10-02-2008 06:23 AM
What exactly "snmp-server user ... remote <ip>" is used for?
Does it have something to do with sending SNMPv3 traps/informs?
Solved! Go to Solution.
10-02-2008 07:03 AM
With an inform, it's the manager whose engineID is authoritative, so it will be the manager's engineID that is hashed with the remote user, and sent from the agent to the manager. In this case, with net-snmp, you would create a new snmptrapd user tied to the manager's local engineID:
createUser informUser MD5 informPass123
10-02-2008 06:27 AM
Yes. This is for informs to specify a remote SNMPv3 user. They are associated with the remote engineID for the specified host.
10-02-2008 06:33 AM
Is it needed to send SNMPv3 traps?
BTW, is the following a v3 trap (or v2 trap):
v3 packet security model: v3 security level: auth
username: trapuser
snmpEngineID: 800000090300001DE5195603
snmpEngineBoots: 3 snmpEngineTime: 1192
SNMP: V2 Trap, reqid 1, errstat 0, erridx 0
sysUpTime.0 = 122017
snmpTrapOID.0 = snmpTraps.3
ifIndex.10001 = 10001
ifDescr.10001 = FastEthernet0/1
ifType.10001 = 6
lifEntry.20.10001 = administratively down
10-02-2008 06:35 AM
It is only needed for v3 informs and proxy requests. See http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf014.html#wp1055605 .
This is a v3 trap. A v2c trap would have a community string. However, the SMI version is the same for both.
10-02-2008 06:39 AM
Ok, in this case what kind of informaion is hashed together for auth security model, when a v3 trap is sent? Does the v3 trap receiver need to be configured with our local EngineID or something similar?
10-02-2008 06:45 AM
The engineID, boots, and engine time are used. The authoritative engineID is the agent, so, yes, the manager needs to be configured with its engineID. For net-snmp, I add something like the following to var/net-snmp/snmptrapd.conf:
createUser -e 080000000323456789 v3user MD5 v3pass123
10-02-2008 06:55 AM
Ok, I'm sorry, but this looks very strange to me. What information is hashed when inform is sent to an NMS? Local EngineID or remote EngineID? If Local, why do we need to specify Remote EngineID? Just to parse an ACK from the NMS?
10-02-2008 07:03 AM
With an inform, it's the manager whose engineID is authoritative, so it will be the manager's engineID that is hashed with the remote user, and sent from the agent to the manager. In this case, with net-snmp, you would create a new snmptrapd user tied to the manager's local engineID:
createUser informUser MD5 informPass123
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: