Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
0
Helpful
6
Replies

snmp configuration

ranjitgajria
Level 1
Level 1

‎05-16-2006 09:23 PM - edited ‎03-09-2019 02:56 PM

In a router if the configuration is as below is it using SNMPv3 security features.

snmp-server engineID local xxxx

snmp-server community xxxx RO

snmp-server community xxxx RW

snmp-server enable traps tty

Labels:
0 Helpful
6 Replies 6

a.kiprawih
Level 7
Level 7

‎05-16-2006 11:53 PM

Hi,

SNMP configuration (except for snmpv1) normally has the keyword 'v', e.g. v3 to indicate the snmp version.

Refer to the following example on how snmpv3 is configured in router:

http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a008020826d.html#wp1007644

Other resources to refer:

->SNMPv3:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1830/products_feature_guide09186a00800878fa.html

->Cisco IOS Network Management Command Reference, Release 12.4T

http://www.cisco.com/en/US/partner/products/ps6441/products_command_reference_book09186a00804973bc.html

->Improving Security on Cisco Routers:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#snmp

->Understanding System Management Configuration Management

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1820/products_configuration_guide_chapter09186a0080087d02.html

Rgds,

AK

0 Helpful

a.kiprawih
Level 7
Level 7

‎05-16-2006 11:57 PM

SNMPv1 does not require the 'v1' keyword (default), and this is matched with your config - running snmpv1.

Rgds,

AK

0 Helpful

ranjitgajria
Level 1
Level 1
In response to a.kiprawih

‎05-17-2006 03:03 AM

What is exactly the risk in having snmpv1 ... what is the worse that can happen if the configuration is on an internal segment.

Rgds,

Ranjit

0 Helpful

a.kiprawih
Level 7
Level 7

‎05-17-2006 12:45 PM

Hi,

In SNMPv1, the transferred/exchanged snmp data is not encrypted. It's in clear text format. Somebody with sniffing tool can pick-up this traffic and view the device config/status. It could get worst if the intercepted info between managed network devices and management machine is running in read-write (RW) mode. In SNMPv3, everything is fully encrypted.

How safe using SNMPv1 vs SNMPv3 is depending on your business requirements, how critical managed network infra devices and how critical/sensitive those snmp/management data to your organization.

But I believed, banking sector normally has a strict security policy, including on network infra.

Hope this helps.

Rgds,

AK

0 Helpful

ranjitgajria
Level 1
Level 1
In response to a.kiprawih

‎05-18-2006 12:26 AM

yes, they do have a strict security policy and thats why you have IT Auditors who check agnst the policies.

In essence at max someone can view the config and if it RW mode then change the config.

Thanks for you help.

0 Helpful

lrian
Level 1
Level 1
In response to ranjitgajria

‎05-20-2006 11:40 PM

Their security policy can't be very strict if it allows something like

  snmp-server community xxxx RW

with no access list.

0 Helpful
Customers Also Viewed These Support Documents