01-29-2013 05:54 AM
Does anyone have any experience setting up SNMP V3 on Cisco devices? I'm familiar with V2, but V3 included way more features. I have to figure it out and get it implemented by next week. I'm having trouble getting the host to poll to device. I don't know if the setting on the device are wrong or if it's the client. Let me know if anyone has worked with it.
01-29-2013 06:04 AM
Configuring SNMPv3 on Cisco device is pretty simple and is MUCH preferred over v1 or v2. SNMPv3 has three big benefits:
authentication — we can be assured that the message originated from a valid source
integrity — we can be assured that a packet has not been modified in transit
encryption — no more plain-text SNMP data flying around our network
In v1 or v2 all you have to do to get the device able to get polled is configure SNMP COMMUNITY STRING.
In SNMP v3 due to increased security the steps flow is like this :
1. Create a SNMP View ---> 2. Create a GROUP for that View --> 3. Create USERS under GROUP
1. snmp-server view view-name oid-tree {included | excluded}
2. snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]
3. snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]
EXAMPLE:
> Router(config)# snmp-server view target1 internet included
> Router(config)# snmp-server group mygroup v3 auth write target1
> Router(config)#snmp-server user myuser mygroup v3 encrypted auth md5 myuser
This is simplest configuration you need on a device to make it running. Than you can try to poll you device using snmp v3 username and password according to the tool to see it is wokring correctly.
For more refrence you can check following links:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842
http://evilrouters.net/2010/03/03/configuring-snmpv3-on-catalyst-switches/
-Thanks
01-29-2013 11:34 AM
Here are some configs that should get you started.
-----------------------------------------------------------------------------------------------------------------------
snmp-server group GROUPNAME v3 priv write VIEWGROUP
snmp-server user USER GROUPNAME v3 auth sha PASSWORD priv aes 128 PASSWORD
snmp-server view VIEWGROUP iso included
snmp-server host IP-ADDRESSS version 3 auth USER
-----------------------------------------------------------------------------------------------------------------------
What manager are you using for your SNMP trap manager? If it is Cisco works you can perform an SNMP walk and see if it succeeds
if you need more help,please feel free to PM or update post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide