snmpv3 user

Unanswered Question
Nov 9th, 2007

When you set up the snmp user command does that user have to match a local user account on the router/swtich? (Or a radius/tacacs+ account). If so does that mean the auth password has to match the user account? I am having trouble connecting to our NMS when I start using the authnoPriv or authPriv contexts. I know I have the crypto IOS so that is not the issue. I can make connection to our NMS using noAuthnoPriv, but I would like more security. We do use tacacs+ for our user account login and the it goes back to local login if the ACS Server is down. Does this mean I have to use tacacs+ for my SNMPv3 authentication? Are there any good docs on that out there? Any help on this would be great! Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Sat, 11/10/2007 - 15:24

Currently, there is no support for getting SNMPv3 users from AAA. So the quick answer is, no, the SNMPv3 user and password do NOT have to match what you have in Radius or TACACS+. All SNMPv3 users must be locally configured on your device.

This document should get you started securing your SNMP traffic, and help you with configuring SNMPv3:


This Discussion