David, If you go back to the archives on July 3rd and 6th there was a good discussion on this and Kingsley answered this question in there.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mack, David A (Dave) Sent: Friday, August 20, 2010 11:56 AM To: [email protected] Subject: [OSL | CCIE_Security] SNMPv3 Questions All, Hello! I am trying to dive a little deeper into SNMPv3 and I am confused on something. I have read the CCO documentation and blogs and this still not clear to me. Let's say I have a requirement to send Temperature informs to a NMS located at 10.0.0.100 and to use SNMPv3 to protect the messages. From the docs I know that I need to do the following: 1) Enable traps and in this case restrict them to the temperature category: Snmp-sever enable traps envmon temperature 2) I need to then configure a snmp-server host, however that requires me to have a SNMPv3 user which requires a SNMPv3 group. So here I can configure: snmp-server group TRAP-GROUP v3 priv user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO 3) Now having the user, I can configure the host: snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER So the full configure would be: snmp-server enable traps envmon temperature snmp-server group TRAP-GROUP v3 priv user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER However, I could also configure the user as "Remote" and also have to configure a remote SNMP engineID as shown below: snmp-server enable traps envmon temperature snmp-server engineID remote 10.0.0.100 ABCD12345678 snmp-server group TRAP-GROUP v3 priv snmp-server user TRAP-USER TRAP-GROUP remote 10.0.0.100 v3 auth sha CISCO priv 3des CISCO snmp-server host 10.0.0.100 inform version 3 priv TRAP-USER So my confusion is to what is the difference in configuring the user as remote along with the remote engineID? What impacts will each have? TIA! Dave _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
