[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.03,0:00:02.31,Default,,0000,0000,0000,,In this lecture, you'll see the
Dialogue: 0,0:00:02.31,0:00:06.25,Default,,0000,0000,0000,,configuration for SNMP version 3.
Dialogue: 0,0:00:06.25,0:00:12.17,Default,,0000,0000,0000,,[Music]
Dialogue: 0,0:00:12.99,0:00:17.63,Default,,0000,0000,0000,,So you saw earlier that in SNMP version
Dialogue: 0,0:00:17.63,0:00:21.61,Default,,0000,0000,0000,,1 and 2, the SNMP manager,
Dialogue: 0,0:00:21.61,0:00:24.76,Default,,0000,0000,0000,,that's our NMS server, and the SNMP agent,
Dialogue: 0,0:00:24.76,0:00:27.97,Default,,0000,0000,0000,,that's our router or switch, they recognize
Dialogue: 0,0:00:27.97,0:00:30.49,Default,,0000,0000,0000,,each other through simple unencrypted
Dialogue: 0,0:00:30.49,0:00:32.98,Default,,0000,0000,0000,,community strings. So it's not very
Dialogue: 0,0:00:32.98,0:00:33.73,Default,,0000,0000,0000,,secure.
Dialogue: 0,0:00:33.73,0:00:36.55,Default,,0000,0000,0000,,[inaudible] improved upon with SNMP
Dialogue: 0,0:00:36.55,0:00:39.21,Default,,0000,0000,0000,,version 3 which does support
Dialogue: 0,0:00:39.21,0:00:43.30,Default,,0000,0000,0000,,authentication and encryption. With SNMP
Dialogue: 0,0:00:43.30,0:00:46.75,Default,,0000,0000,0000,,version 3, the security model uses users
Dialogue: 0,0:00:46.75,0:00:49.33,Default,,0000,0000,0000,,and groups. So we're going to configure a
Dialogue: 0,0:00:49.33,0:00:52.03,Default,,0000,0000,0000,,user on the router or switch, and we
Dialogue: 0,0:00:52.03,0:00:55.75,Default,,0000,0000,0000,,configure a matching user on the NMS
Dialogue: 0,0:00:55.75,0:00:57.94,Default,,0000,0000,0000,,server. That's how they recognize each
Dialogue: 0,0:00:57.94,0:01:00.100,Default,,0000,0000,0000,,other. There is also a group as well. So
Dialogue: 0,0:01:00.100,0:01:03.10,Default,,0000,0000,0000,,most of the settings are configured at
Dialogue: 0,0:01:03.10,0:01:05.38,Default,,0000,0000,0000,,the group level, and those settings are
Dialogue: 0,0:01:05.38,0:01:06.94,Default,,0000,0000,0000,,going to be applied to the user
Dialogue: 0,0:01:06.94,0:01:09.10,Default,,0000,0000,0000,,depending on which group it's actually
Dialogue: 0,0:01:09.10,0:01:13.33,Default,,0000,0000,0000,,in. There's three different security
Dialogue: 0,0:01:13.33,0:01:15.67,Default,,0000,0000,0000,,levels available, and these are
Dialogue: 0,0:01:15.67,0:01:17.59,Default,,0000,0000,0000,,configured at the group level. So
Dialogue: 0,0:01:17.59,0:01:19.12,Default,,0000,0000,0000,,normally, you're going to just use one
Dialogue: 0,0:01:19.12,0:01:21.52,Default,,0000,0000,0000,,particular security level. But it is
Dialogue: 0,0:01:21.52,0:01:23.92,Default,,0000,0000,0000,,possible that you could have one NMS
Dialogue: 0,0:01:23.92,0:01:26.26,Default,,0000,0000,0000,,server in one group, it's got one
Dialogue: 0,0:01:26.26,0:01:28.39,Default,,0000,0000,0000,,security level, and a different NMS
Dialogue: 0,0:01:28.39,0:01:30.19,Default,,0000,0000,0000,,server in a different group, but it's
Dialogue: 0,0:01:30.19,0:01:31.99,Default,,0000,0000,0000,,got a different security level. That
