Tyson,
Thanks for getting back to me and pointing me to that thread. It
answered my question. To summarize, my first configuration would work for
SNMPv3 Traps and the second would work for SNMPv3 INFORMs. I am sorry I have
not really utilized the archives as much as I would like to since the searches
have been localized to monthly time spans. I would have to do 24 searches to
cover a 2 year period and it gets tiresome fast. Also I verified that I sent my
post as plain text and had pasted in the configs from notepad and yet the lines
wrapped. Is there something happening with the mailing list application
modifying the post?
Thanks!
Dave
Back to studying....
-----Original Message-----
From: Tyson Scott [mailto:[email protected]]
Sent: Friday, August 20, 2010 12:07 PM
To: Mack, David A (Dave); [email protected]
Subject: RE: [OSL | CCIE_Security] SNMPv3 Questions
David,
If you go back to the archives on July 3rd and 6th there was a good
discussion on this and Kingsley answered this question in there.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: [email protected]
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Mack, David
A (Dave)
Sent: Friday, August 20, 2010 11:56 AM
To: [email protected]
Subject: [OSL | CCIE_Security] SNMPv3 Questions
All,
Hello! I am trying to dive a little deeper into SNMPv3 and I am
confused on something. I have read the CCO documentation and blogs and
this still not clear to me. Let's say I have a requirement to send
Temperature informs to a NMS located at 10.0.0.100 and to use SNMPv3 to
protect the messages. From the docs I know that I need to do the
following:
1) Enable traps and in this case restrict them to the temperature
category:
Snmp-sever enable traps envmon temperature
2) I need to then configure a snmp-server host, however that requires me
to have a SNMPv3 user which requires a SNMPv3 group. So here I can
configure:
snmp-server group TRAP-GROUP v3 priv
user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO
3) Now having the user, I can configure the host:
snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER
So the full configure would be:
snmp-server enable traps envmon temperature
snmp-server group TRAP-GROUP v3 priv
user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO
snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER
However, I could also configure the user as "Remote" and also have to
configure a remote SNMP engineID as shown below:
snmp-server enable traps envmon temperature
snmp-server engineID remote 10.0.0.100 ABCD12345678
snmp-server group TRAP-GROUP v3 priv
snmp-server user TRAP-USER TRAP-GROUP remote 10.0.0.100 v3 auth sha
CISCO priv 3des CISCO
snmp-server host 10.0.0.100 inform version 3 priv TRAP-USER
So my confusion is to what is the difference in configuring the user as
remote along with the remote engineID? What impacts will each have?
TIA!
Dave
_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visit www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
