SNMP V3 User

p.weeks · ‎10-01-2024

Hi!

I know that the snmp v3 user is not visable in the configuration for ios XE, but is there any way of extracting the password hash so that it can be copied to other routers?

I am looking at templating a router configuration via python/inja2 and it would be useful to be able have the snmp user in the template but without using the actual password.

I am trying to avoid the use of a vault type solution.

marce1000 · ‎10-01-2024

- That is not possible because of security you could for instance have a generic template as in:

snmp-server group {{ snmp_group }} v3 priv
snmp-server user {{ snmp_user }} {{ snmp_group }} v3 auth sha {{ auth_password }} priv aes 128 {{ priv_password }}

And then use a Python script with actual values :

from jinja2 import Template

template = Template('''
snmp-server group {{ snmp_group }} v3 priv
snmp-server user {{ snmp_user }} {{ snmp_group }} v3 auth sha {{ auth_password }} priv aes 128 {{ priv_password }}
''')

config = template.render(
snmp_group='YOUR_SNMP_GROUP',
snmp_user='YOUR_SNMP_USER',
auth_password='YOUR_AUTH_PASSWORD',
priv_password='YOUR_PRIV_PASSWORD'
)

print(config)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

p.weeks · ‎10-01-2024

Hi!

Thanks for the info. That was basically what I was trying to avoid, but since it appears to be the only solution I will look into using some form of vault or maybe via Ansible.