Dialogue: 0,0:01:31.99,0:01:33.67,Default,,0000,0000,0000,,would be a pretty weird thing to do, but
Dialogue: 0,0:01:33.67,0:01:36.43,Default,,0000,0000,0000,,it is possible to do that. There's three
Dialogue: 0,0:01:36.43,0:01:38.41,Default,,0000,0000,0000,,different security levels. The first one
Dialogue: 0,0:01:38.41,0:01:41.92,Default,,0000,0000,0000,,is noAuthnoPriv which means no
Dialogue: 0,0:01:41.92,0:01:44.50,Default,,0000,0000,0000,,authentication and no privacy. With
Dialogue: 0,0:01:44.50,0:01:47.17,Default,,0000,0000,0000,,noAuthnoPriv, no authentication password
Dialogue: 0,0:01:47.17,0:01:49.48,Default,,0000,0000,0000,,is exchanged, and the communications
Dialogue: 0,0:01:49.48,0:01:51.82,Default,,0000,0000,0000,,between the agent and the server are not
Dialogue: 0,0:01:51.82,0:01:54.91,Default,,0000,0000,0000,,encrypted. So with noAuthnoPriv, it
Dialogue: 0,0:01:54.91,0:01:56.50,Default,,0000,0000,0000,,still doesn't use a community string, it
Dialogue: 0,0:01:56.50,0:01:58.57,Default,,0000,0000,0000,,still uses a username because that's
Dialogue: 0,0:01:58.57,0:02:00.13,Default,,0000,0000,0000,,SNMP version 3,
Dialogue: 0,0:02:00.13,0:02:02.92,Default,,0000,0000,0000,,but that username basically replaces,
Dialogue: 0,0:02:02.92,0:02:04.81,Default,,0000,0000,0000,,works the same as the community
Dialogue: 0,0:02:04.81,0:02:08.62,Default,,0000,0000,0000,,string in SNMP version 1 and version 2.
Dialogue: 0,0:02:08.62,0:02:10.87,Default,,0000,0000,0000,,So there's not much point in doing that,
Dialogue: 0,0:02:10.87,0:02:12.22,Default,,0000,0000,0000,,doesn't really give you any advantage
Dialogue: 0,0:02:12.22,0:02:15.49,Default,,0000,0000,0000,,over the old SNMP versions. The next
Dialogue: 0,0:02:15.49,0:02:16.84,Default,,0000,0000,0000,,security level we've got is
Dialogue: 0,0:02:16.84,0:02:20.29,Default,,0000,0000,0000,,AuthNoPriv. With AuthNoPriv, password
Dialogue: 0,0:02:20.29,0:02:23.38,Default,,0000,0000,0000,,authentication is used. So the NMS server
Dialogue: 0,0:02:23.38,0:02:25.02,Default,,0000,0000,0000,,and the network device will
Dialogue: 0,0:02:25.02,0:02:27.76,Default,,0000,0000,0000,,securely authenticate each other. When we do
Dialogue: 0,0:02:27.76,0:02:28.98,Default,,0000,0000,0000,,that authentication, the
Dialogue: 0,0:02:28.98,0:02:31.24,Default,,0000,0000,0000,,authentication is encrypted, so the user
Dialogue: 0,0:02:31.24,0:02:33.61,Default,,0000,0000,0000,,and- user name and password is encrypted,
Dialogue: 0,0:02:33.61,0:02:36.61,Default,,0000,0000,0000,,does not go in plaintext. But after that
Dialogue: 0,0:02:36.61,0:02:39.52,Default,,0000,0000,0000,,initial authentication, no encryption is
Dialogue: 0,0:02:39.52,0:02:41.44,Default,,0000,0000,0000,,used for communications between the
Dialogue: 0,0:02:41.44,0:02:44.17,Default,,0000,0000,0000,,devices. So if the server pulls some
Dialogue: 0,0:02:44.17,0:02:46.03,Default,,0000,0000,0000,,information from the device, that's
Dialogue: 0,0:02:46.03,0:02:47.98,Default,,0000,0000,0000,,going to go over the network unencrypted.
