Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
4
Helpful
6
Replies

ACS server settings

Go to solution
Network Pro
Level 1
Level 1

‎11-15-2012 07:18 AM - edited ‎03-07-2019 10:04 AM

Hi,

i want to create a snmp user account on all switches and want to tie its permission with the help of ACS server. can you please advice me of what previliage levels and other settings that i can use on ACS server ? 

Thanks               

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Muhammad Thanveer
Level 5
Level 5
In response to Network Pro

‎11-21-2012 01:35 AM

Hi,

You are welcome, I request to rate the helpful posts, that itself is a thanks to me and the community.

Sorry for the late reply, I got stuck up with some other stuff:


Up to my knowledge there is no neccessity of user to be created for collecting snmp logs and traps for version1 and version2

for version 3 you may be, please find the info:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp19601

Model

Level

Authentication

Encryption

What Happens

v1

noAuthNoPriv

Community String

No

Uses a community string match for authentication.

v2c

noAuthNoPriv

Community String

No

Uses a community string match for authentication.

v3

noAuthNoPriv

Username

No

Uses a username match for authentication.

v3

authNoPriv

MD5 or SHA

No

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.

v3

authPriv

MD5 or SHA

DES

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.

Note the following about SNMPv3 objects:

Each user belongs to a group.

A group defines the access policy for a set of users.

An access policy is what SNMP objects can be accessed for reading, writing, and creating.

A group determines the list of notifications its users can receive.

A group also defines the security model and security level for its users.

Benefits

Data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted.

Confidential information, for example, SNMP Set command packets that change a router's configuration, can be encrypted to prevent its contents from being exposed on the network.

Please rate the helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Network Pro
Level 1
Level 1

‎11-16-2012 03:12 AM

any thoughts on this ?

0 Helpful

Go to solution
Muhammad Thanveer
Level 5
Level 5
In response to Network Pro

‎11-16-2012 03:24 AM

Hi,

Please follow the link below

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/command/reference/cli_app_a.html#wp1896136

Command Modes

Configuration

Usage Guidelines

The snmp-server community command requires a community string and the ro argument; otherwise, an error occurs.

Examples 

acs/admin(config)# snmp-server community new ro


acs/admin(config)#

Related Commands

Command

Description

snmp-server host

Sends traps to a remote system.

snmp-server location

Configures the SNMP location MIB value on the system.

snmp-server contact

Configures the SNMP contact MIB value on the system.

Please rate the helpful posts, it may help others

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Go to solution
Network Pro
Level 1
Level 1
In response to Muhammad Thanveer

‎11-19-2012 02:55 AM

Thanks Muhammad. Just wondering does the switches need a local username and password if i create an account on the ACS server ?

switch(config)# username monitor previlege 15 password xxxx

I am planning to create an account by the name Monitor on the ACS server ? (i beleive this is needed for config collection ?)

0 Helpful

Go to solution
Muhammad Thanveer
Level 5
Level 5
In response to Network Pro

‎11-21-2012 01:35 AM

Hi,

You are welcome, I request to rate the helpful posts, that itself is a thanks to me and the community.

Sorry for the late reply, I got stuck up with some other stuff:


Up to my knowledge there is no neccessity of user to be created for collecting snmp logs and traps for version1 and version2

for version 3 you may be, please find the info:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp19601

Model

Level

Authentication

Encryption

What Happens

v1

noAuthNoPriv

Community String

No

Uses a community string match for authentication.

v2c

noAuthNoPriv

Community String

No

Uses a community string match for authentication.

v3

noAuthNoPriv

Username

No

Uses a username match for authentication.

v3

authNoPriv

MD5 or SHA

No

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms.

v3

authPriv

MD5 or SHA

DES

Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. Provides DES 56-bit encryption in addition to authentication based on the CBC-DES (DES-56) standard.

Note the following about SNMPv3 objects:

Each user belongs to a group.

A group defines the access policy for a set of users.

An access policy is what SNMP objects can be accessed for reading, writing, and creating.

A group determines the list of notifications its users can receive.

A group also defines the security model and security level for its users.

Benefits

Data can be collected securely from SNMP devices without fear of the data being tampered with or corrupted.

Confidential information, for example, SNMP Set command packets that change a router's configuration, can be encrypted to prevent its contents from being exposed on the network.

Please rate the helpful posts

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

0 Helpful

Go to solution
Network Pro
Level 1
Level 1
In response to Muhammad Thanveer

‎11-21-2012 04:29 AM

Thanks Muhammed, practically i found out that is not needed and may be that can be used if ACS server is not in place.

Also just a quick one - do you know how to set config collection timer on solarwinds ?

Thanks

0 Helpful

Go to solution
Muhammad Thanveer
Level 5
Level 5
In response to Network Pro

‎11-21-2012 07:37 AM

Hi,

Please find the file attached and this link may be useful for you.

http://www.solarwinds.com/documentation/orionNCM/docs/orionNCMAdministratorGuide.pdf

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Preview file
8 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card