From: William Chen (kwchen@netvigator.com)
Date: Sun Feb 22 2004 - 14:10:54 GMT-3
Hi,
I actually do some testing on this to try to understand what actually the
"snmp-server community" command does:
1. Enable "snmp-server community", actually create a SNMP group with the
name of the community string.
R2#sh run | in snmp
snmp-server community Test2 RO
R2#sh snmp group
groupname: Test2 security model:v1
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: Test2 security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
*** Testing (Note, this is an successful GET) ***
C:\Documents and Settings\Will>snmpget -M
D:\ucd-snmp-4.2.3-win32\usr\mibs -v1 -c Test2 192.168.0.20 sysContact.0
system.sysContact.0 =
(Unsuccessful testing will return result after a while and like this:
C:\Documents and Settings\Will>snmpget -M
D:\ucd-snmp-4.2.3-win32\usr\mibs -v1 -c Test 192.168.0.20 sysContact.0
Timeout: No Response from 192.168.0.20.)
2. Instead of enable "snmp-server community", the same can be done by create
a SNMP group and user.
R2#sri snmp
snmp-server group Test2 v1
snmp-server user Test2 Test2 v1
R2#sh snmp group
groupname: Test2 security model:v1
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
*** Testing (Note, this is an successful GET) ***
C:\Documents and Settings\Will>snmpget -M
D:\ucd-snmp-4.2.3-win32\usr\mibs -v1 -c Test2 192.168.0.20 sysContact.0
system.sysContact.0 =
3. Enable "snmp-server host" will automatically create a SNMP group, but
without readview/writeview.
R2#sri snmp
snmp-server host 192.168.0.3 Test2
R2#sh snmp group
groupname: Test2 security model:v1
readview :<no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF
row status: active
groupname: Test2 security model:v2c
readview :<no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF
row status: active
*** Testing (Note, the SNMP server is sucessfully connected to the agent,
but since there is not a readview defined, the GET is unsuccessful) ***
C:\Documents and Settings\Will>snmpget -M
D:\ucd-snmp-4.2.3-win32\usr\mibs -v1 -c Test2 192.168.0.20 sysContact.0
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
Failed object: system.sysContact.0
4. Continue to 3, defined the Test2 SNMP group with a default read view.
R2(config)#snmp-server group Test2 v1 read v1default
R2#sri snmp
snmp-server group Test2 v1
snmp-server host 192.168.0.3 Test2
R2#sh snmp group
groupname: Test2 security model:v1
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
groupname: Test2 security model:v2c
readview :<no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF
row status: active
*** Testing (Note, this is an successful GET) ***
C:\Documents and Settings\Will>snmpget -M
D:\ucd-snmp-4.2.3-win32\usr\mibs -v1 -c Test2 192.168.0.20 sysContact.0
system.sysContact.0 =
Therefore, although "snmp-server community" is not need to the command
"snmp-server host", it actually create a SNMP group (which is the same the
"snmp-server community" does.) However, the remove of the "snmp-server host
don't remove the SNMP group. Therefore, as the DocCD saids:
"community-string - Password-like community string sent with the
notification operation. Though you can set this string using the snmp-server
host command by itself, we recommend you define this string using the
snmp-server community command prior to using the snmp-server host command."
HTH. Moreove, since the SNMP group and user are SNMPv3 model, I think
cisco seems to adapt the SNMPv3 as the future standard.
Best Regards,
William Chen
----- Original Message -----
From: "Alec" <clapun@graduate.hku.hk>
To: "john" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Sunday, February 22, 2004 2:36 PM
Subject: Re: RMON traps
> I believe snmp-server community is only required if snmp server is allowed
> to access the router.
>
> If a router need to send trap to an SNMP server, I think the snmp-server
> community command is not required. Please correct me if my assumption is
> wrong.
>
>
> ----- Original Message -----
> From: "john" <ccie2be@nyc.rr.com>
> To: "Alec" <clapun@graduate.hku.hk>; "Group Study"
<ccielab@groupstudy.com>
> Sent: Sunday, February 22, 2004 12:46 AM
> Subject: Re: RMON traps
>
>
> > Hi Alec,
> >
> > I believe it is. I also think that the rmon event command give you the
> > option of including the community string, but I don't know whether if
you
> > include the community string in the rmon command that negates the
> > requirement of the former command.
> >
> > With newer versions of IOS, you have the ability to configure the
router
> as
> > a SNMP manager. If you do that (or if you have an actual snmp
management
> > stattion), you can test this.
> >
> > I never checked but I suspect if you configure a router as a snmp
> management
> > station, you can probably run a debug snmp or debug ip snmp which will
> show
> > you what happens when the snmp management station receives a trap.
> >
> > HTH
> >
> > ----- Original Message -----
> > From: "Alec" <clapun@graduate.hku.hk>
> > To: "Group Study" <ccielab@groupstudy.com>
> > Sent: Saturday, February 21, 2004 11:29 AM
> > Subject: RMON traps
> >
> >
> > > Hi group,
> > >
> > > From the config guide, the following command can generate a log entry
> AND
> > > send SNMP trap.
> > >
> > > Question : I'm not sure whether the snmp-server community command is
> > > required for this purpose. Grateful if anyone can point out, thanks
> > >
> > > rmon event 1 log trap eventtrap description "High ifOutErrors" owner
> > lmiller
> > >
> > > snmp-server host 150.0.1.231 cisco
> > > snmp-server community cisco RO <== is it required ?
> > > snmp-server enable traps
> > >
> > >
> > > rgds,
> > > alec
> > >
> > >
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:55 GMT-3