Snmp v3 configurations

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(Related Information)
(Design)
Line 15: Line 15:
* Configure snmp user :
* Configure snmp user :
-
snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]  
+
snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]
-
[[Image:sample_topology.jpg]]
 
-
 
==Configuration==
==Configuration==

Revision as of 14:58, 23 June 2010

Contents

Introduction

  • How to configure SNMP v3 on a IOS/CatOS device using the command line interface .

Design

  • Configure snmp group:

snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]

  • Configure snmp user :

snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]

Configuration

  • SNMP commands for SNMPv3: IOS.

+ snmp-server group V3Group v3 [auth/noauth] read V3Read write V3Write

+ snmp-server user V3User V3Group v3 auth [sha/md5] [password]

+ snmp-server view V3Read iso included

+ snmp-server view V3Write iso included

+ snmp-server host <IP_address> version 3 auth V3User

+ snmp-server enable traps


  • SNMP commands for SNMPv3: CatOS:

+ set snmp access V3Group security-model v3 authentication read V3Read write V3Write nonvolatile

+ set snmp user V3User authentication md5 [password]

+ set snmp group V3Group user V3User security-model v3 nonvolatile

+ set snmp view V3Read 1.3.6.1 included nonvolatile

+ set snmp view V3Write 1.3.6.1 included nonvolatile


  • auth group using the authNoPriv Security Level
  • noauth group using the noAuthNoPriv Security Level
  • md5 Use HMAC MD5 algorithm for authentication
  • sha Use HMAC SHA algorithm for authentication
  • V3Group is group-name we created for snmp v3 , this is called "a User Security Model group". You can chose the group name you prefer.
  • V3User is a user-name that we created , in the above example this user belongs to the group V3Group .
  • V3Read, V3Write are the SNMP read and write community strings , these communities will be used when you perform SNMP polls or edit on the device using SNMPv3 , use the appropriate strings you prefer but avoid using special characters .
  • example on IOS device would be :

+ snmp-server group V3Group v3 auth read V3Read write V3Write

+ snmp-server user V3User V3Group v3 auth md5 MyPassword

+ snmp-server view V3Read iso included

+ snmp-server view V3Write iso included

+ snmp-server host X.X.X.X version 3 auth V3User

+ snmp-server enable traps


Related show Commands

This section provides information you can use to confirm your configuration is working properly.

Use the below commands to confirm you have configured this correctly :

  1. show snmp groups : Displays information on each SNMP group on the network.

+ show snmp group : groupname: V3Group security model:v3 auth readview : V3Read writeview: V3Write

Related Commands : snmp-server group

  1. show snmp user : Displays information on each SNMP username in the SNMP users table.

+ show snmp user :

User name: V3User Engine ID: 800000090300001CF964CF01 storage-type: nonvolatile active Authentication Protocol: SHA Group-name: V3Group

Related Commands : snmp-server user


Certain show commands are supported by the Output Interpreter Tool (registered customers only), which allows you to view an analysis of show command output.


+ Try to snmpwalk the device using snmp v3 as below :

snmpwalk -v3 -u [SNMPv3 user] -A [password] -l [set-security-level] deviceIP <OID> .

  • -u : is the snmp v3 user.
  • -A : is the password.
  • -l : is the authentication mode [noAuthNoPriv|authNoPriv|authPriv].
  • -a : is the authentication protocol (MD5|SHA).

+ example :

C:\>snmpwalk -v3 -u V3User -A MyPassword -l authNoPriv -a MD5 10.10.10.10. 1.3.6.1. 2.1.1.2 SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.928


Show running-config

JOR-2960#show running-config | inc snmp-server
snmp-server group V3Group v3 auth read V3Read write V3Write
snmp-server view V3Read iso included
snmp-server view V3Write iso included
snmp-server host 10.0.10.211 version 3 auth V3User


Related Information

Technical Support & Documentation - Cisco Systems

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html

Rating: 4.1/5 (17 votes cast)

Personal tools