This lab gave you six or seven separate facts about how to configure SNMPv3. Focus on remembering all those little moving parts of the various SNMPv3 configuration commands. Most people will not memorize those, but you should think and practice these combinations so that you can see the configuration not as a long confusing set of words, but as separate ideas, and to understand each idea. As always, do the lab, then check your answers here.
Answers
Figure 1: Topology Used for SNMPv3 Labs
Example 3: Router R1 and R2 – Identical Config
snmp-server group Certskills v3 auth write v1default snmp-server user Youdda Certskills v3 auth sha mysecretpassword ! snmp-server enable traps snmp-server host 10.1.3.3 version 3 auth Youdda
Commentary
The four configuration commands show the correct syntax that then matches the logic shown in the requirements. Working through the sample answer’s four commands in the same order as listed in Example 3:
Command 1: snmp-server group
The first command creates an SNMP group, which is a configuration concept which gathers some SNMPv3 parameters for easy reference by the snmp-user user command. It is simply the way Cisco’s team built the SNMPv3 configuration.
The command lists these key parameters:
group Certskills: defines the name of the group with a name that I made up, and that you used based on the requirements for the lab.
v3: keyword that defines the version.
auth: defines that this group performs authentication, but not privacy
write v1default: two combined parameters that enable the use of Sets (for writing to the router’s MIB), with MIB view v1default.
Also, this command can be the starting point for some common mistakes. In this case, note that the use of the auth keyword on this command means that auth must be used on any snmp-server user commands that refer to this group.
Command 2: snmp-server host
The second command completes the work to enable support for Get and Set commands. This command defines the user (Youdda per the instructions) and links it to the first command. Specifically:
Certskills: refers to the name listed in the snmp-server group Certskills command.
v3: keyword that defines the version.
auth sha mysecretpassword: defines that the user should use authentication, with SHA as the protocol, with a password of mysecretpassword.
Command 3: snmp-server enable traps
The third command is simple: it enables the router to send Trap (and Inform) messages assuming the rest of the related configuration in command 4 is completed.
Command 4: snmp-server user
The last command completes the Trap configuration. Traps (and Informs) require that the router know to what IP address to send the Trap or Inform message, that is, the address of the SNMP manager. This command defines the address, and whether to send Traps or Informs, as follows:
host 172.20.2.9: Identifies the IP address of the SNMP manager.
version 3: keywords that define the version.
auth: defines that the user should use authentication (not privacy).
Youdda: defines the username (per the snmp-server user command) used for SNMPv3 authentication.