Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1489
Views
0
Helpful
1
Replies

Want to move to snmpv3 from snmpv2 ?

abeyimame09
Level 1
Level 1

‎01-10-2013 09:16 AM

Dear all,

I was trying to move from snmpv2 to snmpv3

forexample I have an access-list defined for rw

and the snmp defined as below for snmpv2

snmp-server host  xx.xx.xx.xx  v2c **************

snmp-server community ********************* rw acl-aclname

For better security I want to move to snmpv3

I wanted to know what this snmpv3 line by line can anyane please help?

snmp-server engineID remote 192.168.0.1  00000063000100a1ac151003 //what is a good rule of tumb to manualy  configure this hexadecimal remote engineID

snmp-server group authgroup v3 auth  

snmp-server user  authuser authgroup remote 192.168.0.1 v3 auth md5 mypassword 

snmp-server user user authgroup v3 auth md5 mypassword

snmp-server host 192.168.0.1 informs version 3 auth authuser config

snmp-server enable traps

snmp-server inform retries 0

Also to use access list for snmp pulling for read/write access for the snmpv3 is that just replacing the acl for the read/write for snmv2 with the acl-for read/write for snmv3 or is the configuration going to be different?

snmp-server community ********************* rw acl-aclname

Labels:
0 Helpful
1 Reply 1

ngoldwat
Level 4
Level 4

‎01-10-2013 10:25 AM

Hi

snmp-server engineID remote 192.168.0.1 00000063000100a1ac151003 //what is a good rule of thumb to manualy configure this hexadecimal remote engineID

The best rule is not to configure the ID by hand.  It is dynamically created.  The value for this object may not be all zeros or all 'ff' or the empty (zero length) string.  The initial value for this object may be configured via an operator console entry or via an algorithmic function.  In the latter case, the following example algorithm is recommended. In cases where there are multiple engines on the same system, the use of this algorithm is NOT  appropriate, as it would result in all of those engines ending up with the same ID value.

SNMP commands for SNMPv3: IOS

+ snmp-server group V3Group v3 [auth/noauth] read V3Read write V3Write

+ snmp-server user V3User V3Group v3 auth [sha/md5] [password]

+ snmp-server view V3Read iso included

+ snmp-server view V3Write iso included

+ snmp-server host version 3 auth V3User

+ snmp-server enable traps

show snmp groups ( Displays information on each SNMP group on the network.)

show snmp user (Displays information on each SNMP username in the SNMP users table.)

SNMPWalk syntax:  snmpwalk -v3 -u [SNMPv3 user] -A [password] -l [set-security-level] deviceIP

Here is a good presentation.  Check out the section entitled: "Locking Down SNMP Access"

0 Helpful
Customers Also Viewed These Support Documents