"CATALINA MARTINEZ" <CATALINA.MARTINEZ@tlc.state.tx.us> writes:
> Router Audit Tool (rat) is a tool to audit Cisco IOS configurations
> and display the results in an HTML format. Since SNMPv3
> provides secure access to devices by a combination of authenticating
> and encrypting packets over the network, its recommended when
> using RAT. We are still in the process of researching this. But from
> what we understand we must configure snmpv3 on the routers
> who will use RAT..
>
> So if Netview does not support snmpv3, we wont be able to monitor
> them.
I don't see how B necessarily follows from A.
I believe that any standards-compliant implementation of an snmpv3
agent is supposed to respond to v2 and v1 requests with v2 and v1
responses respectively. The exception of course would be GETs or SETs
from elements that are defined in an SNMP-version-specific branch of
the MIB or with version-specific datatypes.
For example, we manage Nokia firewalls with NetView. They're snmpv3
agents, but they also respond just fine to v1 and v2 requests. They
send out their traps in snmpv2 format if I recall correctly.
Investigate whether enabling v3 for these Cisco devices:
a) prevents them from responding the v1 set/get requests. I'd
be very surprised if it did. This is easily tested by
configuring the device for v3 and then trying a
/usr/OV/bin/snmpwalk of the device. I fyou get a response,
NetView will continue to happily monitor the basics from
the device.
b) See if enabling v3 changes the format in which traps are
sent. Enable v3, bring some interfaces up and down and
see if netview receives the traps in /usr/OV/log/trapd.log
to see.
> Before I tell management NO on Netview, is there anything in the
> works for v3?
I don't believe there is. If you are a current NetView user with a
support contract, do us all a favor and bubble up your requirement to
the Tivoli folks so they know that the security afforded by v3 is of
increasing importance to us users.
Best Regards,
--
Todd H.
http://www.toddh.net/
|