07-28-2014 07:45 AM
Our Internet provider has a circuit connected to interface G0/0/0 of our 3845 router running IOS version 12.4. We have SNMP setup for our own management but the provider is asking for SNMP access from their management server as well. They are requesting the specific SNMP access below and I’m not clear as to what commands are necessary to allow their access but not break our own. Also, I’m concerned with the syslog option as we don’t want to send information which they are not privileged.
I appreciate any help.
Jeff
Vendor’s request:
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown
Basic circuit utilization.
Their management IP: 10.200.200.200
07-28-2014 04:51 PM
Hi Jeff,
Vendor’s request:
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server system-shutdown
Issues the above command should not be an issue, these are just the traps being sent to the NMS servers.
snmp-server system-shutdown > this command is required to have in case you want to reboot the device via SNMP.
To send these traps to the NMS server , you would need the below command as well..
snmp-server host <Ip addresss> version v2/v3 <community string>
Thanks-
Afroz
**Ratings Encourages Contributors ***
07-29-2014 10:19 AM
Since we have other traps enabled for our management server is there a way to group or restrict their traps to just their management IP?
Also, they requested "basic circuit utilization" but I don't know in detail what they are referring to but thought I would ask here if anyone has suggestions.
Afroz, thanks for the reply as they won't get snmp-server system-shutdown as this is our equipment which does more than their circuit.
Thanks for the help.
Jeff
07-29-2014 10:24 AM
Apply Access-list on the Community string for restricted polling .
http://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/20370-snmpsecurity-20370.html#snmpcommunity
Traps will be sent to only those HOST which you specify in the
snmp-server host command
Thanks-
Afroz
07-29-2014 10:55 AM
Afroz,
We will have both our sever and theirs in the snmp-server host command so they will receive traps which we don't want or they don't need.
Jeff
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide