Exam 300-101 | Question id=438 | Infrastructure Services |
A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario?
A. |
router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO | |
B. |
router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO | |
C. |
router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO | |
D. |
router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO |
Most network admins and engineers are familiar with SNMPv2c which has become the dominant SNMP version of the past decade. It’s simple to configure on both the router/switch-side and just as easy on the network monitoring server. The problem of course is that the SNMP statistical payload is not encrypted and authentication is passed in cleartext. Most companies have decided that the information being transmitted isn’t valuable enough to be worth the extra effort in upgrading to SNMPv3, but I would suggest otherwise.
Like IPv4 to Ipv6, there are some major changes under the hood. SNMP version 2 uses community strings (think cleartext passwords, no encryption) to authenticate polling and trap delivery. SNMP version 3 moves away from the community string approach in favor of user-based authentication and view-based access control. The users are not actual local user accounts, rather they are simply a means to determine who can authenticate to the device. The view is used to define what the user account may access on the IOS device. Finally, each user is added to a group, which determines the access policy for its users. Users, groups, views.