Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3160
Views
15
Helpful
2
Replies

SNMP v3 encryption and authentication

Go to solution
trane.m
Level 1
Level 1

‎12-05-2022 02:36 AM

Hi all,

I'm trying to understand the configurations of SNMP v3. From Cisco's "Software Configuration Guide" > Configuring Simple Network Management Protocol > Configuring SNMP Groups and Users, Step 5, in Purpose column:

"Enter the SNMP version number (v1 , v2c , or v3 ). If you enter v3 , you have these additional options:

  • encrypted specifies that the password appears in encrypted format. This keyword is available only when the v3 keyword is specified.

  • auth is an authentication level setting session that can be either the HMAC-MD5-96 (md5 ) or the HMAC-SHA-96 (sha ) authentication level and requires a password string auth-password (not to exceed 64 characters)."

First observation is that the encrypted parameter will encrypt the password, while the auth parameter will hash the password.

If i write encrypted i cannot choose which encryption algorithm is used. The only two choices i have is access to specify an access list and auth.

tranem_1-1670236476533.png

 

On the other hand, if i write auth as my first parameter, i can choose the authentication (hashing) algorithm as md5 or sha. My next two parameters are access again, and priv which lets me choose my encryption algorithm.

tranem_0-1670236446486.png

 Am i totally misunderstanding something or does this mean that you can only specify which encryption algorithm you want to use, if you also choose to hash it? And if you choose to hash it, you can always choose the authentication algorithm?

 

2 Accepted Solutions

Accepted Solutions

Go to solution
tvotna
Spotlight
Spotlight

‎12-05-2022 03:00 AM

Don't put "encrypted" into the command line. The system will add it automatically into the running-config to hash auth and priv passwords you entered. So, just do snmp-server user <user> <group> v3 auth sha <auth-password> priv aes 128 <encr-password>

View solution in original post

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-05-2022 04:41 AM

You can always choose both the hash and encryption algorithms with snmpv3.

The "encrypted" keyword means you are providing the snmp password already encrypted (an uncommon use case). As @tvotna noted, the snmpv3 password will be saved in secure form automatically (no matter how you provide it initially).

View solution in original post

2 Replies 2

Go to solution
tvotna
Spotlight
Spotlight

‎12-05-2022 03:00 AM

Don't put "encrypted" into the command line. The system will add it automatically into the running-config to hash auth and priv passwords you entered. So, just do snmp-server user <user> <group> v3 auth sha <auth-password> priv aes 128 <encr-password>

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-05-2022 04:41 AM

You can always choose both the hash and encryption algorithms with snmpv3.

The "encrypted" keyword means you are providing the snmp password already encrypted (an uncommon use case). As @tvotna noted, the snmpv3 password will be saved in secure form automatically (no matter how you provide it initially).

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card