cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1318
Views
0
Helpful
2
Replies

SNMP V3 HELP

loveme2k77
Level 1
Level 1

Does anyone have any experience setting up SNMP V3 on Cisco devices? I'm familiar with V2, but V3 included way more features. I have to figure it out and get it implemented by next week. I'm having trouble getting the host to poll to device. I don't know if the setting on the device are wrong or if it's the client. Let me know if anyone has worked with it.      

2 Replies 2

Vinod Arya
Cisco Employee
Cisco Employee

Configuring SNMPv3 on Cisco device is pretty simple and is MUCH preferred over v1 or v2. SNMPv3 has three big benefits:

authentication — we can be assured that the message originated from a valid source

integrity — we can be assured that a packet has not been modified in transit

encryption — no more plain-text SNMP data flying around our network

In v1 or v2 all you have to do to get the device able to get polled is configure SNMP COMMUNITY STRING.

In SNMP v3 due to increased security the steps flow is like this :

1. Create a SNMP View ---> 2. Create a GROUP for that View --> 3. Create USERS under GROUP

1. snmp-server view view-name oid-tree {included | excluded}

2. snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]

3. snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]

EXAMPLE:

> Router(config)# snmp-server view target1 internet included

> Router(config)# snmp-server group mygroup v3 auth write target1

> Router(config)#snmp-server user myuser mygroup v3 encrypted auth md5 myuser

This is simplest configuration you need on a device to make it running. Than you can try to poll you device using snmp v3 username and password according to the tool to see it is wokring correctly.

For more refrence you can check following links:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842

http://evilrouters.net/2010/03/03/configuring-snmpv3-on-catalyst-switches/

http://blogs.manageengine.com/netflowanalyzer/2011/05/31/configuring-snmp-v3-on-cisco-router-and-manageengine-netflow-analyzer/

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Duong Nguyen
Level 1
Level 1

Here are some configs that should get you started.

-----------------------------------------------------------------------------------------------------------------------

snmp-server group GROUPNAME v3 priv write VIEWGROUP

snmp-server user USER GROUPNAME v3 auth sha PASSWORD priv aes 128 PASSWORD

snmp-server view VIEWGROUP iso included

snmp-server host IP-ADDRESSS version 3 auth USER

-----------------------------------------------------------------------------------------------------------------------

What manager are you using for your SNMP trap manager?  If it is Cisco works you can perform an SNMP walk and see if it succeeds

if you need more help,please feel free to PM or update post.