True Tyson, I have posted them to convey the difference between Informs and traps configuration, hence the significance of Remote Enigne ID and the "remote" keyword when configuring snmp users.
With regards Kings On Tue, Jul 6, 2010 at 6:32 PM, Tyson Scott <[email protected]> wrote: > The article is only assuming outbound connections. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Tuesday, July 06, 2010 5:50 AM > > *To:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] snmp v3 user with "remote" keyword > > > > I did the investigations and you can find the configurations for SNMP Traps > and Informs below: > > See the following O/P, what happens when I configure the remote user > without the remote Engine ID. > > router(config)#snmp-server user cisco mine remote 10.20.30.40 v3 > router(config)# > *Jul 6 08:12:19.914: %SNMP-4-NOENGINEID: Remote snmpEngineID for > 10.20.30.40 no > t found when creating user: cisco > > The remote user configuration fails, if the remote Engine ID for > 10.20.30.40 has not been configured. Hence a remote Engine Id is required > when you configure > a snmp remote user > > In the case of Traps, the sender is authoritative. The local SNMP Engine ID > and local user passwords are used to create the digest for authentication > and encryption. > > snmp-server enable traps cpu > snmp-server group mine v3 priv > snmp-server user cisco mine v3 auth sha cisco priv 3des cisco > snmp-server host 10.20.30.40 traps version 3 priv cisco > > In the case of Informs, the receiver is authoritative. The remote security > Engine ID and remote user passwords are used to create the digest for > authentication and encryption. > > To send Informs, we need to configure the remote engine ID and remote user. > > snmp-server engineID remote 10.20.30.40 123456789A > snmp-server enable traps cpu > snmp-server group mine v3 priv > snmp-server user cisco mine remote 10.20.30.40 v3 auth sha cisco priv 3des > cisco > snmp-server host 10.20.30.40 traps version 3 priv cisco > > > Please provide your inputs, if you feel something is missing above > > > ccie doc - > http://conft.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_35_se/configuration/guide/swsnmp.html#wp1043530 > > > With regards > Kings > > On Mon, Jul 5, 2010 at 9:40 PM, Kingsley Charles < > [email protected]> wrote: > > Hi all > > > Snippet from > http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842 > > The following example shows how to configure a remote user to receive traps > at the v3 security model and the noAuthNoPriv security level: > > snmp-server group remotegroup v3 noauth > > snmp-server user remoteuser remotegroup *remote *16.20.11.14 v3 > > snmp-server host 16.20.11.14 informs version 3 noauth remoteuser config > > > > This snippet confuses me. > > The explanation tells us that remote user is required to receive traps but > the configuration sample below is for Informs which means for sending. > > Any thoughts? > > > > > > With regards > Kings > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
