SNMP trap and informs

incognito · ‎09-02-2019

Hello

is there anyone who can explain me:

1) SNMP trap and informs (the difference/similarity between them etc)?

2) And how to configure SNMPv3 on nexus switch? Or please explain me SNMP in general or can you give me a link to a good explained guide?

3) Do I have to configure SNMP community when I'm going to use only SNMP v3?

Seb Rupik · ‎09-02-2019

Hi there,

To answer your questions:

1) Both TRAP and INFORM messages are sent from an SNMP agent to a receiver, the only difference is that a reciver must send back an acknowledgment for an INFORM message.

2) Take a look at the extensive NX-OS guide here:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide/sm_9snmp.html#concept_AFE2599DEE664E079795A1BBCC2C994D

3) SNMP community strings are a SNMPv1/2 construct and are not used in SNMPv3.

cheers,

Seb.

incognito · ‎09-02-2019

hello! thanks for the answer!
what is the 'localizedkey', 'engineID' ?
from here:
snmp-server user name [auth {md5 | sha} passphrase [auto] [priv [aes-128] passphrase] [engineID id] [localizedkey]

when I should use passphrase.. 'auto or priv'?

and one more question
example:
Nexus(config)# snmp-server user MYSNMP auth sha Passw0rd priv aes-128 ?
WORD Privacy password for user (Max Size 130)
what does mean 'privacy password for user' after aes-128 ? Password for what. For example I already used Passw0rd (Authentication password for user (Max Size 127)
I'm confused...

Mark Malone · ‎09-02-2019

localisedkey gives the option of the priv password having up to 130 characters instead of 64

the first part is the hashing password the second part of the encryption key

heres an snmpv3 example thats working on 1 of my new 92340 NX-OS , never used the auto part in any of our nx devices for snmp

snmp-server user admin network-admin auth md5 0xd49bc0735b66b4d55679885788f90aeb72 priv 0xd49bc0735bb4d556798685788f90aeb72 localizedkey

incognito · ‎09-03-2019

thanks! but i have 1 more question. can you look at?

Seb Rupik · ‎09-02-2019

The engineID is a unique character string used to identify the SNMP agent (ie, the switch). The localized-key is a user defined hex string between 10-130 characters in length, it can be omitted and it will be auto-generated.

The second passphrase is required when you choose to use priv .

The Authentication and Privacy (Encryption) passwords are separate strings and can/ should have different values.

cheers,

Seb.

incognito · ‎09-03-2019

thanks! but i have 1 more question. can you look at?

Joseph W. Doherty · ‎09-02-2019

#1 Both trap and inform are non-solicated mesages send from the host to the management stations. Informs can also be sent between management stations. Traps date from the earlier SNMP version. Informs are from the later SNMP (v3) version. Traps aren't ACK'ed, informs are!

incognito · ‎09-03-2019

Thank you all for the answer. I have one more question
Can you look at?

i'm migrating configs from 'Extreme networks' switch to the Nexus-6000 switch

In Extreme I have this config of SNMPv3:

* configure snmpv3 add community MainRO name MainRO user v1v2c_ro
* configure snmpv3 add target-addr v1v2cNotifyTAddr param v1v2cNotifyParam ipaddress 1.1.1.1 transport-port 162 vr VR-Default tag-list defaultNotify
* configure snmpv3 add target-params v1v2cNotifyParam user v1v2cNotifyUser mp-model snmpv2c sec-model snmpv2c sec-level noauth

How the config on nexus switch will look like?

what I have to configure? snmp user and host? From config of extreme what is user, what is password

Mark Malone · ‎09-03-2019

HI this is all you need for s3 to work on NX below , admin snmp and your own snmp if required , then check with SHOW SNMP

snmp-server user admin network-admin auth md5 PUTPASSWORDHERE priv PUTPASSWORDHERE localizedkey

snmp-server user netadmin network-admin auth sha PUTPASSWORDHERE priv aes-128 PUTPASSWORDHERE localizedkey

incognito · ‎09-03-2019

thank you, Mark
and what about snmp-server host?

From extreme switch: configure snmpv3 add target-addr v1v2cNotifyTAddr param v1v2cNotifyParam ipaddress 1.1.1.1 transport-port 162 vr VR-Default tag-list defaultNotify

Mark Malone · ‎09-03-2019

Hi

you can use it yes but its more optional for traps , we poll from the snmp station itself to the switch so we dont require it , there's a few options, if your sending trap/traffic then use the host command , but we get the system to poll us so dont need to use it

incognito · ‎09-03-2019

Thank you!

CiscoPurpleBelt · ‎02-24-2020

May be off thread but when configuring SNMPv3 groups, when do you want to configure for read and write access?

Seb Rupik · ‎02-24-2020

Hi there,

If I understand your question correctly, read access is granted by default. Both read and write permissions require a 'view' to be specified which will limit which OIDs will be accessible via the R/W permission.

cheers,

Seb.