You are connected to R1, a Cisco ISR 4331 router running IOS-XE. Your task is to enable SNMP v2c with community string 'public' (read-only) and 'private' (read-write), and configure SNMP v3 with a user 'admin' using SHA authentication (password 'Cisco123') and AES 128 encryption (password 'Cisco456'). Additionally, configure SNMP traps to be sent to a management server at 203.0.113.10 for both v2c and v3. Finally, enable NetFlow export to a collector at 203.0.113.20, using version 9. Verify your configuration using 'show snmp' and 'show ip cache flow'.
Hints
- •Remember to apply NetFlow on an interface for traffic capture.
- •SNMPv3 user requires both auth and priv passwords.
- •Use 'snmp-server enable traps' before configuring trap hosts.
! R1 snmp-server community public RO snmp-server community private RW snmp-server user admin v3 auth sha Cisco123 priv aes 128 Cisco456 snmp-server enable traps snmp-server host 203.0.113.10 version 2c public snmp-server host 203.0.113.10 version 3 auth admin ip flow-export destination 203.0.113.20 2055 ip flow-export version 9 interface GigabitEthernet0/1 ip flow ingress exit
Why this answer
The router lacks SNMP and NetFlow configuration. For SNMP v2c, you must define community strings with 'snmp-server community public RO' and 'snmp-server community private RW'. For SNMP v3, you create a user within a group; the command requires a group name, e.g., 'snmp-server user admin v3group v3 auth sha Cisco123 priv aes 128 Cisco456'.
Traps are enabled and sent to 203.0.113.10 via v2c with the public community and v3 with the admin user. NetFlow export uses version 9 to collector 203.0.113.20. Verification commands show SNMP details and flow cache export settings.
Exam trap
Watch out for common mistakes: using MD5/DES instead of SHA/AES for SNMPv3, forgetting RO/RW keywords on community strings, using the wrong community string for traps, and selecting the wrong NetFlow version. Always verify the exact requirements in the question.
Why the other options are wrong
The specific factual error: SNMPv3 user is configured with MD5 and DES instead of SHA and AES 128; community strings are missing RO/RW keywords.
The specific factual error: The v2c trap host uses 'private' instead of 'public' community string.
The specific factual error: NetFlow export version is set to 5 instead of 9.