Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8645
Views
6
Helpful
5
Replies

SNMP Community String Encryption

Go to solution
avilt
Level 3
Level 3

‎06-16-2018 11:45 PM - edited ‎02-21-2020 07:53 AM

I need to encrypt the SNMP community string on Cisco IOS switches and ASA firewalls? What is the command to enable the encryption?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-17-2018 12:04 AM

The community string in SNMPv1 and v2 itself is not encrypted (or able to be configured to be encrypted).

 

If you setup your devices to use only SNMPv3, you can set both privacy (PRIV) and authentication (AUTH) strings. Those are stored as MD5- or SHA-hashed values on the device. Using a privacy string means the communications between the device and the SNMPv3 user will be encrypted using DES, 3DES or AES (-128, -192 or -256 according to your configuration).

View solution in original post

5 Replies 5

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-17-2018 12:04 AM

The community string in SNMPv1 and v2 itself is not encrypted (or able to be configured to be encrypted).

 

If you setup your devices to use only SNMPv3, you can set both privacy (PRIV) and authentication (AUTH) strings. Those are stored as MD5- or SHA-hashed values on the device. Using a privacy string means the communications between the device and the SNMPv3 user will be encrypted using DES, 3DES or AES (-128, -192 or -256 according to your configuration).

Go to solution
avilt
Level 3
Level 3
In response to Marvin Rhoads

‎06-17-2018 11:03 PM

In the following command, is it possible to encrypt the priv password? From the running config, I would like to hide or encrypt this string.

 

snmp-server host 10.0.10.61 version 3 priv mypassword

 

 

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to avilt

‎06-18-2018 05:12 AM

Hi, An snmpv3 user configuration/password is not viewable in the running configuration, they are stored in the private-config. You would have to run "show snmp user" to view the attributes of a configured snmp v3 user, which does not display the password either. So you should be fine.
0 Helpful

Go to solution
avilt
Level 3
Level 3
In response to Rob Ingram

‎06-18-2018 06:40 AM

The following command is used to authenticate and receive the snmp traps. How do I encrypt the password in running config in the following command. I have already enabled service password-encryption

 

snmp-server host 10.0.10.61 version 3 priv mypassword

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to avilt

‎06-18-2018 07:02 AM

It's not a password being specified using that command (see below), it's requiring a v3 username, which as mentioned previously is not displayed in the running-config.

 

LAB-RTR(config)# snmp-server host  192.168.10.100 version 3 priv ?
  WORD  SNMPv1/v2c community string or SNMPv3 user name

 

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card