Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP v.3 configuration

Hi All,

I need some clarification about the snmp  v3 configuration.

The  below configuration is correct / i can proceed this.

access-list 99 permit 1.1.1.1!!LMS  Server!!

access-list  99 permit 2.2.2.2!! CSMARS Server!!

!

snmp-server group test v3 auth access 99

!

Note:  Below commands will not see in the running config; whether i have to  apply the same commands  for csmars also?!!

snmp-server user test  test123  remote 1.1.1.1v3 auth md5 test234

snmp-server user test  test123  v3 auth md5 test234 priv des test234

snmp-server host  1.1.1.1 test !! Points to LMS Server!!This same commands  have to points  to csmars?

!

If somebody have best practise Snmp trap configuration  send it ..

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SNMP v.3 configuration

This looks okay.  You only need the remote commands if you will be sending SNMP informs to your management station.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

3 REPLIES
Cisco Employee

Re: SNMP v.3 configuration

I see a few problems here.  What you probably want is something like:

access-list 99 permit 1.1.1.1  !!LMS  Server!!

access-list 99 permit 2.2.2.2  !! CSMARS Server!!

!

snmp-server group test v3 auth access 99  !! Do you need read-write access as well?

!

snmp-server user test  test  v3 auth md5 test1234

snmp-server user test  test  v3 auth md5 test1234 priv des test1234

!

snmp-server host  1.1.1.1 traps test

You want your passwords to have at least eight characters.  LMS currently does not support v3 traps, so make sure you send v1 or v2c (this config will send v1).  Your SNMP v3 user must be placed in an existing SNMPv3 group.

You might consider adding a write view as well to your v3 group (if you need to be able to do changes via SNMP).  LMS can do this, but it can also use telnet or SSH, so that may not be a requirement for you.

See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more best practices on securing SNMP.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

New Member

Re: SNMP v.3 configuration

Hi,

My SNMP v.3 template looks like this:-

access-list 99 permit 1.1.1.1  !!LMS  Server!!
access-list 99 permit 2.2.2.2  !! CSMARS Server!!

!
snmp-server group test v3 auth access 99  !! I am not using read/write parameters
!
! Below commands we can use with remote ip (LMS/Csmars)? what is the advantage if we configured with remote ip parameters!!
I can follow with these below commands...
!
snmp-server user test  test  v3 auth md5 test1234 !! Changed the password character length to 10!!
snmp-server user test  test  v3 auth md5 test1234 priv des test1234
!
snmp-server host  1.1.1.1 traps test !! these traps keyword is not visible in running config....
Cisco Employee

Re: SNMP v.3 configuration

This looks okay.  You only need the remote commands if you will be sending SNMP informs to your management station.

--

Please support CSC Helps Haiti

https://supportforums.cisco.com/docs/DOC-8895

https://supportforums.cisco.com

552
Views
0
Helpful
3
Replies