Re: Enabling SNMPv3 on IOS platforms

andy_vvc2 · ‎02-16-2011

Hi all,

We are lookng to deploy SNMPv3 trap management, to replace the SNMPv2 that we currently run on our Cisco IOS platforms.

I *think* that we only need to add a few lines of new config, and will need to alter one existing "SNMP-server" line so the host knows we are using v3. Does the following look about right?

snmp-server group TESTGROUP v3 auth
snmp-server user TESTUSER TESTGROUP v3 auth md5 password priv 3des password
(alter the current snmp-server host line, so that it uses v3) snmp-server host 10.x.x.x v3

Is there anything that seems to be missing? From the Cisco docs i have read, this seems to be all that is needed... and that once "snmp-server xxx" config is running on IOS, it will have already enabled v1, v2 and v3 of SNMP, so i just need to tell the IOS device to use v3 with the modified 'host' line.

We run crypto-based IOS images (ie c3750-ipservicesk9-mz.122-50.SE3) so the 'priv' command that allows me to use 3des functions ok. The TESTGROUP and TESTUSER details will be created on our host logging system (SolarWinds) so that they mirror the local info on the IOS platforms.

We have some existing snmp trap config that i assume wont need to be changed (generic info such as "snmp-server enable traps" etc)

Thoughts appreciated.

Rgds

Michel Hegeraat · ‎02-17-2011

I would say you are fine with that setup and IOS version.

If you want to use ciscoworks usertracking or if you have another application that will get the mac-tables from vlans then you also need to create a snmp context for each vlan.

snmp-server group v3 auth context vlan-view

Cheers,

Michel