cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3811
Views
0
Helpful
1
Replies
Highlighted
Beginner

SNMPv3 Encrypted User

We have an SNMPv3 implementation that has been working for us for the past couple of years:

snmp-server user ncm NCM v3 auth md5 <myauthpass> priv aes 128 <myprivpass>
snmp-server group NCM v3 auth read snmpview write snmpview notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server view snmpview iso included
snmp-server host #.#.#.# version 3 auth ncm
snmp-server trap-source Loopback0

 

Now, with our new NCM tool, we want to implement SNMPv3 credentials on new devices and be able to change them in the future.  The issue is we do not want to store the snmp-server user passwords in clear-text in the NCM tool.  I have tried using the following command:

snmp-server user ncm NCM v3 encrypted auth md5 <password> priv aes 128 <password>

 

However, I always receive an %Error in Authentication password message.  I have tried entering the password in clear-text (obviously wrong), as an MD5 hash, and even as a Cisco type 5 hash, but I always receive the same error.  

 

Is there something that is required before the MD5 hash or am I supposed to be using a different method for the encrypted password?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Engager

Hi,

did you follow the formatting guidelines for encrypted passwords:

If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hexadecimal values. Also, the digest should be exactly 16 octets long.

In the following example, the MD5 digest string is used instead of the plain-text password:

Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/command/nm-snmp-cr-book/nm-snmp-cr-s5.html#wp2680776843

 

HTH

Rolf

View solution in original post

1 REPLY 1
Highlighted
Engager

Hi,

did you follow the formatting guidelines for encrypted passwords:

If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hexadecimal values. Also, the digest should be exactly 16 octets long.

In the following example, the MD5 digest string is used instead of the plain-text password:

Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/command/nm-snmp-cr-book/nm-snmp-cr-s5.html#wp2680776843

 

HTH

Rolf

View solution in original post

Content for Community-Ad