The article is only assuming outbound connections.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Tuesday, July 06, 2010 5:50 AM To: [email protected] Subject: Re: [OSL | CCIE_Security] snmp v3 user with "remote" keyword I did the investigations and you can find the configurations for SNMP Traps and Informs below: See the following O/P, what happens when I configure the remote user without the remote Engine ID. router(config)#snmp-server user cisco mine remote 10.20.30.40 v3 router(config)# *Jul 6 08:12:19.914: %SNMP-4-NOENGINEID: Remote snmpEngineID for 10.20.30.40 no t found when creating user: cisco The remote user configuration fails, if the remote Engine ID for 10.20.30.40 has not been configured. Hence a remote Engine Id is required when you configure a snmp remote user In the case of Traps, the sender is authoritative. The local SNMP Engine ID and local user passwords are used to create the digest for authentication and encryption. snmp-server enable traps cpu snmp-server group mine v3 priv snmp-server user cisco mine v3 auth sha cisco priv 3des cisco snmp-server host 10.20.30.40 traps version 3 priv cisco In the case of Informs, the receiver is authoritative. The remote security Engine ID and remote user passwords are used to create the digest for authentication and encryption. To send Informs, we need to configure the remote engine ID and remote user. snmp-server engineID remote 10.20.30.40 123456789A snmp-server enable traps cpu snmp-server group mine v3 priv snmp-server user cisco mine remote 10.20.30.40 v3 auth sha cisco priv 3des cisco snmp-server host 10.20.30.40 traps version 3 priv cisco Please provide your inputs, if you feel something is missing above ccie doc - http://conft.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_ 35_se/configuration/guide/swsnmp.html#wp1043530 With regards Kings On Mon, Jul 5, 2010 at 9:40 PM, Kingsley Charles <[email protected]> wrote: Hi all Snippet from http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp 18842 The following example shows how to configure a remote user to receive traps at the v3 security model and the noAuthNoPriv security level: snmp-server group remotegroup v3 noauth snmp-server user remoteuser remotegroup remote 16.20.11.14 v3 snmp-server host 16.20.11.14 informs version 3 noauth remoteuser config This snippet confuses me. The explanation tells us that remote user is required to receive traps but the configuration sample below is for Informs which means for sending. Any thoughts? With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
