SNMP v.3 configuration

Answered Question
Apr 10th, 2010
User Badges:

Hi All,


I need some clarification about the snmp  v3 configuration.

The  below configuration is correct / i can proceed this.

access-list 99 permit 1.1.1.1!!LMS  Server!!

access-list  99 permit 2.2.2.2!! CSMARS Server!!

!

snmp-server group test v3 auth access 99

!

Note:  Below commands will not see in the running config; whether i have to  apply the same commands  for csmars also?!!

snmp-server user test  test123  remote 1.1.1.1v3 auth md5 test234

snmp-server user test  test123  v3 auth md5 test234 priv des test234

snmp-server host  1.1.1.1 test !! Points to LMS Server!!This same commands  have to points  to csmars?

!

If somebody have best practise Snmp trap configuration  send it ..

Correct Answer by Joe Clarke about 7 years 1 month ago

This looks okay.  You only need the remote commands if you will be sending SNMP informs to your management station.


--


Please support CSC Helps Haiti


https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Sun, 04/11/2010 - 10:53
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I see a few problems here.  What you probably want is something like:



access-list 99 permit 1.1.1.1  !!LMS  Server!!

access-list 99 permit 2.2.2.2  !! CSMARS Server!!

!


snmp-server group test v3 auth access 99  !! Do you need read-write access as well?

!


snmp-server user test  test  v3 auth md5 test1234

snmp-server user test  test  v3 auth md5 test1234 priv des test1234

!

snmp-server host  1.1.1.1 traps test


You want your passwords to have at least eight characters.  LMS currently does not support v3 traps, so make sure you send v1 or v2c (this config will send v1).  Your SNMP v3 user must be placed in an existing SNMPv3 group.


You might consider adding a write view as well to your v3 group (if you need to be able to do changes via SNMP).  LMS can do this, but it can also use telnet or SSH, so that may not be a requirement for you.


See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more best practices on securing SNMP.


--


Please support CSC Helps Haiti


https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

subashmbi Sun, 04/11/2010 - 21:51
User Badges:

Hi,


My SNMP v.3 template looks like this:-


access-list 99 permit 1.1.1.1  !!LMS  Server!!<br/>access-list 99 permit 2.2.2.2  !! CSMARS Server!!<br/><br/>!<br/>snmp-server group test v3 auth access 99  !! I am not using read/write parameters<br/>!<br/>! Below commands we can use with remote ip (LMS/Csmars)? what is the advantage if we configured with remote ip parameters!!<br/> I can follow with these below commands...<br/>!<br/>snmp-server user test  test  v3 auth md5 test1234 !! Changed the password character length to 10!!<br/>snmp-server user test  test  v3 auth md5 test1234 priv des test1234<br/>!<br/>snmp-server host  1.1.1.1 traps test !! these <strong>traps keyword </strong>is not visible in running config....<br/>

Actions

This Discussion