System Management- 4 Points
“The first network management server will be using SNMPv1 and the second SNMP server will be using SNMPv2c.”
r3(config)#snmp-server host 126.96.36.199 version ?
1 Use SNMPv1 <-default
2c Use SNMPv2c
3 Use SNMPv3
r3(config)#snmp-server host 188.8.131.52 version 1CISCO
r3(config)#snmp-server host 184.108.40.206 version 2cCISCO hsrp
r6#sh snmp host
Notification host: 220.127.116.11 udp-port: 162 type: trap
user: CISCO security model: v1
Notification host: 18.104.22.168udp-port: 162 type: trap
user: CISCO security model: v2c
When configuring snmp-server community strings, it is a good idea to ask the proctor if you need to tie these down with an ACL so only the network management servers can access them. I didn’t see anything in this task that specified this, but the IE solution used an ACL to limit access to the community strings to the network management servers only (a very important real world step).
The IE solution also specified tty traps for the first server?
In the Lab 4 Breakdown COD, IE states that the tty at the end of the line was a default value entered by the IOS. They also say that the access-list for the community strings is optional for this task.
9.2 IOS Menu
This is an easy, but somewhat time-consuming task. I did this task in notepad and then pasted it into the router.
Managing Connections, Menus, and System Banners
“The menu should be activated whenever the user NOC logs in using the password CISCO.”
I can see that I need to create a user/pass of NOC/CISCO (and ‘login local’ under the vty lines), but how do I automatically launch the menu for this user when they log in?
I found this under the related commands for ‘menu command”:
To automatically execute a command when a user connects to a particular line, use the autocommand command in line configuration mode. To disable the automatic execution, use the no form of this command.
I was on the right path, but configuring this under the vty lines was going to affect ALL vty users, not just the NOC. There is an option to use this command with the ‘username‘ command:
(Optional) Causes the specified command to be issued automatically after the user logs in. When the command is complete, the session is terminated. Because the command can be any length and contain embedded spaces, commands using the autocommand keyword must be the last option on the line.
Trying 22.214.171.124 … Open
User Access Verification
1 Ping r5’s loopback 0
2 Ping r6’s loopback 0
3 Trace to r5’s loopback 0
4 Trace to r6’s loopback 0
5 Quit (Access CLI)
“Ensure that NOC users can exit the menu, but do NOT allow them to have access to the CLI when they do so.”
The default behaviour of the menu-exit menu command is to exit the menu into exec CLI mode.
The menu command command has a special keyword for the command argument, menu-exit, that is available only within menus. It is used to exit a submenu and return to the previous menu level, or to exit the menu altogether and return to the EXEC command prompt.
So should I just log the user out instead? That’s what I did. Instead of ‘menu-exit’ for option 5, I used ‘exit’ instead:
menu NOCMENU text 5 Quit (Access CLI)
menu NOCMENU command 5 exit
The IE solution also uses “menu options x pause” for each menu option, but I don’t see anything in the task that requires this.
Pauses after the command is entered before redrawing the menu.