cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1904
Views
0
Helpful
7
Replies

What exactly "snmp-server user ... remote <ip>" is used for?

ovt
Level 4
Level 4

What exactly "snmp-server user ... remote <ip>" is used for?

Does it have something to do with sending SNMPv3 traps/informs?

1 Accepted Solution

Accepted Solutions

With an inform, it's the manager whose engineID is authoritative, so it will be the manager's engineID that is hashed with the remote user, and sent from the agent to the manager. In this case, with net-snmp, you would create a new snmptrapd user tied to the manager's local engineID:

createUser informUser MD5 informPass123

View solution in original post

7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

Yes. This is for informs to specify a remote SNMPv3 user. They are associated with the remote engineID for the specified host.

Is it needed to send SNMPv3 traps?

BTW, is the following a v3 trap (or v2 trap):

v3 packet security model: v3 security level: auth

username: trapuser

snmpEngineID: 800000090300001DE5195603

snmpEngineBoots: 3 snmpEngineTime: 1192

SNMP: V2 Trap, reqid 1, errstat 0, erridx 0

sysUpTime.0 = 122017

snmpTrapOID.0 = snmpTraps.3

ifIndex.10001 = 10001

ifDescr.10001 = FastEthernet0/1

ifType.10001 = 6

lifEntry.20.10001 = administratively down

It is only needed for v3 informs and proxy requests. See http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf014.html#wp1055605 .

This is a v3 trap. A v2c trap would have a community string. However, the SMI version is the same for both.

Ok, in this case what kind of informaion is hashed together for auth security model, when a v3 trap is sent? Does the v3 trap receiver need to be configured with our local EngineID or something similar?

The engineID, boots, and engine time are used. The authoritative engineID is the agent, so, yes, the manager needs to be configured with its engineID. For net-snmp, I add something like the following to var/net-snmp/snmptrapd.conf:

createUser -e 080000000323456789 v3user MD5 v3pass123

Ok, I'm sorry, but this looks very strange to me. What information is hashed when inform is sent to an NMS? Local EngineID or remote EngineID? If Local, why do we need to specify Remote EngineID? Just to parse an ACK from the NMS?

With an inform, it's the manager whose engineID is authoritative, so it will be the manager's engineID that is hashed with the remote user, and sent from the agent to the manager. In this case, with net-snmp, you would create a new snmptrapd user tied to the manager's local engineID:

createUser informUser MD5 informPass123

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: