SNMPv3 Configuration Sample for Cisco Nexus9K switch

SaintEvn · ‎01-05-2021

Hi,

Can you guys please help me with working SNMPv3 configuration on Cisco Nexus N9K switch ?
I've read the following link from cisco but still didn't get how to configure it properly.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/system_management/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_System_Management_Configuration_Guide/sm_9snmp.html#con_1059321

Sergiu.Daniluk · ‎01-05-2021

Hi,

The syntax is like this:

 snmp-server user name [auth {md5 | sha} passphrase [auto] [priv [aes-128] passphrase] [engineID id] [localizedkey]]

Below is a config example:

N9K-1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
N9K-1(config)# snmp-server user MySNMPuser ?

  WORD   Group name (ignored for notif target user) (Max Size 28)
  auth   Authentication parameters for the user

N9K-1(config)# snmp-server user MySNMPuser network-admin auth ?
  md5  Use HMAC MD5 algorithm for authentication
  sha  Use HMAC SHA algorithm for authentication

N9K-1(config)# snmp-server user MySNMPuser network-admin auth md5 ?
  WORD  Authentication password for user (Max Size 130)

N9K-1(config)# snmp-server user MySNMPuser network-admin auth md5 AuthPass ?

  engineID      EngineID for configuring notif target user (for V3 informs)
  localizedkey  Specifies whether the passwords are in localized key format
  priv          Encryption parameters for the user

N9K-1(config)# snmp-server user MySNMPuser network-admin auth md5 AuthPass priv ?
  WORD     Privacy password for user (Max Size 130)
  aes-128  Use 128-bit AES algorithm for privacy

N9K-1(config)# snmp-server user MySNMPuser network-admin auth md5 AuthPass priv aes-128 ?
  WORD  Privacy password for user (Max Size 130)

N9K-1(config)# snmp-server user MySNMPuser network-admin auth md5 AuthPass priv aes-128 PrivacyPass 

DC-Team-N9K-2(config)# show snmp user 
______________________________________________________________
                  SNMP USERS 
______________________________________________________________

User                Auth  Priv(enforce) Groups              acl_filter          
____                ____  _____________ ______              __________          
admin               md5   des(no)       network-admin       
MySNMPuser          md5   aes-128(no)   network-admin       
______________________________________________________________
 NOTIFICATION TARGET USERS (configured  for sending V3 Inform) 
______________________________________________________________

User                          Auth  Priv          
____                          ____  ____          


DC-Team-N9K-2(config)# snmp-server globalEnforcePriv 
DC-Team-N9K-2(config)# show snmp user 
______________________________________________________________
                  SNMP USERS [global privacy flag enabled]
______________________________________________________________

User                Auth  Priv(enforce) Groups              acl_filter          
____                ____  _____________ ______              __________          
admin               md5   des(yes)      network-admin       
MySNMPuser          md5   aes-128(yes)  network-admin       
______________________________________________________________
 NOTIFICATION TARGET USERS (configured  for sending V3 Inform) 
______________________________________________________________

User                          Auth  Priv          
____                          ____  ____

There are a lot of other possible configs like the destination SNMP server, what traps to send, on which VRFs, what is the source of traps and so on, but all these are are exemplified at the end of the document you pointed out.

Stay safe,

Sergiu