can someone help me with SNMPv3 and netflow questions?

Configure SNMPv3 for group "admin" on R3 as per following requirements

? Use location any

? Use contact any

? Use R3 loopback0 interface for SNMP trap as source

? A SNMPv3 group admin has a user with a view privilege adminview and must view only ISO mib.

? A SNMPv3 group admin has a user with a view privilege adminwrite and must write only system mib.

? Ensure that group admin should be set with strongest security mechanism.

? A user ccie should be from group admin and use md5 password of cisco (case sensitive)

? Ensure that admin group only allow users access from 1.1.88.0/24

? Use a SNMP v2c instance for NMS in 1.1.85.0/24 to accomplish this task.

 

 

 

 

Configure NetFlow on R1 according to the following requirements

? Enable NetFlow on R1 to monitor the traffic entering and leaving Area 0 from BB1

? Generate NetFlow sample one out-of-every 1000 packets

? Export the flows to the server YY.YY.56.100 port 2222

? In case the export to server fails, use backup server YY.YY.56.101 with the same port number.

? Use R1 Loopback as source address for the exports

? Use NetFlow version 9 with reliable transfer

? Do not use policy-map

Comments

  • JoeMJoeM ✭✭✭

    Hi Snada,

    What lab is this from? 

    Have you tried to complete any of these requirements?   Some of these are as simple as using a question mark (?).

          i.e.   snmp-server  ?

    What specifically are your questions?   All of it?

     

    Here are the Cisco docs for reference:

    Configure (12.4T)  >>  Network  >> Network Management

                 snmp configuration

                 Netflow configuration

  • here's my answer i'm not sure if ti's 100 % correct.

     

    access-list 17 permit YY.YY.17.0 0.0.0.255

    access-list 67 permit YY.YY.67.0 0.0.0.255

    snmp-server location any 

    snmp-server contact any 

    snmp-server source-interface trap Loopback0

    snmp-server view adminview iso included

    snmp-server view adminwrite system included

    snmp-server group admin v3 priv read adminview write adminwrite access 17

    snmp-server user ccie admin v3 auth md5 cisco

    snmp-server community NMS ro 67

    no snmp-server group NMS v1

     

     

     

    =======================

    ip flow-export version 9

    ip flow-export source loopback 0 

    ip flow-export destination YY.YY.56.100 2222 sctp

    backup destination YY.YY.56.101 2222

    backup mode fail-over

    flow-sampler-map NETFLOW

    mode random one-out-of 1000

    interface Gi0/1

    flow-sampler NETFLOW

    flow-sampler NETFLOW egress

  • - net flow

    look fine for me, additional please check that ip cef is enabled on device

    - snmp

    in question we have

    ? Use a SNMP v2c instance for NMS in 1.1.85.0/24 to accomplish this task.

    NMS word I think it isn't 'snmp community string', hmm maybe is, if NMS is community string config is ok


    ---


    access-list 67 permit YY.YY.67.0 0.0.0.255


    snmp-server user ccie admin v2c access 67


    ---


    I did above config but I'm not shure it is ok


    no snmp-server group NMS v1


    why you did this?

     

     

     

     

     

  • hi JoeM

    I thing sanda config look ok, what do you think about below, it is ok?

    ---

    snmp-server community NMS ro 67

    no snmp-server group NMS v1

    ---

Sign In or Register to comment.