Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6818
Views
0
Helpful
1
Replies

SNMPv3 Encrypted User

Go to solution
montgomerywr
Level 1
Level 1

‎04-07-2014 08:39 AM

We have an SNMPv3 implementation that has been working for us for the past couple of years:

snmp-server user ncm NCM v3 auth md5 <myauthpass> priv aes 128 <myprivpass>
snmp-server group NCM v3 auth read snmpview write snmpview notify *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server view snmpview iso included
snmp-server host #.#.#.# version 3 auth ncm
snmp-server trap-source Loopback0

 

Now, with our new NCM tool, we want to implement SNMPv3 credentials on new devices and be able to change them in the future.  The issue is we do not want to store the snmp-server user passwords in clear-text in the NCM tool.  I have tried using the following command:

snmp-server user ncm NCM v3 encrypted auth md5 <password> priv aes 128 <password>

 

However, I always receive an %Error in Authentication password message.  I have tried entering the password in clear-text (obviously wrong), as an MD5 hash, and even as a Cisco type 5 hash, but I always receive the same error.  

 

Is there something that is required before the MD5 hash or am I supposed to be using a different method for the encrypted password?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎04-07-2014 12:28 PM

Hi,

did you follow the formatting guidelines for encrypted passwords:

If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hexadecimal values. Also, the digest should be exactly 16 octets long.

In the following example, the MD5 digest string is used instead of the plain-text password:

Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/command/nm-snmp-cr-book/nm-snmp-cr-s5.html#wp2680776843

 

HTH

Rolf

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Rolf Fischer
Level 9
Level 9

‎04-07-2014 12:28 PM

Hi,

did you follow the formatting guidelines for encrypted passwords:

If you have the localized MD5 or SHA digest, you can specify that string instead of the plain-text password. The digest should be formatted as aa:bb:cc:dd where aa, bb, and cc are hexadecimal values. Also, the digest should be exactly 16 octets long.

In the following example, the MD5 digest string is used instead of the plain-text password:

Router(config)# snmp-server user abcd public v3 encrypted auth md5 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF

 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/command/nm-snmp-cr-book/nm-snmp-cr-s5.html#wp2680776843

 

HTH

Rolf

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card