Hi all Can someone please let me know the exact purpose/usage of SNMP contexts. I guess it is something related to view/access restriction. But I don't get one doc explaining it.
Please see the highlighted configs below: Building configuration... Current configuration : 6567 bytes ! version 12.4 service timestamps debug datetime msec localtime service timestamps log uptime no service password-encryption ! hostname ipsecf-3745b ! boot-start-marker boot-end-marker ! no logging console enable password lab ! no aaa new-model ! resource policy ! memory-size iomem 5 clock timezone PST -8 clock summer-time PDT recurring ip subnet-zero ip cef ! ! ip vrf vrf1 rd 1:101 context vrf-vrf1-context route-target export 1:101 route-target import 1:101 ! ip vrf vrf2 rd 2:101 context vrf-vrf2-context route-target export 2:101 route-target import 2:101 ! no ip domain lookup ! ! crypto keyring vrf1-1 vrf vrf1 pre-shared-key address 10.1.1.1 255.255.255.0 key vrf1-1 crypto keyring vrf2-1 vrf vrf2 pre-shared-key address 10.1.2.1 255.255.255.0 key vrf2-1 ! ! crypto isakmp policy 1 authentication pre-share ! crypto isakmp policy 50 authentication pre-share crypto isakmp key global1-1 address 10.1.151.1 crypto isakmp key global2-1 address 10.1.152.1 crypto isakmp profile vrf1-1 keyring vrf1-1 match identity address 10.1.1.1 255.255.255.255 vrf1 crypto isakmp profile vrf2-1 keyring vrf2-1 match identity address 10.1.2.1 255.255.255.255 vrf2 ! crypto ipsec security-association lifetime kilobytes 99000 crypto ipsec security-association lifetime seconds 5000 ! crypto ipsec transform-set tset ah-sha-hmac esp-des esp-sha-hmac ! crypto map global1-1 10 ipsec-isakmp set peer 10.1.151.1 set transform-set tset match address 151 ! crypto map global2-1 10 ipsec-isakmp set peer 10.1.152.1 set transform-set tset match address 152 ! crypto map vrf1-1 10 ipsec-isakmp set peer 10.1.1.1 set transform-set tset set isakmp-profile vrf1-1 match address 101 ! crypto map vrf2-1 10 ipsec-isakmp set peer 10.1.2.1 set transform-set tset set isakmp-profile vrf2-1 match address 102 ! ! interface FastEthernet0/0 ip address 10.1.38.25 255.255.255.0 no ip mroute-cache duplex auto speed auto ! interface Serial0/0 no ip address shutdown clock rate 2000000 ! interface FastEthernet0/1 no ip address no ip mroute-cache shutdown duplex auto speed auto ! interface Serial0/1 no ip address shutdown clock rate 2000000 ! interface Serial1/0 no ip address encapsulation frame-relay no ip route-cache cef no ip route-cache no ip mroute-cache no keepalive serial restart-delay 0 clock rate 128000 no frame-relay inverse-arp ! interface Serial1/0.1 point-to-point ip vrf forwarding vrf1 ip address 10.3.1.1 255.255.255.0 no ip route-cache frame-relay interface-dlci 21 ! interface Serial1/0.2 point-to-point ip vrf forwarding vrf2 ip address 10.3.2.1 255.255.255.0 no ip route-cache frame-relay interface-dlci 22 ! interface Serial1/0.151 point-to-point ip address 10.7.151.1 255.255.255.0 no ip route-cache frame-relay interface-dlci 151 ! interface Serial1/0.152 point-to-point ip address 10.7.152.1 255.255.255.0 no ip route-cache frame-relay interface-dlci 152 ! interface Serial1/1 no ip address no ip mroute-cache shutdown serial restart-delay 0 ! interface Serial1/2 no ip address encapsulation frame-relay no ip route-cache cef no ip route-cache no ip mroute-cache no keepalive serial restart-delay 0 no frame-relay inverse-arp ! interface Serial1/2.1 point-to-point ip vrf forwarding vrf1 ip address 10.1.1.2 255.255.255.0 no ip route-cache frame-relay interface-dlci 21 crypto map vrf1-1 ! interface Serial1/2.2 point-to-point ip vrf forwarding vrf2 ip address 10.1.2.2 255.255.255.0 no ip route-cache frame-relay interface-dlci 22 crypto map vrf2-1 ! interface Serial1/2.151 point-to-point ip address 10.5.151.2 255.255.255.0 no ip route-cache frame-relay interface-dlci 151 crypto map global1-1 ! interface Serial1/2.152 point-to-point ip address 10.5.152.2 255.255.255.0 no ip route-cache frame-relay interface-dlci 152 crypto map global2-1 ! interface Serial1/3 no ip address no ip mroute-cache shutdown serial restart-delay 0 ! ip default-gateway 10.1.38.1 ip classless ip route 10.1.1.6 255.255.255.255 10.1.151.1 ip route 10.2.1.6 255.255.255.255 10.1.152.1 ip route 10.6.2.1 255.255.255.255 10.7.151.2 ip route 10.6.2.2 255.255.255.255 10.7.152.2 ip route 172.19.216.110 255.255.255.255 FastEthernet0/0 ip route vrf vrf1 10.20.1.1 255.255.255.255 10.1.1.1 ip route vrf vrf1 10.22.1.1 255.255.255.255 10.30.1.1 ip route vrf vrf2 10.20.2.1 255.255.255.255 10.1.2.1 ip route vrf vrf2 10.22.2.1 255.255.255.255 10.30.1.2 ! ! ip http server no ip http secure-server ! ip access-list standard vrf-vrf1-context ip access-list standard vrf-vrf2-context ! access-list 101 permit ip host 10.22.1.1 host 10.20.1.1 access-list 102 permit ip host 10.22.2.1 host 10.20.2.1 access-list 151 permit ip host 10.6.2.1 host 10.1.1.6 access-list 152 permit ip host 10.6.2.2 host 10.2.1.6 snmp-server group abc1 v2c context vrf-vrf1-context read view_vrf1 notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F access vrf-vrf1-context snmp-server group abc2 v2c context vrf-vrf2-context read view_vrf2 notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F access vrf-vrf2-context snmp-server view view_vrf1 iso included snmp-server view view_vrf2 iso included snmp-server community abc1 RW snmp-server community global1 RW snmp-server community abc2 RW snmp-server community global2 RW snmp-server enable traps tty snmp-server enable traps config snmp-server host 172.19.216.110 version 2c abc1 snmp-server host 172.19.216.110 vrf vrf1 version 2c abc1 udp-port 2001 ipsec isakmp snmp-server host 172.19.216.110 version 2c abc2 snmp-server host 172.19.216.110 vrf vrf2 version 2c abc2 udp-port 2002 ipsec isakmp snmp-server context vrf-vrf1-context snmp-server context vrf-vrf2-context ! ! snmp mib community-map abc1 context vrf-vrf1-context snmp mib community-map abc2 context vrf-vrf2-context ! ! control-plane ! ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 login ! ! webvpn context Default_context ssl authenticate verify all ! no inservice ! ! end With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
