SNMP using GROUP and USER

From: gladston@br.ibm.com
Date: Thu May 26 2005 - 16:38:54 GMT-3

• Next message: ccie2be: "BGP load balancing"
• Previous message: John Matus: "IE v2 lab 4......ATM bridging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Would you agree with this answer?

Task:
Configure the minimal commands to allow a remote management station to read all mibs using group/user:

Answer:
Rack2CAT1(config)#snmp-server group GROUP v2
Rack2CAT1(config)#snmp-server user USER GROUP v2

Results of sh snmp and sh snmp group make me think these two commands are enough. But I would like to confirm it with a snmp get (there is not one Linux
on the lab rack I am using).
It would be nice if IOS had a hiden snmpwalk command.

Rack2CAT1(config)#snmp-server group GROUP v2
Rack2CAT1(config)#snmp-server user USER GROUP v2

Rack2CAT1(config)#do sh snmp
Chassis: CHK0705W0YD
0 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    0 Number of requested variables
    0 Number of altered variables
    0 Get-request PDUs
    0 Get-next PDUs
    0 Set-request PDUs
0 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    0 No such name errors
    0 Bad values errors
    0 General errors
    0 Response PDUs
    0 Trap PDUs
SNMP global trap: disabled

SNMP logging: disabled
SNMP agent enabled

Rack2CAT1(config)#do sh ip so | i 161
 17 0.0.0.0 0 142.20.47.7 161 0 0 1 0
Rack2CAT1(config)#

groupname: GROU{ security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

Specifying group/user with view read-only view:

Rack2CAT1(config)#snmp-server view VIEW-RO mib-2 included
Rack2CAT1(config)#snmp-server group GROUP-RO v2 read VIEW-RO
Rack2CAT1(config)#snmp-server user USER-RO GROUP-RO v2

Rack2CAT1(config)#do sh snmp
Chassis: CHK0705W0YD
0 SNMP packets input
    0 Bad SNMP version errors
    0 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    0 Number of requested variables
    0 Number of altered variables
    0 Get-request PDUs
    0 Get-next PDUs
    0 Set-request PDUs
0 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    0 No such name errors
    0 Bad values errors
    0 General errors
    0 Response PDUs
    0 Trap PDUs
SNMP global trap: disabled

SNMP logging: disabled
SNMP agent enabled

Rack2CAT1(config)#do sh snmp group
groupname: GROUP security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: GROUP-RO security model:v2c
readview :VIEW-RO writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

Specifying group/user with read-write view:

Rack2CAT1(config)#snmp-server view VIEW-RW lsystem.55 in
Rack2CAT1(config)#snm
Rack2CAT1(config)#snmp-ser
Rack2CAT1(config)#snmp-server gr
Rack2CAT1(config)#snmp-server group GROUP-RW ?
  v1 group using the v1 security model
  v2c group using the v2c security model
  v3 group using the User Security Model (SNMPv3)

Rack2CAT1(config)#snmp-server group GROUP-RW v2 ?
  access specify an access-list associated with this group
  notify specify a notify view for the group
  read specify a read view for the group
  write specify a write view for the group
  <cr>

Rack2CAT1(config)#snmp-server group GROUP-RW v2 wr
Rack2CAT1(config)#snmp-server group GROUP-RW v2 write ?
  WORD write view name

Rack2CAT1(config)#snmp-server group GROUP-RW v2 write VIEW-RW ?
  access specify an access-list associated with this group
  notify specify a notify view for the group
  <cr>

Rack2CAT1(config)#snmp-server group GROUP-RW v2 write VIEW-RW
Rack2CAT1(config)#snmp-ser
Rack2CAT1(config)#snmp-server user
Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW ?
  remote Specify a remote SNMP entity to which the user belongs
  v1 user using the v1 security model
  v2c user using the v2c security model
  v3 user using the v3 security model

Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW v2 ?
  access specify an access-list associated with this group
  <cr>

Rack2CAT1(config)#snmp-server user USER-RW GROUP-RW v2
Rack2CAT1(config)#
Rack2CAT1(config)#do sh snmp gr
groupname: GROUP security model:v2c
readview :v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: GROUP-RO security model:v2c
readview :VIEW-RO writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: GROUP-RW security model:v2c
readview :v1default writeview: VIEW-RW
notifyview: <no notifyview specified>
row status: active

• Next message: ccie2be: "BGP load balancing"
• Previous message: John Matus: "IE v2 lab 4......ATM bridging"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:02 GMT-3