From: ilg@xxxxxxxxx
Date: Tue Apr 03 2001 - 08:35:12 GMT-3
Hi,
I'm trying to do the snmp part of cc boot camp lab8a (Section 2, Task 6).
It looks like the snmp traps are sent out (r1) but the snmp manager never
gets them (r4).
I've verified my configuration by the following testing:
1. I access r1 from r7 and type a wrong password.
2. acl 107 on r5 shows 2 matches for snmptraps
3. but r4 has no snmptraps in his logg buffer
Can someone help me?
Thank's
Peter
Remarks:
- on r1 I configured "snmp-server enable traps snmp authentication", which
replaces the "snmp-server trap-authentication" command of IOS 11.2, but the
config shows only "snmp-server enable traps snmp"
- I did the same with IOS 12.1 on r5 and there command shows up as typed in
Testing
-------
r7#137.20.10.1
Trying 137.20.10.1 ... Open
User Access Verification
Password:
Password:
Password:
% Bad passwords
r5#sh access-lists 107
Extended IP access list 107
permit icmp any any
permit ospf any any (6 matches)
permit tcp any any eq bgp (2 matches)
permit tcp any eq bgp any gt 1023
permit udp host 137.20.10.1 host 137.20.40.17 eq snmptrap (2 matches)
permit udp host 137.20.10.1 eq snmptrap host 137.20.40.17 gt 1023
permit tcp host 137.20.10.2 any eq telnet
permit tcp host 137.20.10.70 host 137.20.60.1 eq telnet
permit tcp host 137.20.10.70 host 137.20.86.1 eq telnet
deny ip any any log
r5#
r4#sh log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 2273 messages logged
Monitor logging: level debugging, 126 messages logged
Logging to: vty2(5)
Buffer logging: level debugging, 2273 messages logged
Trap logging: level debugging, 39 message lines logged
Log Buffer (4096 bytes):
04:49:15: %SYS-5-CONFIG_I: Configured from console by vty0 (137.20.10.2)
05:00:15: %SYS-5-CONFIG_I: Configured from console by vty0 (137.20.10.2)
r4#
r4#
----------------------------------------------------------------
r1
-- version 12.0 ... ! access-list 17 permit 137.20.40.17 access-list 64 permit 137.20.64.0 0.0.15.255 ! ... ! snmp-server community public RO 64 snmp-server community secret RW 17 snmp-server trap-source Ethernet0 snmp-server enable traps snmp snmp-server host 137.20.40.17 traps public !r5 -- version 12.1 ... ! interface Serial0/1 ip address 137.20.25.2 255.255.255.0 ip access-group 107 in ! ... ! access-list 107 permit icmp any any access-list 107 permit ospf any any access-list 107 permit tcp any any eq bgp access-list 107 permit tcp any eq bgp any gt 1023 access-list 107 permit udp host 137.20.10.1 host 137.20.40.17 eq snmptrap access-list 107 permit udp host 137.20.10.1 eq snmptrap host 137.20.40.17 gt 1023 access-list 107 permit tcp host 137.20.10.2 any eq telnet access-list 107 permit tcp host 137.20.10.70 host 137.20.60.1 eq telnet access-list 107 permit tcp host 137.20.10.70 host 137.20.86.1 eq telnet access-list 107 deny ip any any log ! ... ! snmp-server engineID local 00000009020000049AE1D8C0 snmp-server community version view v1default RO snmp-server community public RO snmp-server community secret RW snmp-server enable traps snmp authentication snmp-server host 137.20.40.17 public !
r4 -- ! logging trap debugging ! snmp-server community public RO snmp-server community secret RW snmp-server manager !
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:39 GMT-3