Solved: Re: SNMP Traps for app-server monitoring.

prathapss · ‎08-10-2021

We have ISE 2.7 in which we configured the SNMPv3.

Community string is not configured for this.

In order to get the trap MIB::hrSWRunName is it required to configure the community string, even in SNMPv3?

Greg Gibbs · ‎08-11-2021

That configuration example is misleading, as the community string is only used for SNMPv2c. I can assure you that I have configured SNMPv3 for a customer without the configuring a community string; only the snmp-server user and host v3 commands are required.

I can only assume that example is changing the community string from the default 'public' string, but that wouldn't really provide much added security if there is no v2c host configured to permit a query/trap.

View solution in original post

Greg Gibbs · ‎08-10-2021

SNMPv3 does not use community strings. If you're using SNMPv3, you need to configure the username, auth/priv passwords, and remote engineID as per the CLI Guide.

prathapss · ‎08-11-2021

Thanks for the response.

But as per the below document, community string appears to be configured with SNMPv3

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/215521-configure-and-understand-snmp-traps-to-m.html#anc4

Will there be any drawbacks if we configure the community string also?

Greg Gibbs · ‎08-11-2021

That configuration example is misleading, as the community string is only used for SNMPv2c. I can assure you that I have configured SNMPv3 for a customer without the configuring a community string; only the snmp-server user and host v3 commands are required.

I can only assume that example is changing the community string from the default 'public' string, but that wouldn't really provide much added security if there is no v2c host configured to permit a query/trap.