Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1553
Views
0
Helpful
2
Replies

SNMP v3 Migration

davemiddlewick
Level 1
Level 1

‎07-09-2013 07:11 AM

I need to implement SNMP v3 across a large estate ~ 400 devices, primarily so that these devices can be managed by CW Prime LMS 4.2.  I have tested this manually and I'm getting LMS talking to the test device ok so I'm getting to grips with things.  However it has only recently become apparent to me that each device needs to have a unique engineID so this could take some time if I have to enter each engineID manually into the CW credential database!

Is there any way I can automate this process using LMS 4.2?  If not has anybody else who has had to migrate from snmp v1/2 able to suggest any solutions for making this process quicker?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

Vinod Arya
Cisco Employee
Cisco Employee

‎07-09-2013 11:39 AM

An SNMP engine ID is generated automatically but is not displayed or stored in the running configuration. You can display the default or configured engine ID by using the show snmp engineID command.

Changing the value of snmpEngineID has important side-effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the local engine ID. The command line password is then destroyed, as required by RFC 2274. Because of this deletion, if the local value of engineID changes, the security digests of SNMPv3 users will be invalid, and the users will have to be reconfigured.


Similar restrictions require the reconfiguration of community strings when the engine ID changes. A remote engine ID is required when an SNMPv3 inform is configured. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.

It is not mandatory to configure snmpEngineID, as it is default generated in IOS. In case you configure it, it will make an already complicated SNMP v3 config even more.

In LMS, it is not possible to configure all devices for snmpEngineID, as each value has to be unique and NetConfig job would not be able to do so.

There can be script to do so, which can be devised, which may add/increment engineID with some fixed value.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

davemiddlewick
Level 1
Level 1
In response to Vinod Arya

‎07-11-2013 08:35 AM

Thanks for your response Vinod but unfortunately this hasn't really answered my question - I understand that the IOS generates a unique engineID which isn't displayed by default but can be viewed using a show command.

The problem I have is that I need to configure 400 unique engineIDs in our Prime LMS 4.2 NMS and I don't want to have to do this manually, surely somebody must have had to automate this process at some point or am I misunderstanding?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents