You are connected to R1, a Cisco IOS-XE router. Configure SNMP v2c with read-only community 'NetOpsRO' and SNMP v3 with user 'AdminUser' using SHA authentication (password: AuthPass1) and AES-128 encryption (password: PrivPass2). Also enable SNMP traps to the NMS at 192.0.2.10 with community 'TrapComm'. Additionally, configure NetFlow export to 192.0.2.20 using version 9, and ensure the flow exporter is applied to GigabitEthernet0/0. Verify your configuration using 'show snmp' and 'show ip cache flow'.
Exhibit
R1#show running-config | section snmp|flow
Building configuration...
!
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
!
snmp-server community NetOpsRO RO
snmp-server enable traps snmp
snmp-server host 192.0.2.10 version 2c TrapComm
!
end
R1#show ip cache flow
IP packet size distribution (0 total packets):
(No flow data yet)
R1#Trap 1: snmp-server community NetOpsRO ro snmp-server user AdminUser v3…
This is incorrect because the SNMPv3 user is created without a group, which is required for authentication and privacy privileges. Also, 'ip flow export' is not a valid interface command; the correct command is 'ip flow monitor' referencing a flow monitor that uses the exporter.
Trap 2: snmp-server community NetOpsRO ro snmp-server group AdminGroup v3…
This is incorrect because the 'snmp-server host' command includes 'version 2c', which forces traps to be sent using SNMPv2c with the community string. However, the trap community 'TrapComm' is specified, but the command syntax is correct; the error is that the trap destination should not specify version 2c if the community is intended for v2c traps, but the question does not specify version, so it's acceptable. Actually, the main error is missing the flow exporter reference in the flow monitor; the flow monitor must be configured with the exporter. The given config does not show the flow monitor configuration.
Trap 3: snmp-server community NetOpsRO ro snmp-server group AdminGroup v3…
This is incorrect because the flow monitor configuration is placed after the interface command, which is out of order. The flow monitor must be configured before it is applied to the interface. Additionally, the 'flow monitor' command should be in global configuration mode, not after the interface command.
- A
snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! flow monitor FLOW-MONITOR exporter EXPORTER record netflow ipv4 original-input ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input
This configuration correctly sets up SNMP v2c and v3, enables traps, creates the flow exporter, defines the required global flow monitor, and applies it to the interface.
- B
snmp-server community NetOpsRO ro snmp-server user AdminUser v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow export EXPORTER
Why wrong: This is incorrect because the SNMPv3 user is created without a group, which is required for authentication and privacy privileges. Also, 'ip flow export' is not a valid interface command; the correct command is 'ip flow monitor' referencing a flow monitor that uses the exporter.
- C
snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 version 2c TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input
Why wrong: This is incorrect because the 'snmp-server host' command includes 'version 2c', which forces traps to be sent using SNMPv2c with the community string. However, the trap community 'TrapComm' is specified, but the command syntax is correct; the error is that the trap destination should not specify version 2c if the community is intended for v2c traps, but the question does not specify version, so it's acceptable. Actually, the main error is missing the flow exporter reference in the flow monitor; the flow monitor must be configured with the exporter. The given config does not show the flow monitor configuration.
- D
snmp-server community NetOpsRO ro snmp-server group AdminGroup v3 priv snmp-server user AdminUser AdminGroup v3 auth sha AuthPass1 priv aes 128 PrivPass2 snmp-server enable traps snmp-server host 192.0.2.10 TrapComm flow exporter EXPORTER destination 192.0.2.20 version 9 ! interface GigabitEthernet0/0 ip flow monitor FLOW-MONITOR input flow monitor FLOW-MONITOR exporter EXPORTER
Why wrong: This is incorrect because the flow monitor configuration is placed after the interface command, which is out of order. The flow monitor must be configured before it is applied to the interface. Additionally, the 'flow monitor' command should be in global configuration mode, not after the interface command.