SNMPv3 configuration may be the most challenging new configuration topic added to the new CCNA R&S exams introduced in May 2016 (that is, CCNA R&S 200-125). The configuration commands have many options, and it is possible to configure an incorrect combination of options that just does not work. So you need to take extra care to combine the right options. This lab sets up a straightforward set of SNMPv3 requirements so that you can then focus on practicing getting the command options right.
Requirements
This lab uses a small network with two routers. Your job is to create a configuration that would work on both routers to enable SNMPv3, per the following requirements:
- Use username Youdda
- Use group name Certskills
- Use text string mysecretpassword for any passwords or keys
- Support both reading (Get) and writing (Set) to the MIB
- Use the default MIB view (V1Default) if any MIB views need to be configured
- Support traps, but not informs, sent to the SNMP manager at address 172.16.2.9
- Use SNMPv3 authentication with SHA, but do not use privacy
- Do not filter messages based on an ACL
- As for the topology:
- Assume all interfaces shown in the figure are up and working, that is, there is connectivity between each router and the SNMP server.
Figure 1: Topology Used for SNMPv3 Labs
Initial Configuration
Examples 1 and 2 show the initial configurations on routers R1 and R2, respectively.
Example 1: Router R1 Initial Configuration
hostname R1 ! interface GigabitEthernet0/1 no shutdown ip address 172.20.1.1 255.255.255.0 ! interface gigabitethernet0/2 no shutdown ip address 172.20.12.1 255.255.255.0 ! router ospf 1 network 172.20.1.1 0.0.0.0 area 0 network 172.20.12.1 0.0.0.0 area 0
Example 2: Router R2 Initial Configuration
hostname R2 ! interface GigabitEthernet0/1 no shutdown ip address 172.20.2.2 255.255.255.0 ! interface gigabitethernet0/2 no shutdown ip address 172.20.12.2 255.255.255.0 ! router ospf 1 network 172.20.2.2 0.0.0.0 area 0 network 172.20.12.2 0.0.0.0 area 0
Answer on Paper, or Maybe Test in Lab
As always, you should at least answer on paper or by typing in a text editor.
If you do implement this config lab on real gear or some other tool, it is difficult to verify without having an SNMP manager with which to test. The challenge is that the router will accept combinations of commands that fail when trying to communicate with the SNMP manager. For those of you who want to dig a little deeper, and you have at least one router or switch in your home lab, then consider downloading any free SNMP manager. Then make sure your manager can successfully do an SNMP Get to pull information from your router or switch after adding the kind of configuration you build in this lab.
Note that for the purposes of learning SNMPv3, I found that the ManageEngine MIB Browser was a good tool. It gives you enough direct control so that you can see what is happening. However, it may be a more difficult tool to use for someone starting out, in that it requires you to navigate the MIB structure.
Do this Lab with Cisco’s VIRL
You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.
Download this lab’s VIRL file!
The virl topology matches this lab topology exactly. The host info does as well.
Handy Host Commands:
To see PC IP address: ifconfig eth1
Ping example: ping -c 4 10.1.1.1
Trace example: tracepath 10.1.1.1
To connect to another node within the topology: telnet 10.1.1.1