Belajar Mengkonfigurasi SNMP V3
13 May 2010
Kali ini saya belajar bagaimana mengkonfigurasi SNMP V3 di Device cisco, mengapa V3, apa sih kelebihannya ? ini dia perbandingannya dengan versi-versi sebelumnya :Secara Umum cara mengkonfigurasi SNMP V3 adalah sebagai berikut: 1. Configuring the SNMP-server engine ID 2. Configuring the SNMP-server group names 3. Configuring the SNMP-server users 4. Configuring the SNMP-server hosts ******************************************* *1. Configuring the SNMP-server engine ID * ******************************************* -------------------------------------------------------- cnc3(config)# snmp-server engineID [local engineid-string] | [remote ip-address udp-port port-number engineid-string] -------------------------------------------------------- cnc3(config)#snmp-server engineID ? local engineID of the local agent remote engineID of the remote agent cnc3(config)# cnc3(config)#snmp-server engineID local ? WORD engine ID octet string cnc3(config)#snmp-server engineID local 9876543210 cnc3(config)# ******************************************** *2. Configuring the SNMP-server group names* ******************************************** -------------------------------------------------------- cnc3(config)# snmp-server group groupname {v1 | v2c | v3 {auth | noauth | priv}} [read readview] [write writeview] [notify notifyview] [access access-list] -------------------------------------------------------- cnc3(config)#snmp-server group datakomgroup ? v1 group using the v1 security model v2c group using the v2c security model v3 group using the User Security Model (SNMPv3) cnc3(config)#snmp-server group datakomgroup v3 ? auth group using the authNoPriv Security Level noauth group using the noAuthNoPriv Security Level priv group using SNMPv3 authPriv security level cnc3(config)#snmp-server group datakomgroup v3 auth cnc3(config)#snmp-server group datakomgroup v3 priv cnc3(config)# ************************************** *3. Configuring the SNMP-server users* ************************************** -------------------------------------------------------- cnc3(config)# snmp-server user username groupname [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv-password]]} [access access-list] -------------------------------------------------------- cnc3(config)#snmp-server user ? WORD Name of the user cnc3(config)#snmp-server user datakom ? WORD Group to which the user belongs cnc3(config)#snmp-server user datakom datakomgroup ? remote Specify a remote SNMP entity to which the user belongs v1 user using the v1 security model v2c user using the v2c security model v3 user using the v3 security model cnc3(config)#snmp-server user datakom datakomgroup v3 ? access specify an access-list associated with this group auth authentication parameters for the user encrypted specifying passwords as MD5 or SHA digests <cr> cnc3(config)#snmp-server user datakom datakomgroup v3 auth ? md5 Use HMAC MD5 algorithm for authentication sha Use HMAC SHA algorithm for authentication cnc3(config)#snmp-server user datakom datakomgroup v3 auth md5 ? WORD authentication pasword for user cnc3(config)#snmp-server user datakom datakomgroup v3 auth md5 datakom123 cnc3(config)#$ user datakom datakomgroup v3 auth md5 datakom123 priv ? 3des Use 168 bit 3DES algorithm for encryption aes Use AES algorithm for encryption des Use 56 bit DES algorithm for encryption cnc3(config)#$ user datakom datakomgroup v3 auth md5 datakom123 priv des ? WORD privacy pasword for user cnc3(config)#$kom datakomgroup v3 auth md5 datakom123 priv des datakom123 ? access specify an access-list associated with this group <cr> cnc3(config)#$kom datakomgroup v3 auth md5 datakom123 priv des datakom123 cnc3(config)# *May 13 05:03:08.463: Configuring snmpv3 USM user, persisting snmpEngineBoots. Please Wait... cnc3(config)# ************************************** *4. Configuring the SNMP-server hosts* ************************************** -------------------------------------------------------- cnc3(config)#snmp-server host ? WORD Hostname or IP address of SNMP notification host http://<Hostname or A.B.C.D>[:<port number>][/<uri>] HTTP address of XML notification host -------------------------------------------------------- cnc3(config)#snmp-server host 192.168.70.2 ? WORD SNMPv1/v2c community string or SNMPv3 user name informs Send Inform messages to this host traps Send Trap messages to this host version SNMP version to use for notification messages vrf VPN Routing instance for this host cnc3(config)#snmp-server host 192.168.70.2 version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level cnc3(config)#snmp-server host 192.168.70.2 version 3 auth ? WORD SNMPv1/v2c community string or SNMPv3 user name cnc3(config)#snmp-server host 192.168.70.2 version 3 auth datakom cnc3(config)#snmp-server host 192.168.70.2 version 3 priv datakom cnc3(config)#snmp-server contact iwingganteng cnc3(config)#snmp-server location dayeuhkolot -------------------------------------------------------- **************** *5.How to check* **************** cnc3#show snmp user datakom User name: datakom Engine ID: 9876543210 storage-type: nonvolatile active Authentication Protocol: MD5 Privacy Protocol: DES Group-name: datakomgroup cnc3# --------------------------------------------------------
ref: Cisco IOS Network Management Configuration Guide Release 12.4T, url: http://www.cisco.com, (mei 2010)
Advertisements
No comments yet
