Cisco Community
English
Register
Make a difference. Your participation will help fund Save the Children. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
1039
Views
0
Helpful
2
Replies
loveme2k77
Beginner
Beginner
‎01-29-2013 05:54 AM
‎01-29-2013 05:54 AM

SNMP V3 HELP

Does anyone have any experience setting up SNMP V3 on Cisco devices? I'm familiar with V2, but V3 included way more features. I have to figure it out and get it implemented by next week. I'm having trouble getting the host to poll to device. I don't know if the setting on the device are wrong or if it's the client. Let me know if anyone has worked with it.      

Labels:
0 Helpful
2 REPLIES 2
Vinod Arya
Cisco Employee
Cisco Employee
‎01-29-2013 06:04 AM
‎01-29-2013 06:04 AM

Configuring SNMPv3 on Cisco device is pretty simple and is MUCH preferred over v1 or v2. SNMPv3 has three big benefits:

authentication — we can be assured that the message originated from a valid source

integrity — we can be assured that a packet has not been modified in transit

encryption — no more plain-text SNMP data flying around our network

In v1 or v2 all you have to do to get the device able to get polled is configure SNMP COMMUNITY STRING.

In SNMP v3 due to increased security the steps flow is like this :

1. Create a SNMP View ---> 2. Create a GROUP for that View --> 3. Create USERS under GROUP

1. snmp-server view view-name oid-tree {included | excluded}

2. snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]

3. snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]

EXAMPLE:

> Router(config)# snmp-server view target1 internet included

> Router(config)# snmp-server group mygroup v3 auth write target1

> Router(config)#snmp-server user myuser mygroup v3 encrypted auth md5 myuser

This is simplest configuration you need on a device to make it running. Than you can try to poll you device using snmp v3 username and password according to the tool to see it is wokring correctly.

For more refrence you can check following links:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842

http://evilrouters.net/2010/03/03/configuring-snmpv3-on-catalyst-switches/

http://blogs.manageengine.com/netflowanalyzer/2011/05/31/configuring-snmp-v3-on-cisco-router-and-manageengine-netflow-analyzer/

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful
Duong Nguyen
Beginner
Beginner
‎01-29-2013 11:34 AM
‎01-29-2013 11:34 AM

Here are some configs that should get you started.

-----------------------------------------------------------------------------------------------------------------------

snmp-server group GROUPNAME v3 priv write VIEWGROUP

snmp-server user USER GROUPNAME v3 auth sha PASSWORD priv aes 128 PASSWORD

snmp-server view VIEWGROUP iso included

snmp-server host IP-ADDRESSS version 3 auth USER

-----------------------------------------------------------------------------------------------------------------------

What manager are you using for your SNMP trap manager?  If it is Cisco works you can perform an SNMP walk and see if it succeeds

if you need more help,please feel free to PM or update post.

0 Helpful
Latest Contents
Routing Protocols Explained: OSPF, EIGRP, RIPv2, IS-IS, BGP
Created by CiscoNet Solutions on 12-04-2021 10:54 AM
1
5
1
5
Introduction to Routing ProtocolsStatic vs DynamicDistance Vector vs Link StateRoute Selection AlgorithmSingle Routing Protocol OnlyOpen Shortest Path First (OSPF)AreasRoute ConvergencePath SelectionMetric CalculationCharacteristicsEnhanced Interior Gatew... view more
Cisco DNA Center 2.2.2.x Upgrade - All you need to know
Created by tgambus on 11-26-2021 08:17 AM
0
0
0
0
Cisco DNA Center version 2.2.2.x includes the features and improvements that   Drives adoption New intelligence provides an easy, gradual, and complete adoption of SD-Access. Faster Cisco DNA Center set-up saves time and effort. Improves pe... view more
Cisco Supported Cellular Public APN
Created by Emmanuel Tychon on 11-19-2021 04:01 AM
0
5
0
5
  When using Cisco cellular modules with a SIM card an APN must be provided. The APN cannot be stored in the SIM card and is supplied by your SIM card provider. Cisco cellular software contains a database of well-known APNs based on the country and ... view more
Cisco 3850: IOS-XE/Firmware Upgrade
Created by Leo Laohoo on 11-17-2021 10:25 PM
0
5
0
5
Cisco 3850:  IOS-XE/Firmware Upgrade (Install Mode)   NOTE: This procedure is aimed at Cisco 3850 switch ONLY. IOS-XE Bundle Mode is not covered.  9300, 9500 (vanilla & high-performance), ISR 1k, ISR 4k and ASR is not covered.  R... view more
(Podcast) S8|E46 Upgrading Cisco Prime Infrastructure to DNA...
Created by Amilee San Juan on 11-17-2021 01:29 PM
0
0
0
0
Listen: https://smarturl.it/CCRS8E46Follow us: twitter.com/ciscochampionsIt’s been several years since the release of Cisco DNA Center, and it’s matured into a complete network management system, an automation and orchestration engine, an AI/ML analy... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad