Hi Dave You need to configure remote Engine ID and Remote User for Informs only not for traps. It all depends which entity is the authoritative.
In the case of Traps, the sender is authoritative. The local SNMP Engine ID and local user passwords are used to create the digest for authentication and encryption. snmp-server enable traps cpu snmp-server group mine v3 priv snmp-server user cisco mine v3 auth sha cisco priv 3des cisco snmp-server host 10.20.30.40 traps version 3 priv cisco In the case of Informs, the receiver is authoritative. The remote security Engine ID and remote user passwords are used to create the digest for authentication and encryption. To send Informs, we need to configure the remote engine ID and remote user. snmp-server engineID remote 10.20.30.40 123456789A snmp-server enable traps cpu snmp-server group mine v3 priv snmp-server user cisco mine remote 10.20.30.40 v3 auth sha cisco priv 3des cisco snmp-server host 10.20.30.40 traps version 3 priv cisco With regards Kings On Fri, Aug 20, 2010 at 11:59 PM, Mack, David A (Dave) <[email protected]>wrote: > Tyson, > Thanks for getting back to me and pointing me to that thread. It > answered my question. To summarize, my first configuration would work for > SNMPv3 Traps and the second would work for SNMPv3 INFORMs. I am sorry I > have not really utilized the archives as much as I would like to since the > searches have been localized to monthly time spans. I would have to do 24 > searches to cover a 2 year period and it gets tiresome fast. Also I verified > that I sent my post as plain text and had pasted in the configs from notepad > and yet the lines wrapped. Is there something happening with the mailing > list application modifying the post? > > Thanks! > Dave > > Back to studying.... > > -----Original Message----- > From: Tyson Scott [mailto:[email protected]] > Sent: Friday, August 20, 2010 12:07 PM > To: Mack, David A (Dave); [email protected] > Subject: RE: [OSL | CCIE_Security] SNMPv3 Questions > > David, > > If you go back to the archives on July 3rd and 6th there was a good > discussion on this and Kingsley answered this question in there. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Managing Partner / Sr. Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Mack, > David > A (Dave) > Sent: Friday, August 20, 2010 11:56 AM > To: [email protected] > Subject: [OSL | CCIE_Security] SNMPv3 Questions > > All, > Hello! I am trying to dive a little deeper into SNMPv3 and I am > confused on something. I have read the CCO documentation and blogs and > this still not clear to me. Let's say I have a requirement to send > Temperature informs to a NMS located at 10.0.0.100 and to use SNMPv3 to > protect the messages. From the docs I know that I need to do the > following: > > > 1) Enable traps and in this case restrict them to the temperature > category: > Snmp-sever enable traps envmon temperature > > 2) I need to then configure a snmp-server host, however that requires me > to have a SNMPv3 user which requires a SNMPv3 group. So here I can > configure: > > snmp-server group TRAP-GROUP v3 priv > user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO > > 3) Now having the user, I can configure the host: > > snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER > > So the full configure would be: > > > snmp-server enable traps envmon temperature > snmp-server group TRAP-GROUP v3 priv > user TRAP-USER TRAP-GROUP v3 auth sha CISCO priv 3des CISCO > snmp-server host 10.0.0.100 informs version 3 priv TRAP-USER > > However, I could also configure the user as "Remote" and also have to > configure a remote SNMP engineID as shown below: > > snmp-server enable traps envmon temperature > snmp-server engineID remote 10.0.0.100 ABCD12345678 > snmp-server group TRAP-GROUP v3 priv > snmp-server user TRAP-USER TRAP-GROUP remote 10.0.0.100 v3 auth sha > CISCO priv 3des CISCO > snmp-server host 10.0.0.100 inform version 3 priv TRAP-USER > > > So my confusion is to what is the difference in configuring the user as > remote along with the remote engineID? What impacts will each have? > > TIA! > Dave > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
