Solved: SNMP V3 Configuration for ISE 2.2

alinbaby · ‎09-02-2020

Hi All,

I am using ISE version 2.2. Currently snmp v2 is configured and am planning to upgrade it to v3. I would like to know whether i can configure v3 alongside v2, so that i can test whether v3 is working fine and then remove v2 configs. Also i need to know the best practices in removing the existing snmp configs.

Thanks,

Alin

Arne Bier · ‎09-02-2020

Yes you can have them co-exist - I just tried it on my ISE 2.6 - the MIB data that you can access is still the same.

ISE will warn you about security when adding an SNMPv3 user while you have SNMPv1 or v2 community configured - it even advises you to remove the community string configurations

Warning! SNMPv1/v2c is currently enabled and has known Security vulnerabilities. To disable SNMPv1/v2c, please execute "no snmp-server  community <community string> ro".

View solution in original post

Mark Elsen · ‎09-02-2020

- Check if this thread contains useful topics related to your subject ::

https://community.cisco.com/t5/network-access-control/does-ise-supports-snmpv3-polling/td-p/3561690

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

alinbaby · ‎09-02-2020

Thanks for the link.

It is mentioning about how to configure v3 in ISE. But my question is whether we can configure v3 alongside v2 and also how can i remove v2 configurations afterwards.

-Alin

Arne Bier · ‎09-02-2020

Yes you can have them co-exist - I just tried it on my ISE 2.6 - the MIB data that you can access is still the same.

ISE will warn you about security when adding an SNMPv3 user while you have SNMPv1 or v2 community configured - it even advises you to remove the community string configurations

Warning! SNMPv1/v2c is currently enabled and has known Security vulnerabilities. To disable SNMPv1/v2c, please execute "no snmp-server  community <community string> ro".

alinbaby · ‎09-02-2020

thanks !