Dialogue: 0,0:02:47.98,0:02:50.50,Default,,0000,0000,0000,,So the last one is the one that we're
Dialogue: 0,0:02:50.50,0:02:52.96,Default,,0000,0000,0000,,most likely gonna want to use which is
Dialogue: 0,0:02:52.96,0:02:55.75,Default,,0000,0000,0000,,AuthPriv. With AuthPriv, password
Dialogue: 0,0:02:55.75,0:02:57.94,Default,,0000,0000,0000,,authentication is used, again, the same as
Dialogue: 0,0:02:57.94,0:03:00.00,Default,,0000,0000,0000,,it was in AuthNoPriv, but
Dialogue: 0,0:03:00.00,0:03:02.38,Default,,0000,0000,0000,,communications between the agent and the
Dialogue: 0,0:03:02.38,0:03:05.08,Default,,0000,0000,0000,,server are also encrypted. So with AuthPriv,
Dialogue: 0,0:03:05.08,0:03:07.75,Default,,0000,0000,0000,,the NMS server and the device are
Dialogue: 0,0:03:07.75,0:03:09.73,Default,,0000,0000,0000,,going to securely authenticate each
Dialogue: 0,0:03:09.73,0:03:11.89,Default,,0000,0000,0000,,other, that does not go in plaintext. And
Dialogue: 0,0:03:11.89,0:03:14.17,Default,,0000,0000,0000,,also whenever they're sharing information,
Dialogue: 0,0:03:14.17,0:03:16.90,Default,,0000,0000,0000,,that is also encrypted as well. So this
Dialogue: 0,0:03:16.90,0:03:18.70,Default,,0000,0000,0000,,is the most secure way of doing it. If
Dialogue: 0,0:03:18.70,0:03:21.64,Default,,0000,0000,0000,,we're using SNMP version 3, most likely
Dialogue: 0,0:03:21.64,0:03:24.97,Default,,0000,0000,0000,,were going to be using AuthPriv. Okay, so
Dialogue: 0,0:03:24.97,0:03:27.67,Default,,0000,0000,0000,,let's look at the configuration. So you
Dialogue: 0,0:03:27.67,0:03:29.38,Default,,0000,0000,0000,,saw earlier in this lecture, we're gonna
Dialogue: 0,0:03:29.38,0:03:31.06,Default,,0000,0000,0000,,have the group and we're gonna have the
Dialogue: 0,0:03:31.06,0:03:33.76,Default,,0000,0000,0000,,user as well. Let's configure the group
Dialogue: 0,0:03:33.76,0:03:37.69,Default,,0000,0000,0000,,first. So a global config, I say 'snmp-
Dialogue: 0,0:03:37.69,0:03:40.93,Default,,0000,0000,0000,,server group', in this example, I've called
Dialogue: 0,0:03:40.93,0:03:43.33,Default,,0000,0000,0000,,the group 'Flackbox-group', then
Dialogue: 0,0:03:43.33,0:03:45.73,Default,,0000,0000,0000,,actually 'v3' to say that we're using SNMP
Dialogue: 0,0:03:45.73,0:03:48.13,Default,,0000,0000,0000,,version 3. And in the example, I've used
Dialogue: 0,0:03:48.13,0:03:49.96,Default,,0000,0000,0000,,the context-sensitive help, I've hit the
Dialogue: 0,0:03:49.96,0:03:51.79,Default,,0000,0000,0000,,question mark to see what the next key
Dialogue: 0,0:03:51.79,0:03:53.80,Default,,0000,0000,0000,,word is. And this is where we set the
Dialogue: 0,0:03:53.80,0:03:57.13,Default,,0000,0000,0000,,security level of either auth, noAuth, or
Dialogue: 0,0:03:57.13,0:04:04.63,Default,,0000,0000,0000,,priv. Then next thing that we do- so in
Dialogue: 0,0:04:04.63,0:04:06.58,Default,,0000,0000,0000,,the example, I've set priv because I want
