cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3610
Views
15
Helpful
2
Replies

SNMP v3 encryption and authentication

trane.m
Level 1
Level 1

Hi all,

I'm trying to understand the configurations of SNMP v3. From Cisco's "Software Configuration Guide" > Configuring Simple Network Management Protocol > Configuring SNMP Groups and Users, Step 5, in Purpose column:

"Enter the SNMP version number (v1 , v2c , or v3 ). If you enter v3 , you have these additional options:

  • encrypted specifies that the password appears in encrypted format. This keyword is available only when the v3 keyword is specified.

  • auth is an authentication level setting session that can be either the HMAC-MD5-96 (md5 ) or the HMAC-SHA-96 (sha ) authentication level and requires a password string auth-password (not to exceed 64 characters)."

First observation is that the encrypted parameter will encrypt the password, while the auth parameter will hash the password.

If i write encrypted i cannot choose which encryption algorithm is used. The only two choices i have is access to specify an access list and auth.

tranem_1-1670236476533.png

 

On the other hand, if i write auth as my first parameter, i can choose the authentication (hashing) algorithm as md5 or sha. My next two parameters are access again, and priv which lets me choose my encryption algorithm.

tranem_0-1670236446486.png

 Am i totally misunderstanding something or does this mean that you can only specify which encryption algorithm you want to use, if you also choose to hash it? And if you choose to hash it, you can always choose the authentication algorithm?

 

2 Accepted Solutions

Accepted Solutions