Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1681
Views
0
Helpful
7
Replies

Request - SNMPv3

Go to solution
aguante_boca
Level 1
Level 1

‎12-24-2012 08:30 AM - edited ‎03-10-2019 07:54 PM

Dear Fellows,

I have been reading about SNMPv3 and its features for security.

Could you please confirm me if the next steps are correct?

1) Defining a view:
router(config)#snmp-server view readview internet included

2) Creating a group:

router(config)#snmp-server group readonly v3 auth read readview

3) Creating a user:

router(config)#snmp-server user user1 readonly v3 auth md5 password1
4) Createing the user at the SNMP Manager.

Is correct what is written above ?

Moreover,  I would like to know if there is any chance to obtain the username and  password of the point 3) from a TACACS server or RADIUS server?. The  idea is that there is no need to create a new user locally. So that, the  users and passwords could be obtained from a TACACS or RADIUS?

Thanks you in advanced!.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to aguante_boca

‎12-27-2012 08:54 AM

Hi,

You may want to post this question in the Network Management section, but I am pretty sure that this username is for authenticating snmp communication which is separate from AAA. The snmp user account for is locally significant and I am pretty sure that this account can not be centralized. Please run this by the forum for a more concrete answer.

Thanks,

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to aguante_boca

‎12-27-2012 09:55 AM

The SNMP version is determined by the entry of the snmp host. If you set the host version to version 2 or version 3, then the host will need to know either the snmpv2 community string for read and write, or the snmp user name, hashing algorithm and/or encryption mechanism.

In the end that is entirely up to you on how you deploy it, you can try creating two separate entries for the same host using both version 2 and 3 (I have never tested that but I wouldnt know why it wouldnt work).

Keep in mind that when it comes to snmpv3 that snmpv2 is used for read requests, while v3 is used for write. You can verify this with a packet capture.

Thanks,

Sent from Cisco Technical Support iPad App

View solution in original post

0 Helpful
7 Replies 7

Go to solution
aguante_boca
Level 1
Level 1

‎12-27-2012 08:38 AM

Dear Fellows,

Could you please help me with any response about this issue?.

Thanks in advanced.

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to aguante_boca

‎12-27-2012 08:54 AM

Hi,

You may want to post this question in the Network Management section, but I am pretty sure that this username is for authenticating snmp communication which is separate from AAA. The snmp user account for is locally significant and I am pretty sure that this account can not be centralized. Please run this by the forum for a more concrete answer.

Thanks,

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
aguante_boca
Level 1
Level 1

‎12-27-2012 09:30 AM

Dear Tarik,

Firstly I posted this question at Network Management. However, from

supportforums-info@cisco.com I was informed that this request should be posted at this path Cisco Support Community -> NetPro -> Security -> AAA, Identity and NAC ->Discussions.

Finally, Thank you very much for your response.

BR,

Onno Olivier

0 Helpful

Go to solution
aguante_boca
Level 1
Level 1

‎12-27-2012 09:33 AM

Dear Tarik,

Moreover, Is there any chance to coexist SNMPv2 and SNMPv3 on the same equipment ?.

Thanks for your help!

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to aguante_boca

‎12-27-2012 09:55 AM

The SNMP version is determined by the entry of the snmp host. If you set the host version to version 2 or version 3, then the host will need to know either the snmpv2 community string for read and write, or the snmp user name, hashing algorithm and/or encryption mechanism.

In the end that is entirely up to you on how you deploy it, you can try creating two separate entries for the same host using both version 2 and 3 (I have never tested that but I wouldnt know why it wouldnt work).

Keep in mind that when it comes to snmpv3 that snmpv2 is used for read requests, while v3 is used for write. You can verify this with a packet capture.

Thanks,

Sent from Cisco Technical Support iPad App

0 Helpful

Go to solution
aguante_boca
Level 1
Level 1
In response to Tarik Admani

‎01-03-2013 05:14 AM

Thank you very much for your help!

0 Helpful

Go to solution
valentinrosic
Level 1
Level 1
In response to aguante_boca

‎07-31-2014 01:36 AM

hello,

has anyone successfully configured snmpv3 authentication via radius or tacacs?

 

 

kind regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents