CCIE Pursuit Blog

January 19, 2008

Internetwork Expert Volume II: Lab 4 – Section 9

System Management- 4 Points

9.1 SNMP

Configuring SNMP Support

snmp-server host

snmp-server community

“The first network management server will be using SNMPv1 and the second SNMP server will be using SNMPv2c.”

r3(config)#snmp-server host 141.1.7.100 version ?
  1   Use SNMPv1 <-default
  2c  Use SNMPv2c
  3   Use SNMPv3

r3(config)#snmp-server host 141.1.7.100 version 1CISCO
r3(config)#snmp-server host 141.1.7.100 version 2cCISCO hsrp

r6#sh snmp host
Notification host: 141.1.7.100  udp-port: 162   type: trap
user: CISCO     security model: v1

Notification host: 141.1.77.100udp-port: 162   type: trap
user: CISCO     security model: v2c

When configuring snmp-server community strings, it is a good idea to ask the proctor if you need to tie these down with an ACL so only the network management servers can access them.  I didn’t see anything in this task that specified this, but the IE solution used an ACL to limit access to the community strings to the network management servers only (a very important real world step).

9.1 WHY acl on snmp-server

The IE solution also specified tty traps for the first server?

Task 9.1 Solution – Why “tty”?

Task 9.1 SNMP

In the Lab 4 Breakdown COD, IE states that the tty at the end of the line was a default value entered by the IOS.  They also say that the access-list for the community strings is optional for this task.

9.2 IOS Menu

This is an easy, but somewhat time-consuming task.  I did this task in notepad and then pasted it into the router.

Managing Connections, Menus, and System Banners
Creating Menus

menu (EXEC)

“The menu should be activated whenever the user NOC logs in using the password CISCO.”

I can see that I need to create a user/pass of NOC/CISCO (and ‘login local’ under the vty lines), but how do I automatically launch the menu for this user when they log in?

I found this under the related commands for ‘menu command”:

autocommand 

To automatically execute a command when a user connects to a particular line, use the autocommand command in line configuration mode. To disable the automatic execution, use the no form of this command.

I was on the right path, but configuring this under the vty lines was going to affect ALL vty users, not just the NOC.  There is an option to use this command with the ‘username‘  command:

autocommand
 (Optional) Causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and contain embedded spaces, commands using the autocommand keyword must be the last option on the line.

r3#telnet 150.1.2.2
Trying 150.1.2.2 … Open
User Access Verification

Username: NOC
Password: [CISCO]

NOC Options

    1          Ping r5’s loopback 0

    2          Ping r6’s loopback 0

    3          Trace to r5’s loopback 0

    4          Trace to r6’s loopback 0

    5          Quit (Access CLI)

“Ensure that NOC users can exit the menu, but do NOT allow them to have access to the CLI when they do so.”

The default behaviour of the menu-exit menu command is to exit the menu into exec CLI mode.

menu command

The menu command command has a special keyword for the command argument, menu-exit, that is available only within menus. It is used to exit a submenu and return to the previous menu level, or to exit the menu altogether and return to the EXEC command prompt.

So should I just log the user out instead?  That’s what I did.  Instead of ‘menu-exit’ for option 5, I used ‘exit’ instead:

menu NOCMENU text 5 Quit (Access CLI)
menu NOCMENU command 5 exit

The IE solution also uses “menu options x pause” for each menu option, but I don’t see anything in the task that requires this.

menu options

pause
 Pauses after the command is entered before redrawing the menu. 
 

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: