Re: Will/does CiscoWork2000 support SNMP V2/3?

grantlewis · ‎12-18-2001

I am interested in using the higher security provided with SNMP 2 and 3. It does not look like CW2K supports it.

minielsen · ‎12-18-2001

This question was also raised during Networkers in Copenhangen and the answer was that there is no plans for SNMPv3 support in CW2000. Note that SNMPv2c doesn't give you more security. Note also that CW2000 uses a lot of other unsecure protocols like tftp, telnet and rcp.

Have a look at OpenView Network Node Manager with the security add-on from SNMP Research. That will give you SNMPv3. Mail me offline if you need pointers.

Michael.

patoil · ‎12-22-2001

Hi all,

Although SNMP1 doesn´t provide security, you can raise your security level by using Access Lists numbers at the end of your SNMP community string IOS commands. That will restrict your SNMP messages source/destination based on IP addresses, and that´s the best I´ve been able to do till now.

Hope that helps

Paticio.

minielsen · ‎12-23-2001

I aggree on this one. There are many other ways to enforce the security than using the community strings of SNMPv1/v2c or the authentication and encryption of SNMPv3. Access lists are one, configuring the allowed manager(s) is another. There was a really good presentation on this at Cisco Networkers on how to at the same time secure your environment and still make it manageable called "Management in secure environments". It was done by Erik Lenten from Cisco at Netwokers in Copenhagen and the seesion ID was NCM-280. Let me know if you need more info.

Michael.