SNMPv3 Server


Scenario:

The Agency has created a new security policy and since you are part of the security team you need to help them implement them. Some changes on the network have to be implemented through SNMPv3 and it’s up to you to configure your router as a SMPv3 agent.

Goal:

  • All IP addresses have been preconfigured for you.
  • Optional: You can use the cloud interface to connect your router to a free syslog server like Spiceworks FREE SNMP Network Manager (also works for SNMPv3).
  • Configure router Agent with a SNMP MIB VIEW called “EVERYONE”.
  • Configure router Agent with a SNMP MIB VIEW called “FORYOUREYESONLY”
  • Configure router Agent so “EVERYONE” contains branch “iso”.
  • Configure router Agent with a SNMP group called “EVERYONE”. Use security model “priv”. Assign read/write view to SNMP MIB VIEW “EVERYONE”.
  • Configure router Agent with a user called “007”. Use MD5 password “VAULT” and DES encryption password “SAFE”. Add this user to the “EVERYONE” group.
  • Configure router Agent with a SNMP group called “FORYOUREYESONLY”. Use security model “auth”. Assign read view to SNMP MIB VIEW “FORYOUREYESONLY”.
  • Configure router Agent with a user called “bigeyes”. This user only requires the password “LENS”. Add the user to the “FORYOUREYESONLY” group.
  • Configure router Agent so only users from network 192.168.12.0 /24 are allowed to access the SNMP GROUP “EVERYONE”.
  • Configure router Agent with a group called “KICKME” and use security model “priv”.
  • Configure router Agent with a user called “WILL” and add him to the group “KICKME”. Use password “VAULT”.
  • Configure router Agent with SNMP traps to host 192.168.12.2 and use security model ‘priv’. Use username “WILL”.
  • Configure router Agent to send a SNMP trap for event ‘warmstart’ and ‘coldstart’.

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

SNMPv3

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

6 Comments

  1. please provide video solution for this and all unsolved labs at least final configs…

    1. I’m doing the best I can, I always record the solution so once it’s done there will be a final config + video 🙂

  2. access-list 1 permit 192.168.12.0 0.0.0.255
    access-list 1 deny any log

    snmp-server group KICKME v3 priv notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
    snmp-server group EVERYONE v3 priv read EVERYONE write EVERYONE access 1
    snmp-server group FORYOUREYESONLY v3 auth read FORYOUREYESONLY

    snmp-server view EVERYONE iso included
    snmp-server view FORYOUREYESONLY system included

    snmp-server enable traps snmp coldstart warmstart
    snmp-server host 192.168.12.2 version 3 priv WILL

    snmp-server user 007 EVERYONE v3 auth md5 VAULT priv des56 SAFE
    snmp-server user bigeyes FORYOUREYESONLY v3 auth md5 LENS
    snmp-server user WILL KICKME v3 auth md5 VAULT

Comments are closed.