All,
Hello! I am trying to dive a little deeper into SNMPv3 and I am
confused on something. I have read the CCO documentation and blogs and
this still not clear to me. Let's say I have a requirement to send
Temperature informs to a NMS located at 10.0.0.100 and to use SNMPv3 to
protect the messages. From the docs I know that I need to do the
following:
1) Enable traps and in this case restrict them to the temperature
category:
Snmp-sever enable traps envmon temperature
2) I need to then configure a snmp-server host, however that requires me
to have a SNMPv3 user which requires a SNMPv3 group. So here I can
configure:
snmp-server group TRAP-GROUP v3 priv
user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO
3) Now having the user, I can configure the host:
snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER
So the full configure would be:
snmp-server enable traps envmon temperature
snmp-server group TRAP-GROUP v3 priv
user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO
snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER
However, I could also configure the user as "Remote" and also have to
configure a remote SNMP engineID as shown below:
snmp-server enable traps envmon temperature
snmp-server engineID remote 10.0.0.100 ABCD12345678
snmp-server group TRAP-GROUP v3 priv
snmp-server user TRAP-USER TRAP-GROUP remote 10.0.0.100 v3 auth sha
CISCO priv 3des CISCO
snmp-server host 10.0.0.100 inform version 3 priv TRAP-USER
So my confusion is to what is the difference in configuring the user as
remote along with the remote engineID? What impacts will each have?
TIA!
Dave
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
