Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1040
Views
0
Helpful
3
Replies

SNMP v.3 configuration

Go to solution
subashmbi
Level 1
Level 1

‎04-10-2010 02:04 AM

Hi All,

I need some clarification about the snmp  v3 configuration.

The  below configuration is correct / i can proceed this.

access-list 99 permit 1.1.1.1!!LMS  Server!!

access-list  99 permit 2.2.2.2!! CSMARS Server!!

!

snmp-server group test v3 auth access 99

!

Note:  Below commands will not see in the running config; whether i have to  apply the same commands  for csmars also?!!

snmp-server user test  test123  remote 1.1.1.1v3 auth md5 test234

snmp-server user test  test123  v3 auth md5 test234 priv des test234

snmp-server host  1.1.1.1 test !! Points to LMS Server!!This same commands  have to points  to csmars?

!

If somebody have best practise Snmp trap configuration  send it ..

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to subashmbi

‎04-11-2010 09:53 PM

This looks okay.  You only need the remote commands if you will be sending SNMP informs to your management station.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎04-11-2010 10:53 AM

I see a few problems here.  What you probably want is something like:

access-list 99 permit 1.1.1.1  !!LMS  Server!!
access-list 99 permit 2.2.2.2  !! CSMARS Server!!
!
snmp-server group test v3 auth access 99  !! Do you need read-write access as well?
!
snmp-server user test  test  v3 auth md5 test1234
snmp-server user test  test  v3 auth md5 test1234 priv des test1234
!
snmp-server host  1.1.1.1 traps test

You want your passwords to have at least eight characters.  LMS currently does not support v3 traps, so make sure you send v1 or v2c (this config will send v1).  Your SNMP v3 user must be placed in an existing SNMPv3 group.

You might consider adding a write view as well to your v3 group (if you need to be able to do changes via SNMP).  LMS can do this, but it can also use telnet or SSH, so that may not be a requirement for you.

See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more best practices on securing SNMP.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

0 Helpful

Go to solution
subashmbi
Level 1
Level 1
In response to Joe Clarke

‎04-11-2010 09:51 PM

Hi,

My SNMP v.3 template looks like this:-

access-list 99 permit 1.1.1.1  !!LMS  Server!!
access-list 99 permit 2.2.2.2  !! CSMARS Server!!

!
snmp-server group test v3 auth access 99  !! I am not using read/write parameters
!
! Below commands we can use with remote ip (LMS/Csmars)? what is the advantage if we configured with remote ip parameters!!
 I can follow with these below commands...
!
snmp-server user test  test  v3 auth md5 test1234 !! Changed the password character length to 10!!
snmp-server user test  test  v3 auth md5 test1234 priv des test1234
!
snmp-server host  1.1.1.1 traps test !! these traps keyword is not visible in running config....
0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to subashmbi

‎04-11-2010 09:53 PM

This looks okay.  You only need the remote commands if you will be sending SNMP informs to your management station.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents