05-11-2010 12:07 AM
Hi All, Can any one help me configuring SNMP v3 with two set of groups and users. One with all read/write access wich will be used for LMS and other only read access which will be used by other softwares..
I dont have clue to configure snmp v3. Please provide the working config/commands if possible.
05-11-2010 09:10 PM
First, see http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml . This covers securing SNMP including SNMPv3. In short, you will need two groups:
snmp-server group lmsgrp v3 auth
snmp-server group nmsgrp v3 auth write v1default
Then, create a user for each group:
snmp-server user lmsuser lmsgrp v3 auth md5 lmsuser123
snmp-server user nmsuser nmsgrp v3 auth md5 nmsuser123
This sample config will enable SNMPv3 authNoPriv using MD5 authentication. You can use lmsuser as your LMS user with the password lmsuser123. For your other NMSes, you can use nmsuser with password nmsuser123.
That said, LMS can use SNMP read-write, so having a read-only user for LMS might not be sufficient, especially if you plan to use IPM.
05-11-2010 11:26 PM
snmp-server user username snmpgroup remote ip address v3 auth sha
what is this command used for, do i need to use this command ? what about snmp-server host ip address v3 traps command
Thanks for your help and providing sample config/commands
05-11-2010 11:31 PM
dear clarke, in your given configuration lmsgrp will have read-write permission & nmsgrp will have only read permission..is that correct...but in nmsgrp you are saying "v3 auth write v1default" which will give write permission to this group correct me if I m wrong. I want LMS to give all permission but other nms should have read only access.
05-11-2010 11:42 PM
I misread. Just reverse the group configurations then.
snmp-server group lmsgrp v3 auth write v1default notify v1default
snmp-server group nmsgrp v3 auth
05-11-2010 11:41 PM
No, you do not need this command. This command is only required if you will be sending SNMP inform notifications. If you want to enable v3 traps, just configure:
snmp-server host x.x.x.x traps version 3 auth lmsuser
You will also want to add a notify view to your lmsgrp:
snmp-server group lmsgrp v3 auth notify v1default
However, be aware, LMS does not support v3 traps. You will need to configure v1 or v2c traps if you want DFM to be able to process them.
08-23-2010 11:31 AM
further to my earlier post i have following config & i have LMS 3.2 latest one
snmp-server engineID local xxxxxxxxxxxx
snmp-server group ABC v3 auth write v1default access 10
snmp-server user lmsadmin ABC v3 auth md5 abc
snmp-server host 1.1.2.1 version 3 auth lmsadmin
snmp-server location DATACENTER
snmp-server contact ITDEPT
access-list 10 permit 1.1.2.0 0.0.0.255
But I cant configure switch ports. device credential report is showing ok for telnet & snmp v3.
snmp v3 traps are they supported on lms 3.2 now??????????????
08-23-2010 11:27 AM
i defined
snmp-server group abc v3 auth write v1default access 10
but still when i do RME>Device Management>Cisco View
I cant configure the ports on switch my example device is 3560-48PS, error says there is timeout for chasis & OR check snmp credentials.
I have run dvice credential report,, & it says snnp v3 ok (read & write) as well as telnet.
Any idea??????
08-23-2010 09:23 PM
Start a new thread for your issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide