Re: SNMP V3 User

p.weeks · ‎10-01-2024

Hi!

I know that the snmp v3 user is not visable in the configuration for ios XE, but is there any way of extracting the password hash so that it can be copied to other routers?

I am looking at templating a router configuration via python/inja2 and it would be useful to be able have the snmp user in the template but without using the actual password.

I am trying to avoid the use of a vault type solution.

Mark Elsen · ‎10-01-2024

- That is not possible because of security you could for instance have a generic template as in:

snmp-server group {{ snmp_group }} v3 priv
snmp-server user {{ snmp_user }} {{ snmp_group }} v3 auth sha {{ auth_password }} priv aes 128 {{ priv_password }}

And then use a Python script with actual values :

from jinja2 import Template

template = Template('''
snmp-server group {{ snmp_group }} v3 priv
snmp-server user {{ snmp_user }} {{ snmp_group }} v3 auth sha {{ auth_password }} priv aes 128 {{ priv_password }}
''')

config = template.render(
snmp_group='YOUR_SNMP_GROUP',
snmp_user='YOUR_SNMP_USER',
auth_password='YOUR_AUTH_PASSWORD',
priv_password='YOUR_PRIV_PASSWORD'
)

print(config)

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

p.weeks · ‎10-01-2024

Hi!

Thanks for the info. That was basically what I was trying to avoid, but since it appears to be the only solution I will look into using some form of vault or maybe via Ansible.