07-03-2008 10:52 AM
Is it possible to update my snmp v2 to version 3 on all my devices using ciscoworks 3.0, leaving everything else in tact?
07-03-2008 11:09 AM
You can deploy SNMPv3 configuration commands to devices using RME's Netconfig under RME > Config Mgmt > Netconfig > Netconfig Jobs. Create a new job, and select the SNMP Security task.
07-03-2008 11:27 AM
Thank you. I understand that there are about 16 commands for setting up version 3, would you know them? My current config is as follows:
logging snmp-authfail
logging source-interface Vlan126
logging **************
access-list 10 permit ************** log
access-list 10 permit ************** log
access-list 10 permit ************** log
access-list 10 permit ************** log
access-list 10 permit ************** log
access-list 10 deny any log
access-list 98 permit ************** log
access-list 98 deny any log
access-list 99 permit ************** log
access-list 99 permit ************** log
access-list 99 permit ************** log
access-list 99 deny any log
!
snmp-server community ************** RO 99
snmp-server community ************** RW 98
snmp-server trap-source Vlan126
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps chassis
snmp-server enable traps module
snmp-server enable traps casa
snmp-server enable traps tty
snmp-server enable traps bgp
snmp-server enable traps config
snmp-server enable traps MAC-Notification move threshold
snmp-server enable traps msdp
snmp-server enable traps rf
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps rsvp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps csg agent quota database
snmp-server enable traps vlan-mac-limit
snmp-server host ************** version 2c **************
I know once this are configured on my switches (6509e)that I have to indicate v3 in discovery is that correct?
07-03-2008 11:37 AM
You only need two things to allow basic SNMPv3 management. They are an SNMP group and an SNMP username. For example:
snmp-server group v3group v3 auth
snmp-server user v3user v3group v3 auth md5 v3userPassword
This will allow for basic read-only monitoring of the entire MIB tree using SNMPv3 authNoPriv. However, there are a lot of other options available for SNMPv3. See http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html and http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more details.
Yes, when you convert to SNMPv3, you will need to update your Discovery credentials. In LMs, SNMPv3 takes precedence over SNMPv1/v2c. So, if you configure overlapping ranges for v1/v2c and v3 in your Discovery settings, only the v3 credentials will be used for that range.
07-03-2008 11:43 AM
Thank you, this is a lot more info than I got from TAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide