SNMPv3 2

By Chris September 21, 2016 09:05

In real life, you will probably configure SNMP correctly, use a similar configuration on all routers and switches, and then forget the details of how to configure all the other possible options. For the CCNA R&S exams, it helps to make yourself think through the configuration options a few times across the variety of possible settings. This latest lab gives you another change, listing straightforward SNMPv3 requirements with a chance to configure those settings.


This lab uses a small network with two routers. Your job is to create a configuration that would work on both routers to enable SNMPv3, per the following requirements:

  • Use username Youdda
  • Use group name Certskills
  • Use text string mysecretpassword for any passwords or keys
  • Support reading (Get) the MIB but not writing (Set) to the MIB
  • Use the default MIB view (V1Default) if any MIB views need to be configured
  • Use an IPv4 ACL named ServerOnly that allows SNMP messages from the one SNMP manager only (
  • Support Informs, but not Traps, sent to the SNMP manager at address
  • Use SNMPv3 authentication with SHA
  • Use SNMPv3 privacy with 128-bit AES
  • As for the topology:
    • Assume all interfaces shown in the figure are up and working, that is, there is connectivity between each router and the SNMP server.


Figure 1: Topology Used for SNMPv3 Labs


Initial Configuration

Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.

Example 1: Router R1 Initial Configuration


Example 2: Router R2 Initial Configuration


Answer on Paper, or Maybe Test in Lab

As always, you should at least answer on paper or by typing in a text editor.

If you do implement this config lab on real gear or some other tool, it is difficult to verify without having an SNMP manager with which to test. The challenge is that the router will accept combinations of commands that fail when trying to communicate with the SNMP manager. For those of you who want to dig a little deeper, and you have at least one router or switch in your home lab, then consider downloading any free SNMP manager. Then make sure your manager can successfully do an SNMP Get to pull information from your router or switch after adding the kind of configuration you build in this lab.

Note that for the purposes of learning SNMPv3, I found that the ManageEngine MIB Browser was a good tool. It gives you enough direct control so that you can see what is happening. However, it may be a more difficult tool to use for someone starting out, in that it requires you to navigate the MIB structure.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

The CML/VIRL topology matches this lab topology exactly. The host info does as well.


Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4

Trace example: tracepath

To connect to another node within the topology: telnet

Answers: MLPPP 1
Answers: SNMPv3 2
By Chris September 21, 2016 09:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.