02-17-2022 08:47 AM
I'm planning migration from SNMPv2 to SNMPv3 and wondering what's (is there?) a best practice as far as user/group design. It's very simple to create and use a RO and RW user and group. Other options include creating a set of groups and have the users specific to each device. Or have users and groups for class of devices. Can go even more granular than that I assume, but what is the best practice or recommended user/group design?
Solved! Go to Solution.
02-25-2022 02:35 AM
"best" always depends on a specific situation.
if at the current time you use only a single snmpv2 community used by your network management server
then you could simply replace this with a single snmpv3 account using authpriv
the sole and most import and advantage would be that snmpv3 traffic will be encrypted instead of unencrypted snmpv2 community.
-> the snmp-community name and the snmp-data will not be readable by an unauthorized listener anymore using network capture
if your demands are more complex, like giving different departments or partners another (snmp) view on your network,
then it will be time to think of a more complex design
02-25-2022 02:35 AM
"best" always depends on a specific situation.
if at the current time you use only a single snmpv2 community used by your network management server
then you could simply replace this with a single snmpv3 account using authpriv
the sole and most import and advantage would be that snmpv3 traffic will be encrypted instead of unencrypted snmpv2 community.
-> the snmp-community name and the snmp-data will not be readable by an unauthorized listener anymore using network capture
if your demands are more complex, like giving different departments or partners another (snmp) view on your network,
then it will be time to think of a more complex design
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide