Foreward: An ALU is an Autonomous Learning Unit, you can read this post to learn more about them.
Question:
Your NOC is installing two new network management stations soon, their IP addresses will be 1.1.3.80 and 1.1.3.90. Configure R3 to allow read-only SNMP access from both NMS stations using community string CISCO_RO. Configure R3 to allow read-write SNMP access from the NMS station at 1.1.3.90 using community CISCO_RW. Your NOC also wants you to configure R3 to send traps relating to temperature problems to 1.1.3.80 using community CISCOTRAP.
Highlight below for the solution:
Solution:
R3:
access-list 10 permit 1.1.3.80
access-list 10 permit 1.1.3.90
access-list 20 permit 1.1.3.90
snmp-server community CISCO_RO ro 10
snmp-server community CISCO_RW rw 20
snmp-server host 1.1.3.80 traps CISCOTRAP envmon
snmp-server enable traps envmon temperature
Confirmation:
R3#show snmp community
Community name: ILMI
Community Index: cisco0
Community SecurityName: ILMI
storage-type: read-only active
Community name: CISCOTRAP
Community Index: cisco1
Community SecurityName: CISCOTRAP
storage-type: nonvolatile active
Community name: CISCO_RO
Community Index: cisco2
Community SecurityName: CISCO_RO
storage-type: nonvolatile active access-list: 10
Community name: CISCO_RW
Community Index: cisco3
Community SecurityName: CISCO_RW
storage-type: nonvolatile active access-list: 20
R3#show run | include trap|host_
snmp-server enable traps envmon temperature
snmp-server host 1.1.3.80 CISCOTRAP envmon
Explanation:
This question shows the difference between read-only, read-write, and trap communities. It also demonstrates the ability to put different access lists on each community to limit which hosts can use those communities.
It is very important to remember that sending traps to a host requires two separate commands, the first, "snmp-server enable traps envmon temperature" enables that trap globally; without it, no host would receive that trap. The second command, "snmp-server host 1.1.3.80 traps CISCOTRAP envmon" enables the specific trap (envmon) to be sent to the host 1.1.3.80. It is helpful to be able to specify some traps to go to one NMS and others to go to another NMS, and the second command allows us to do that.
I also included a filtered "show run" command, which is one of the best ways to quickly verify a configuration. It is also a great way to stay sharp on your regular expression knowledge. The command
"show run | include trap|host_" says to show the running configuration, but only include lines that include the word trap, and the word host, immediately followed by a space. Without the underscore after host, that show command would display the "hostname Rack1R3" command. An underscore in RegEx must be a space, the beginning, or ending of a string. You can find more regular expression help on the Cisco Doc CD hidden under the Configuration Guides - Terminal Services - Appendixes - Regular Expressions
DocCD items to reference:
Configuration Guide (Scroll to How to Configure SNMP Support, Configuring SNMP Versions 1 and 2)
Posts
No comments:
Post a Comment