Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1039
Views
0
Helpful
4
Replies

Update SNMP to v3 from v2 using CiscoWorks

jburch
Level 1
Level 1

‎07-03-2008 10:52 AM

Is it possible to update my snmp v2 to version 3 on all my devices using ciscoworks 3.0, leaving everything else in tact?

Labels:
0 Helpful
4 Replies 4

Joe Clarke
Cisco Employee
Cisco Employee

‎07-03-2008 11:09 AM

You can deploy SNMPv3 configuration commands to devices using RME's Netconfig under RME > Config Mgmt > Netconfig > Netconfig Jobs. Create a new job, and select the SNMP Security task.

0 Helpful

jburch
Level 1
Level 1
In response to Joe Clarke

‎07-03-2008 11:27 AM

Thank you. I understand that there are about 16 commands for setting up version 3, would you know them? My current config is as follows:

logging snmp-authfail

logging source-interface Vlan126

logging **************

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 deny any log

access-list 98 permit ************** log

access-list 98 deny any log

access-list 99 permit ************** log

access-list 99 permit ************** log

access-list 99 permit ************** log

access-list 99 deny any log

!

snmp-server community ************** RO 99

snmp-server community ************** RW 98

snmp-server trap-source Vlan126

snmp-server system-shutdown

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps chassis

snmp-server enable traps module

snmp-server enable traps casa

snmp-server enable traps tty

snmp-server enable traps bgp

snmp-server enable traps config

snmp-server enable traps MAC-Notification move threshold

snmp-server enable traps msdp

snmp-server enable traps rf

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps rsvp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps csg agent quota database

snmp-server enable traps vlan-mac-limit

snmp-server host ************** version 2c **************

I know once this are configured on my switches (6509e)that I have to indicate v3 in discovery is that correct?

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to jburch

‎07-03-2008 11:37 AM

You only need two things to allow basic SNMPv3 management. They are an SNMP group and an SNMP username. For example:

snmp-server group v3group v3 auth

snmp-server user v3user v3group v3 auth md5 v3userPassword

This will allow for basic read-only monitoring of the entire MIB tree using SNMPv3 authNoPriv. However, there are a lot of other options available for SNMPv3. See http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html and http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more details.

Yes, when you convert to SNMPv3, you will need to update your Discovery credentials. In LMs, SNMPv3 takes precedence over SNMPv1/v2c. So, if you configure overlapping ranges for v1/v2c and v3 in your Discovery settings, only the v3 credentials will be used for that range.

0 Helpful

jburch
Level 1
Level 1
In response to Joe Clarke

‎07-03-2008 11:43 AM

Thank you, this is a lot more info than I got from TAC.

0 Helpful
Customers Also Viewed These Support Documents