Dialogue: 0,0:04:06.58,0:04:08.80,Default,,0000,0000,0000,,the most secure level. Then I've put the
Dialogue: 0,0:04:08.80,0:04:10.57,Default,,0000,0000,0000,,question mark in again to see what the
Dialogue: 0,0:04:10.57,0:04:12.73,Default,,0000,0000,0000,,next key word is. Next key word we've
Dialogue: 0,0:04:12.73,0:04:16.03,Default,,0000,0000,0000,,got access, context, match, notify, read,
Dialogue: 0,0:04:16.03,0:04:19.72,Default,,0000,0000,0000,,and write. With access, you can set an
Dialogue: 0,0:04:19.72,0:04:21.70,Default,,0000,0000,0000,,access list. I'll talk about that a bit
Dialogue: 0,0:04:21.70,0:04:24.61,Default,,0000,0000,0000,,more in the next slide. Context and match
Dialogue: 0,0:04:24.61,0:04:28.30,Default,,0000,0000,0000,,both apply to contexts. And notify,
Dialogue: 0,0:04:28.30,0:04:31.84,Default,,0000,0000,0000,,read, and write are about views. So let's
Dialogue: 0,0:04:31.84,0:04:33.88,Default,,0000,0000,0000,,see what that means. So the first key
Dialogue: 0,0:04:33.88,0:04:35.95,Default,,0000,0000,0000,,word available there was access. What you
Dialogue: 0,0:04:35.95,0:04:38.02,Default,,0000,0000,0000,,can do is you can configure a normal
Dialogue: 0,0:04:38.02,0:04:39.27,Default,,0000,0000,0000,,access-
Dialogue: 0,0:04:39.27,0:04:41.22,Default,,0000,0000,0000,,access list on a router or of a switch
Dialogue: 0,0:04:41.22,0:04:44.16,Default,,0000,0000,0000,,where you specify the IP address of the
Dialogue: 0,0:04:44.16,0:04:46.62,Default,,0000,0000,0000,,NMS server. And then when you configure
Dialogue: 0,0:04:46.62,0:04:49.62,Default,,0000,0000,0000,,your SNMP settings here, you can
Dialogue: 0,0:04:49.62,0:04:51.48,Default,,0000,0000,0000,,reference that access list which means
Dialogue: 0,0:04:51.48,0:04:53.94,Default,,0000,0000,0000,,you're locking it down, the [inaudible] router
Dialogue: 0,0:04:53.94,0:04:55.80,Default,,0000,0000,0000,,or switch will only communicate with
Dialogue: 0,0:04:55.80,0:04:59.67,Default,,0000,0000,0000,,SNMP with that particular IP address. So
Dialogue: 0,0:04:59.67,0:05:01.41,Default,,0000,0000,0000,,you're locking it down to the IP address
Dialogue: 0,0:05:01.41,0:05:04.80,Default,,0000,0000,0000,,of your NMS server. The next key words we
Dialogue: 0,0:05:04.80,0:05:06.60,Default,,0000,0000,0000,,had in there were about contexts.
Dialogue: 0,0:05:06.60,0:05:09.90,Default,,0000,0000,0000,,Contexts are used on switches to specify
Dialogue: 0,0:05:09.90,0:05:13.53,Default,,0000,0000,0000,,which VLANs are accessible via SNMP. So
Dialogue: 0,0:05:13.53,0:05:15.18,Default,,0000,0000,0000,,if you're configuring a switch, you might
Dialogue: 0,0:05:15.18,0:05:17.19,Default,,0000,0000,0000,,need to set that up so that your NMS
Dialogue: 0,0:05:17.19,0:05:19.29,Default,,0000,0000,0000,,system can access other VLANs, not
Dialogue: 0,0:05:19.29,0:05:22.59,Default,,0000,0000,0000,,just the default VLAN. And then the last
Dialogue: 0,0:05:22.59,0:05:24.93,Default,,0000,0000,0000,,thing we could set there were our views.
