Category Archives: CCNA

Simple Network Management Protocol (SNMP) Version 3

For the longest time in the networking industry, we had a running joke about Simple Network Management Protocol (SNMP). We would love to state that it actually stood for “Security is Not My Problem!”. This was because even though SNMP was dealing with all of this potentially sensitive information about your network device, it would rely on a plain text password for security. Yuck! 

SNMP version 3 really responded to the security weaknesses of the protocol by introducing a security model within the protocol. The wonderful components of this new security model that we can leverage are the user, group and security level.

That’s right, this approach is so flexible, there are multiple security levels you can take advantage of depending on the security requirements of your environment. The following security levels exits: 

  • “noAuthNoPriv” (no authentication and no encryption – use the noauth keyword in the CLI)
  • “AuthNoPriv” (messages are authenticated but not encrypted – use the auth keyword in the CLI)
  • “AuthPriv” (messages are authenticated and encrypted – use the priv keyword in the CLI)

You should note that the old SNMPv1 and SNMPv2 approaches only supported the “noAuthNoPriv” model since they used plain text community strings to match the incoming packets. 

With our SNMPv3 implementations, you can configure the appropriate security model on per-group basis. 

In SNMPv3, a group defines the access policy for a set of users. The access policy defines which SNMP objects can be accessed for reading and writing or which SNMP objects can generate notifications to the members of a group. A group also defines the security model and security level for its users. 

Here is an example configuration for you. Here three groups are created. They are the TEST1, TEST2, and TEST3 groups. Notice these groups consist of users and can be associated with SNMP views to control the scope of access. 

snmp-server view VIEW1 iso included
snmp-server view VIEW2 ifEntry.*.3 included
snmp-server group TEST1 v3 priv read VIEW1 write VIEW1
snmp-server group TEST2 v3 auth read VIEW2
snmp-server group TEST3 v3 priv
snmp-server user JOHN TEST1 v3 auth sha CISCO priv des56 CISCO
snmp-server user SARAH TEST2 v3 auth sha CISCO
snmp-server user LUCY TEST3 v3 auth sha CISCO priv des56 CISCO

Do You Know Your WiFi 802.11 Standards?

CCNA Wireless

So I am putting the finishing touches on my upcoming CCNA Exam Cram for 200-301 and I needed an additional resource for the first of the three Wireless chapters. As a result – enjoy this quick and fun WiFi Quiz on the various 802.11 amendments. Score of 100%? Let me know in the comments of this post and get entered to win a prize!

WiFi Standards Quiz


Congratulations - you have completed WiFi Standards Quiz.

You scored %%SCORE%% out of %%TOTAL%%.

Your performance has been rated as %%RATING%%

Your answers are highlighted below.
Shaded items are complete.

Link Layer Discovery Protocol (LLDP)

In a previous post, we examined CDP in great detail as it relates to the CCIE written and lab exam. In this post, we will do the same, but for LLDP.

Fibre Channel Port Types

Link Layer Discovery Protocol (LLDP), standardized by the IEEE as part of 802.1ab, enables discovery of nodes, which in turn facilitates future applications of standard management tools such as Simple Network Management Protocol (SNMP) in multivendor networks. Discovery information includes device identifiers, port identifiers, versions, and other details.

LLDP is unidirectional, operating only in an advertising mode. LLDP does not solicit information or monitor state changes between LLDP nodes. LLDP periodically sends advertisements to a constrained multicast address. Devices supporting LLDP can send information about themselves while they receive and record information about their neighbors. Additionally, devices can choose to turn off the send or receive functions independently. Advertisements are sent out and received on every active and enabled interface, allowing any device in a network to learn about all devices to which it is connected. LLDP and Cisco Discovery Protocol can operate on the same interface.

To enable LLDP globally on your Cisco device, use the global configuration command:

lldp run

To disable LLDP on a specific interface, use the interface command:

no lldp {med-tlv-select tlv receive | transmit

Hold time is the duration that a receiving device should maintain LLDP neighbor information before aging it. Perform this task to define a hold time for an LLDP-enabled device in global configuration mode:

lldp holdtime seconds 

Perform this task in global configuration mode to specify an interval at which the Cisco software sends LLDP updates to neighboring devices:

lldp timer rate