cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8644
Views
6
Helpful
5
Replies

SNMP Community String Encryption

avilt
Level 3
Level 3

I need to encrypt the SNMP community string on Cisco IOS switches and ASA firewalls? What is the command to enable the encryption?

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

The community string in SNMPv1 and v2 itself is not encrypted (or able to be configured to be encrypted).

 

If you setup your devices to use only SNMPv3, you can set both privacy (PRIV) and authentication (AUTH) strings. Those are stored as MD5- or SHA-hashed values on the device. Using a privacy string means the communications between the device and the SNMPv3 user will be encrypted using DES, 3DES or AES (-128, -192 or -256 according to your configuration).

View solution in original post

5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

The community string in SNMPv1 and v2 itself is not encrypted (or able to be configured to be encrypted).

 

If you setup your devices to use only SNMPv3, you can set both privacy (PRIV) and authentication (AUTH) strings. Those are stored as MD5- or SHA-hashed values on the device. Using a privacy string means the communications between the device and the SNMPv3 user will be encrypted using DES, 3DES or AES (-128, -192 or -256 according to your configuration).

In the following command, is it possible to encrypt the priv password? From the running config, I would like to hide or encrypt this string.

 

snmp-server host 10.0.10.61 version 3 priv mypassword

 

 

Hi, An snmpv3 user configuration/password is not viewable in the running configuration, they are stored in the private-config. You would have to run "show snmp user" to view the attributes of a configured snmp v3 user, which does not display the password either. So you should be fine.

The following command is used to authenticate and receive the snmp traps. How do I encrypt the password in running config in the following command. I have already enabled service password-encryption

 

snmp-server host 10.0.10.61 version 3 priv mypassword

It's not a password being specified using that command (see below), it's requiring a v3 username, which as mentioned previously is not displayed in the running-config.

 

LAB-RTR(config)# snmp-server host  192.168.10.100 version 3 priv ?
  WORD  SNMPv1/v2c community string or SNMPv3 user name

 

HTH

Review Cisco Networking for a $25 gift card