Dialogue: 0,0:05:24.93,0:05:27.36,Default,,0000,0000,0000,,Views can be used to limit what
Dialogue: 0,0:05:27.36,0:05:30.18,Default,,0000,0000,0000,,information is accessible to the NMS
Dialogue: 0,0:05:30.18,0:05:33.72,Default,,0000,0000,0000,,server. And we had a read view, a write view,
Dialogue: 0,0:05:33.72,0:05:36.45,Default,,0000,0000,0000,,and a notify view are all available. If
Dialogue: 0,0:05:36.45,0:05:39.84,Default,,0000,0000,0000,,you don't specify a read view, then all
Dialogue: 0,0:05:39.84,0:05:43.08,Default,,0000,0000,0000,,MIB objects are accessible to read. So by
Dialogue: 0,0:05:43.08,0:05:45.81,Default,,0000,0000,0000,,default, the NMS server can get all the
Dialogue: 0,0:05:45.81,0:05:48.51,Default,,0000,0000,0000,,different SNMP information from that
Dialogue: 0,0:05:48.51,0:05:50.73,Default,,0000,0000,0000,,particular device. So if you want to lock
Dialogue: 0,0:05:50.73,0:05:52.71,Default,,0000,0000,0000,,it down to only be able to gather a
Dialogue: 0,0:05:52.71,0:05:55.44,Default,,0000,0000,0000,,particular- or maybe a pool, a particular set
Dialogue: 0,0:05:55.44,0:05:57.00,Default,,0000,0000,0000,,of information, then you would use a
Dialogue: 0,0:05:57.00,0:05:59.61,Default,,0000,0000,0000,,read view for that. Next one was write
Dialogue: 0,0:05:59.61,0:06:01.98,Default,,0000,0000,0000,,view. If you don't specify a write view,
Dialogue: 0,0:06:01.98,0:06:04.83,Default,,0000,0000,0000,,then no MIB objects are accessible to
Dialogue: 0,0:06:04.83,0:06:06.78,Default,,0000,0000,0000,,write. So this works the other way. So by
Dialogue: 0,0:06:06.78,0:06:09.27,Default,,0000,0000,0000,,default, it can read everything, but it
Dialogue: 0,0:06:09.27,0:06:12.21,Default,,0000,0000,0000,,can write nothing. So if you want to lock
Dialogue: 0,0:06:12.21,0:06:14.37,Default,,0000,0000,0000,,down, limit what it can read, configure a
Dialogue: 0,0:06:14.37,0:06:16.53,Default,,0000,0000,0000,,read view. If you want it to be able to
Dialogue: 0,0:06:16.53,0:06:18.93,Default,,0000,0000,0000,,write anything, then you have to
Dialogue: 0,0:06:18.93,0:06:21.33,Default,,0000,0000,0000,,configure a write view. Without
Dialogue: 0,0:06:21.33,0:06:23.49,Default,,0000,0000,0000,,explicitly configuring a write view, it
Dialogue: 0,0:06:23.49,0:06:25.71,Default,,0000,0000,0000,,doesn't get any write access. So by
Dialogue: 0,0:06:25.71,0:06:27.93,Default,,0000,0000,0000,,default, the NMS server gets read-only
Dialogue: 0,0:06:27.93,0:06:31.35,Default,,0000,0000,0000,,access to all MIBs. The last one was
Dialogue: 0,0:06:31.35,0:06:33.75,Default,,0000,0000,0000,,the notify view. Notify view is used
Dialogue: 0,0:06:33.75,0:06:36.12,Default,,0000,0000,0000,,to send notifications to members of the
Dialogue: 0,0:06:36.12,0:06:38.76,Default,,0000,0000,0000,,group. Notification is a trap. If you
Dialogue: 0,0:06:38.76,0:06:40.44,Default,,0000,0000,0000,,don't specify anything, it will be
Dialogue: 0,0:06:40.44,0:06:43.53,Default,,0000,0000,0000,,disabled by default. Okay, so those were
Dialogue: 0,0:06:43.53,0:06:47.79,Default,,0000,0000,0000,,our views. So when I configure the group
Dialogue: 0,0:06:47.79,0:06:49.98,Default,,0000,0000,0000,,here, in this example, the full command
Dialogue: 0,0:06:49.98,0:06:52.54,Default,,0000,0000,0000,,that I use is 'snmp-server group
Dialogue: 0,0:06:52.54,0:06:56.14,Default,,0000,0000,0000,,Flackbox-group v3 priv'. So I haven't
Dialogue: 0,0:06:56.14,0:06:58.42,Default,,0000,0000,0000,,configured any access lists or any views
Dialogue: 0,0:06:58.42,0:07:00.85,Default,,0000,0000,0000,,or anything here,1 they are all optional.
Dialogue: 0,0:07:00.85,0:07:03.25,Default,,0000,0000,0000,,And because I'm using the defaults here,
Dialogue: 0,0:07:03.25,0:07:06.25,Default,,0000,0000,0000,,the NMS server that is in this group
Dialogue: 0,0:07:06.25,0:07:09.43,Default,,0000,0000,0000,,will have full read-only access to the
Dialogue: 0,0:07:09.43,0:07:11.40,Default,,0000,0000,0000,,device.
Dialogue: 0,0:07:11.40,0:07:14.80,Default,,0000,0000,0000,,Okay, so I've configured my group. The
Dialogue: 0,0:07:14.80,0:07:16.57,Default,,0000,0000,0000,,next thing I'm gonna want to do is
Dialogue: 0,0:07:16.57,0:07:21.31,Default,,0000,0000,0000,,configure my user. So the first word I
Dialogue: 0,0:07:21.31,0:07:24.49,Default,,0000,0000,0000,,use again is 'snmp-server', but I'm doing
Dialogue: 0,0:07:24.49,0:07:26.36,Default,,0000,0000,0000,,the user this time so 'snmp-server
Dialogue: 0,0:07:26.36,0:07:29.92,Default,,0000,0000,0000,,user'. And then for my example user,
Dialogue: 0,0:07:29.92,0:07:33.19,Default,,0000,0000,0000,,I've called it 'Flackbox-user'. Next I
Dialogue: 0,0:07:33.19,0:07:35.77,Default,,0000,0000,0000,,specify the group that this user is
Dialogue: 0,0:07:35.77,0:07:37.93,Default,,0000,0000,0000,,in, and I'm putting it in the Flackbox
Dialogue: 0,0:07:37.93,0:07:40.42,Default,,0000,0000,0000,,group that I just configured a minute ago.
Dialogue: 0,0:07:40.42,0:07:45.01,Default,,0000,0000,0000,,I say v3 for SNMP version 3, and then auth
Dialogue: 0,0:07:45.01,0:07:47.52,Default,,0000,0000,0000,,is where I'm gonna specify the
Dialogue: 0,0:07:47.52,0:07:49.66,Default,,0000,0000,0000,,authentication algorithm that I'm gonna
Dialogue: 0,0:07:49.66,0:07:54.32,Default,,0000,0000,0000,,use. I can either use MD5 or SHA authentication.
Dialogue: 0,0:07:54.32,0:07:56.59,Default,,0000,0000,0000,,SHA is more secure, but it's a little bit
Dialogue: 0,0:07:56.59,0:08:00.73,Default,,0000,0000,0000,,slower. Okay, next up, so I've said 'snmp-
Dialogue: 0,0:08:00.73,0:08:03.04,Default,,0000,0000,0000,,server user flackbox-user', in the flat
Dialogue: 0,0:08:03.04,0:08:06.19,Default,,0000,0000,0000,,box group, SNMP version 3, auth, I'm using
Dialogue: 0,0:08:06.19,0:08:08.53,Default,,0000,0000,0000,,SHA, and I'm using an authentication
Dialogue: 0,0:08:08.53,0:08:11.20,Default,,0000,0000,0000,,password of 'AUTHPASSWORD' for this
Dialogue: 0,0:08:11.20,0:08:13.51,Default,,0000,0000,0000,,example. So you know, we talked about the
Dialogue: 0,0:08:13.51,0:08:15.28,Default,,0000,0000,0000,,three different security levels, and
Dialogue: 0,0:08:15.28,0:08:17.41,Default,,0000,0000,0000,,there you specify authentication and
Dialogue: 0,0:08:17.41,0:08:20.38,Default,,0000,0000,0000,,privacy separately, but we configure the
Dialogue: 0,0:08:20.38,0:08:22.03,Default,,0000,0000,0000,,authentication and the privacy
Dialogue: 0,0:08:22.03,0:08:24.07,Default,,0000,0000,0000,,separately as well. So right now I've
Dialogue: 0,0:08:24.07,0:08:26.56,Default,,0000,0000,0000,,already configured the authentication,
Dialogue: 0,0:08:26.56,0:08:30.01,Default,,0000,0000,0000,,next up, I'm gonna configure the privacy.
Dialogue: 0,0:08:30.01,0:08:32.62,Default,,0000,0000,0000,,So I say priv, and I've used a question
Dialogue: 0,0:08:32.62,0:08:34.75,Default,,0000,0000,0000,,mark again to see what options I've got
Dialogue: 0,0:08:34.75,0:08:37.81,Default,,0000,0000,0000,,here. And I can either use DES, triple
Dialogue: 0,0:08:37.81,0:08:41.23,Default,,0000,0000,0000,,DES or AES encryption. AES is the most
Dialogue: 0,0:08:41.23,0:08:43.72,Default,,0000,0000,0000,,modern of those, it's the most secure, but
Dialogue: 0,0:08:43.72,0:08:47.02,Default,,0000,0000,0000,,it's a little bit slower. Okay,
Dialogue: 0,0:08:47.02,0:08:51.22,Default,,0000,0000,0000,,after I configure that- so here, and I
Dialogue: 0,0:08:51.22,0:08:52.30,Default,,0000,0000,0000,,won't read out the whole
Dialogue: 0,0:08:52.30,0:08:54.97,Default,,0000,0000,0000,,command to you again, I've got up to I'm using
Dialogue: 0,0:08:54.97,0:08:58.63,Default,,0000,0000,0000,,AES encryption. Next up, I specify whether
Dialogue: 0,0:08:58.63,0:09:03.67,Default,,0000,0000,0000,,it's 128, 192, or 256 bit. Obviously, the
Dialogue: 0,0:09:03.67,0:09:05.29,Default,,0000,0000,0000,,higher of a number the more secure it's
Dialogue: 0,0:09:05.29,0:09:06.40,Default,,0000,0000,0000,,going to be, but it's
Dialogue: 0,0:09:06.40,0:09:09.75,Default,,0000,0000,0000,,take more CPU cycles, be a little slower.
Dialogue: 0,0:09:09.75,0:09:12.94,Default,,0000,0000,0000,,So looking at the complete command,
Dialogue: 0,0:09:12.94,0:09:15.82,Default,,0000,0000,0000,,I've got 'snmp-server user Flackbox-user'
Dialogue: 0,0:09:15.82,0:09:18.28,Default,,0000,0000,0000,,in the Flackbox group, it's using SNMP
Dialogue: 0,0:09:18.28,0:09:21.28,Default,,0000,0000,0000,,version 3, for authentication, I'm using
Dialogue: 0,0:09:21.28,0:09:24.73,Default,,0000,0000,0000,,SHA as my algorithm, my password is AUTH
Dialogue: 0,0:09:24.73,0:09:28.09,Default,,0000,0000,0000,,PASSWORD, and for priv, I'm using AES 128
Dialogue: 0,0:09:28.09,0:09:30.88,Default,,0000,0000,0000,,bit encryption with a password of PRIVPASSWORD.
Dialogue: 0,0:09:30.88,0:09:34.12,Default,,0000,0000,0000,,So that is my user and my group
Dialogue: 0,0:09:34.12,0:09:36.73,Default,,0000,0000,0000,,setup on my router or switch. Now what I
Dialogue: 0,0:09:36.73,0:09:38.89,Default,,0000,0000,0000,,would do next is I would go on to my NMS
Dialogue: 0,0:09:38.89,0:09:41.32,Default,,0000,0000,0000,,server and I would configure a user
Dialogue: 0,0:09:41.32,0:09:44.17,Default,,0000,0000,0000,,there with matching settings here. So I
Dialogue: 0,0:09:44.17,0:09:46.51,Default,,0000,0000,0000,,would set it with the same username of
Dialogue: 0,0:09:46.51,0:09:49.51,Default,,0000,0000,0000,,Flackbox-user. I would specify the auth
Dialogue: 0,0:09:49.51,0:09:52.18,Default,,0000,0000,0000,,password and the priv password and that's
Dialogue: 0,0:09:52.18,0:09:54.88,Default,,0000,0000,0000,,me done. My NMS server is now going to
Dialogue: 0,0:09:54.88,0:09:57.13,Default,,0000,0000,0000,,be able to access my device and pull
Dialogue: 0,0:09:57.13,0:09:59.50,Default,,0000,0000,0000,,information from it. Thanks for watching.
Dialogue: 0,0:09:59.50,0:10:01.69,Default,,0000,0000,0000,,If you want to get hands-on practice
Dialogue: 0,0:10:01.69,0:10:05.17,Default,,0000,0000,0000,,with Cisco networks for free, then you
Dialogue: 0,0:10:05.17,0:10:09.31,Default,,0000,0000,0000,,can download my 400 page CCNA lab guide,
Dialogue: 0,0:10:09.31,0:10:11.32,Default,,0000,0000,0000,,which you can see above my head right
Dialogue: 0,0:10:11.32,0:10:14.65,Default,,0000,0000,0000,,now. Also, check out the video about my
Dialogue: 0,0:10:14.65,0:10:17.32,Default,,0000,0000,0000,,CCNA course, it's highest rated course
Dialogue: 0,0:10:17.32,0:10:20.64,Default,,0000,0000,0000,,online thanks.