nv-l
[Top] [All Lists]

Re: [nv-l] SNMPv3

To: <netview@toddh.net>
Subject: Re: [nv-l] SNMPv3
From: "CATALINA MARTINEZ" <CATALINA.MARTINEZ@tlc.state.tx.us>
Date: Thu, 02 May 2002 08:47:46 -0500
Cc: <nv-l@lists.tivoli.com>
Thanks for the input.. I have more reading, researching and testing to do..
 
I will keep you posted.

>>> netview@toddh.net 05/01/02 01:43PM >>>
"CATALINA MARTINEZ" <CATALINA.MARTINEZ@tlc.state.tx.us> writes:
> Router Audit Tool (rat) is a tool to audit Cisco IOS configurations
> and display the results in an HTML format. Since   SNMPv3
> provides secure access to devices by a combination of authenticating
> and encrypting packets over the network, its recommended when
> using RAT. We are still in the process of researching this. But from
> what we understand we must configure snmpv3 on the routers
> who will use RAT..
>
> So if Netview does not support snmpv3, we wont be able to monitor
> them.

I don't see how B necessarily follows from A.  

I believe that any standards-compliant implementation of an snmpv3
agent is supposed to respond to v2 and v1 requests with v2 and v1
responses respectively.  The exception of course would be GETs or SETs
from elements that are defined in an SNMP-version-specific branch of
the MIB or with version-specific datatypes.

For example, we manage Nokia firewalls with NetView.  They're snmpv3
agents,  but they also respond just fine to v1 and v2 requests.  They
send out their traps in snmpv2 format if I recall correctly.

Investigate whether enabling v3 for these Cisco devices:
        a) prevents them from responding the v1 set/get requests.  I'd
           be very surprised if it did.  This is easily tested by
           configuring the device for v3 and then trying a
           /usr/OV/bin/snmpwalk of the device.  I fyou get a response,
           NetView will continue to happily monitor the basics from
           the device.

        b) See if enabling v3 changes the format in which traps are
           sent.  Enable v3,    bring some interfaces up and down and
           see if netview receives the traps in /usr/OV/log/trapd.log
           to see.  

> Before I tell management NO on Netview, is there anything in the
> works for v3?

I don't believe there is.   If you are a current NetView user with a
support contract, do us all a favor and bubble up your requirement to
the Tivoli folks so they know that the security afforded by v3 is of
increasing importance to us users.

Best Regards,
--
Todd H.
http://www.toddh.net/

---------------------------------------------------------------------
To unsubscribe, e-mail: nv-l-unsubscribe@lists.tivoli.com
For additional commands, e-mail: nv-l-help@lists.tivoli.com

*NOTE*
This is not an Offical Tivoli Support forum. If you need immediate
assistance from Tivoli please call the IBM Tivoli Software Group
help line at 1-800-TIVOLI8(848-6548)

<Prev in Thread] Current Thread [Next in Thread>

Archive operated by Skills 1st Ltd

See also: The NetView Web