf 1 network 172.20.1.1 0.0.0.0 area 0 network 172.20.12.1 0.0.0.0 area 0
Example 2: Router R2 Initial Configuration
hostname R2 ! interface GigabitEthernet0/1 no shutdown ip address 172.20.2.2 255.255.255.0 ! interface gigabitethernet0/2 no shutdown ip address 172.20.12.2 255.255.255.0 ! router ospf 1 network 172.20.2.2 0.0.0.0 area 0 network 172.20.12.2 0.0.0.0 area 0
Answer on Paper, or Maybe Test in Lab
As always, you should at least answer on paper or by typing in a text editor.
If you do implement this config lab on real gear or some other tool, it is difficult to verify without having an SNMP manager with which to test. The challenge is that the router will accept combinations of commands that fail when trying to communicate with the SNMP manager. For those of you who want to dig a little deeper, and you have at least one router or switch in your home lab, then consider downloading any free SNMP manager. Then make sure your manager can successfully do an SNMP Get to pull information from your router or switch after adding the kind of configuration you build in this lab.
Note that for the purposes of learning SNMPv3, I found that the ManageEngine MIB Browser was a good tool. It gives you enough direct control so that you can see what is happening. However, it may be a more difficult tool to use for someone starting out, in that it requires you to navigate the MIB structure.
Do this Lab with Cisco’s CML (Formerly VIRL)
You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.
Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.
The CML/VIRL topology matches this lab topology exactly. The host info does as well.
Handy Host Commands:
To see PC IP address: ifconfig eth1
Ping example: ping -c 4 10.1.1.1
Trace example: tracepath 10.1.1.1
To connect to another node within the topology: telnet 10.1.1.1
