04-10-2010 02:04 AM
Hi All,
I need some clarification about the snmp v3 configuration.
The below configuration is correct / i can proceed this.
access-list 99 permit 1.1.1.1!!LMS Server!!
access-list 99 permit 2.2.2.2!! CSMARS Server!!
!
snmp-server group test v3 auth access 99
!
Note: Below commands will not see in the running config; whether i have to apply the same commands for csmars also?!!
snmp-server user test test123 remote 1.1.1.1v3 auth md5 test234
snmp-server user test test123 v3 auth md5 test234 priv des test234
snmp-server host 1.1.1.1 test !! Points to LMS Server!!This same commands have to points to csmars?
!
If somebody have best practise Snmp trap configuration send it ..
Solved! Go to Solution.
04-11-2010 09:53 PM
This looks okay. You only need the remote commands if you will be sending SNMP informs to your management station.
--
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com
04-11-2010 10:53 AM
I see a few problems here. What you probably want is something like:
access-list 99 permit 1.1.1.1 !!LMS Server!!
access-list 99 permit 2.2.2.2 !! CSMARS Server!!
!
snmp-server group test v3 auth access 99 !! Do you need read-write access as well?
!
snmp-server user test test v3 auth md5 test1234
snmp-server user test test v3 auth md5 test1234 priv des test1234
!
snmp-server host 1.1.1.1 traps test
You want your passwords to have at least eight characters. LMS currently does not support v3 traps, so make sure you send v1 or v2c (this config will send v1). Your SNMP v3 user must be placed in an existing SNMPv3 group.
You might consider adding a write view as well to your v3 group (if you need to be able to do changes via SNMP). LMS can do this, but it can also use telnet or SSH, so that may not be a requirement for you.
See http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more best practices on securing SNMP.
--
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com
04-11-2010 09:51 PM
Hi,
My SNMP v.3 template looks like this:-
access-list 99 permit 1.1.1.1 !!LMS Server!!
access-list 99 permit 2.2.2.2 !! CSMARS Server!!
!
snmp-server group test v3 auth access 99 !! I am not using read/write parameters
!
! Below commands we can use with remote ip (LMS/Csmars)? what is the advantage if we configured with remote ip parameters!!
I can follow with these below commands...
!
snmp-server user test test v3 auth md5 test1234 !! Changed the password character length to 10!!
snmp-server user test test v3 auth md5 test1234 priv des test1234
!
snmp-server host 1.1.1.1 traps test !! these traps keyword is not visible in running config....
04-11-2010 09:53 PM
This looks okay. You only need the remote commands if you will be sending SNMP informs to your management station.
--
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide