02-06-2006 08:39 AM - edited 03-03-2019 11:40 AM
Have read cisco command reference, but still not able to understand command
snmp-server engineID remote|local
snmp-server user
snmp group
can someone show the example?
thanks
02-06-2006 07:00 PM
snmp-server engineID local|remote:
----------------------------------
Within the SNMP framework, the SNMP engine is the entity that sends/receives SNMP messages. The engine also performs message authentication and encryption. The engine ID is simply an identifier for the engine. Typically, you do not need to specify an engine ID as the router will use a default ID. The local ID is important because it is used as an input when creating security digests for user passwords. You will only configure a remote engine ID when you are sending SNMPv3 traps (informs) to another SNMP engine. In that case, you have to use the remote engine's ID to create the security digest. The 'snmp-server engineID local|remote' commands are used to configure these IDs, if required. If you don't have the correct remote engine ID, the security digest will be incorrect and the SNMP inform will simply be discarded by the remote engine.
snmp-server user
----------------
This command is used to create usernames/passwords that can be used by other SNMP engines to authenticate when they try to access the local router via SNMP. It's a better form of security than using just communities
snmp-server group
----------------
YOu can use this command to create SNMP groups to which you can then assign users. For example, if you have a certain set of users who you would like to provide restricted SNMP access to, you can create a group with the appropriate privileges. You then assign users to these groups so that they inherit these privileges. You can have multiple groups...
Hope that helps - pls rate the post if it does.
Paresh
08-19-2006 05:29 AM
when we set the snmp engine ID, what is the ID and how can get it?
P.S. I am using Cisco switch 3550
08-19-2006 05:46 AM
engine ID is the 24 character long...if you do not specify the entire 24 charecter then it will padd zeroes on the right...
you are configuring engine id by your own...
and its used to compute various cryptographic keys...
hope this is help you
rate this post it it helps
regards
Devang
08-19-2006 05:55 AM
thanks for your reply!
You mean every characters I can use? Can I copy another engine ID on another system and use it in my switch?
thanks
08-19-2006 06:08 AM
you can use engine ID like this:
Local SNMP engineID: 00000009020000000C025808
Remote Engine ID IP-addr Port
123456789ABCDEF000000000 171.69.37.61 162
and i think this engineID identify the local SNMP engine and remote engine configured with the their own remote engine ID...
you can have more detail form this link:
rate this post if it helps
regards
Devang
08-19-2006 06:17 AM
Can I copy another engine ID on another system and use it in my switch?
08-20-2006 02:08 AM
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide