Friday, February 20, 2009

ALU - SNMP Part 1

Foreward: An ALU is an Autonomous Learning Unit, you can read this post to learn more about them.



Your NOC is installing two new network management stations soon, their IP addresses will be and  Configure R3 to allow read-only SNMP access from both NMS stations using community string CISCO_RO.  Configure R3 to allow read-write SNMP access from the NMS station at using community CISCO_RW.  Your NOC also wants you to configure R3 to send traps relating to temperature problems to using community CISCOTRAP.



Highlight below for the solution:




  access-list 10 permit

  access-list 10 permit

  access-list 20 permit

  snmp-server community CISCO_RO ro 10

  snmp-server community CISCO_RW rw 20

  snmp-server host traps CISCOTRAP envmon

  snmp-server enable traps envmon temperature



R3#show snmp community


Community name: ILMI

Community Index: cisco0

Community SecurityName: ILMI

storage-type: read-only  active



Community name: CISCOTRAP

Community Index: cisco1

Community SecurityName: CISCOTRAP

storage-type: nonvolatile        active



Community name: CISCO_RO

Community Index: cisco2

Community SecurityName: CISCO_RO

storage-type: nonvolatile        active access-list: 10



Community name: CISCO_RW

Community Index: cisco3

Community SecurityName: CISCO_RW

storage-type: nonvolatile        active access-list: 20


R3#show run | include trap|host_

snmp-server enable traps envmon temperature

snmp-server host CISCOTRAP  envmon




This question shows the difference between read-only, read-write, and trap communities.  It also demonstrates the ability to put different access lists on each community to limit which hosts can use those communities.


It is very important to remember that sending traps to a host requires two separate commands, the first, "snmp-server enable traps envmon temperature" enables that trap globally; without it, no host would receive that trap.  The second command, "snmp-server host traps CISCOTRAP envmon" enables the specific trap (envmon) to be sent to the host  It is helpful to be able to specify some traps to go to one NMS and others to go to another NMS, and the second command allows us to do that.


I also included a filtered "show run" command, which is one of the best ways to quickly verify a configuration.  It is also a great way to stay sharp on your regular expression knowledge.  The command

"show run | include trap|host_" says to show the running configuration, but only include lines that include the word trap, and the word host, immediately followed by a space.  Without the underscore after host, that show command would display the "hostname Rack1R3" command.  An underscore in RegEx must be a space, the beginning, or ending of a string.  You can find more regular expression help on the Cisco Doc CD hidden under the Configuration Guides - Terminal Services - Appendixes - Regular Expressions


DocCD items to reference:

Configuration Guide (Scroll to How to Configure SNMP Support, Configuring SNMP Versions 1 and 2)

snmp-server community

snmp-server enable traps

snmp-server host

No comments:

Post a Comment