Skip navigation
Cisco Learning Home > CCIE Security Study Group > Discussions
This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
1495 Views 0 Replies Latest reply: Sep 14, 2010 11:21 PM by Kingsley - CCSP/CCIP/ CCNP/CCIE Security RSS

Currently Being Moderated

SNMP contexts

Sep 14, 2010 11:21 PM

Hi all

Can someone please let me know the exact purpose/usage of SNMP contexts. I guess it is something related to view/access restriction. But I don't get one doc explaining it.

Please see the highlighted configs below:

Building configuration...


Current configuration : 6567 bytes

!

version 12.4

service timestamps debug datetime msec localtime

service timestamps log uptime

no service password-encryption

!

hostname ipsecf-3745b

!

boot-start-marker

boot-end-marker

!

no logging console

enable password lab

!

no aaa new-model

!

resource policy

!

memory-size iomem 5

clock timezone PST -8

clock summer-time PDT recurring

ip subnet-zero

ip cef

!

!

ip vrf vrf1

 rd 1:101

 context vrf-vrf1-context

 route-target export 1:101

 route-target import 1:101

!

ip vrf vrf2

 rd 2:101

 context vrf-vrf2-context

 route-target export 2:101

 route-target import 2:101

!

no ip domain lookup

!

!

crypto keyring vrf1-1 vrf vrf1

  pre-shared-key address 10.1.1.1 255.255.255.0 key vrf1-1

crypto keyring vrf2-1 vrf vrf2

  pre-shared-key address 10.1.2.1 255.255.255.0 key vrf2-1

!

!

crypto isakmp policy 1

 authentication pre-share

!

crypto isakmp policy 50

 authentication pre-share

crypto isakmp key global1-1 address 10.1.151.1

crypto isakmp key global2-1 address 10.1.152.1

crypto isakmp profile vrf1-1

   keyring vrf1-1

   match identity address 10.1.1.1 255.255.255.255 vrf1

crypto isakmp profile vrf2-1

   keyring vrf2-1

   match identity address 10.1.2.1 255.255.255.255 vrf2

!

crypto ipsec security-association lifetime kilobytes 99000

crypto ipsec security-association lifetime seconds 5000

!

crypto ipsec transform-set tset ah-sha-hmac esp-des esp-sha-hmac 

!

crypto map global1-1 10 ipsec-isakmp 

 set peer 10.1.151.1

 set transform-set tset 

 match address 151

!

crypto map global2-1 10 ipsec-isakmp 

 set peer 10.1.152.1

 set transform-set tset 

 match address 152

!

crypto map vrf1-1 10 ipsec-isakmp 

 set peer 10.1.1.1

 set transform-set tset 

 set isakmp-profile vrf1-1

 match address 101

!

crypto map vrf2-1 10 ipsec-isakmp 

 set peer 10.1.2.1

 set transform-set tset 

 set isakmp-profile vrf2-1

 match address 102

!

!

interface FastEthernet0/0

 ip address 10.1.38.25 255.255.255.0

 no ip mroute-cache

 duplex auto

 speed auto

!

interface Serial0/0

 no ip address

 shutdown

 clock rate 2000000

!

interface FastEthernet0/1

 no ip address

 no ip mroute-cache

 shutdown

 duplex auto

 speed auto

!

interface Serial0/1

 no ip address

 shutdown

 clock rate 2000000

!

interface Serial1/0

 no ip address

 encapsulation frame-relay

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 no keepalive

 serial restart-delay 0

 clock rate 128000

 no frame-relay inverse-arp

!

interface Serial1/0.1 point-to-point

 ip vrf forwarding vrf1

 ip address 10.3.1.1 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 21   

!

interface Serial1/0.2 point-to-point

 ip vrf forwarding vrf2

 ip address 10.3.2.1 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 22   

!

interface Serial1/0.151 point-to-point

 ip address 10.7.151.1 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 151   

!

interface Serial1/0.152 point-to-point

 ip address 10.7.152.1 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 152   

!

interface Serial1/1

 no ip address

 no ip mroute-cache

 shutdown

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 encapsulation frame-relay

 no ip route-cache cef

 no ip route-cache

 no ip mroute-cache

 no keepalive

 serial restart-delay 0

 no frame-relay inverse-arp

!

interface Serial1/2.1 point-to-point

 ip vrf forwarding vrf1

 ip address 10.1.1.2 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 21   

 crypto map vrf1-1

!

interface Serial1/2.2 point-to-point

 ip vrf forwarding vrf2

 ip address 10.1.2.2 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 22   

 crypto map vrf2-1

!

interface Serial1/2.151 point-to-point

 ip address 10.5.151.2 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 151   

 crypto map global1-1

!

interface Serial1/2.152 point-to-point

 ip address 10.5.152.2 255.255.255.0

 no ip route-cache

 frame-relay interface-dlci 152   

 crypto map global2-1

!

interface Serial1/3

 no ip address

 no ip mroute-cache

 shutdown

 serial restart-delay 0

!

ip default-gateway 10.1.38.1

ip classless

ip route 10.1.1.6 255.255.255.255 10.1.151.1

ip route 10.2.1.6 255.255.255.255 10.1.152.1

ip route 10.6.2.1 255.255.255.255 10.7.151.2

ip route 10.6.2.2 255.255.255.255 10.7.152.2

ip route 172.19.216.110 255.255.255.255 FastEthernet0/0

ip route vrf vrf1 10.20.1.1 255.255.255.255 10.1.1.1

ip route vrf vrf1 10.22.1.1 255.255.255.255 10.30.1.1

ip route vrf vrf2 10.20.2.1 255.255.255.255 10.1.2.1

ip route vrf vrf2 10.22.2.1 255.255.255.255 10.30.1.2

!

!

ip http server

no ip http secure-server

!

ip access-list standard vrf-vrf1-context

ip access-list standard vrf-vrf2-context

!

access-list 101 permit ip host 10.22.1.1 host 10.20.1.1

access-list 102 permit ip host 10.22.2.1 host 10.20.2.1

access-list 151 permit ip host 10.6.2.1 host 10.1.1.6

access-list 152 permit ip host 10.6.2.2 host 10.2.1.6

snmp-server group abc1 v2c context vrf-vrf1-context read view_vrf1 notify 
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F access vrf-vrf1-context

snmp-server group abc2 v2c context vrf-vrf2-context read view_vrf2 notify 
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F access vrf-vrf2-context

snmp-server view view_vrf1 iso included

snmp-server view view_vrf2 iso included

snmp-server community abc1 RW

snmp-server community global1 RW

snmp-server community abc2 RW

snmp-server community global2 RW

snmp-server enable traps tty

snmp-server enable traps config

snmp-server host 172.19.216.110 version 2c abc1 

snmp-server host 172.19.216.110 vrf vrf1 version 2c abc1 udp-port 2001  ipsec isakmp

snmp-server host 172.19.216.110 version 2c abc2 

snmp-server host 172.19.216.110 vrf vrf2 version 2c abc2 udp-port 2002  ipsec isakmp

snmp-server context vrf-vrf1-context

snmp-server context vrf-vrf2-context

!

!

snmp mib community-map  abc1 context vrf-vrf1-context

snmp mib community-map  abc2 context vrf-vrf2-context

!

!

control-plane

!

!

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 login

!

!

webvpn context Default_context

 ssl authenticate verify all

 !

 no inservice

!

!

end




With regards
Kings

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)