cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1032
Views
0
Helpful
4
Replies

Update SNMP to v3 from v2 using CiscoWorks

jburch
Level 1
Level 1

Is it possible to update my snmp v2 to version 3 on all my devices using ciscoworks 3.0, leaving everything else in tact?

4 Replies 4

Joe Clarke
Cisco Employee
Cisco Employee

You can deploy SNMPv3 configuration commands to devices using RME's Netconfig under RME > Config Mgmt > Netconfig > Netconfig Jobs. Create a new job, and select the SNMP Security task.

Thank you. I understand that there are about 16 commands for setting up version 3, would you know them? My current config is as follows:

logging snmp-authfail

logging source-interface Vlan126

logging **************

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 permit ************** log

access-list 10 deny any log

access-list 98 permit ************** log

access-list 98 deny any log

access-list 99 permit ************** log

access-list 99 permit ************** log

access-list 99 permit ************** log

access-list 99 deny any log

!

snmp-server community ************** RO 99

snmp-server community ************** RW 98

snmp-server trap-source Vlan126

snmp-server system-shutdown

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps chassis

snmp-server enable traps module

snmp-server enable traps casa

snmp-server enable traps tty

snmp-server enable traps bgp

snmp-server enable traps config

snmp-server enable traps MAC-Notification move threshold

snmp-server enable traps msdp

snmp-server enable traps rf

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps rsvp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps c6kxbar intbus-crcexcd intbus-crcrcvrd

snmp-server enable traps envmon fan shutdown supply temperature status

snmp-server enable traps csg agent quota database

snmp-server enable traps vlan-mac-limit

snmp-server host ************** version 2c **************

I know once this are configured on my switches (6509e)that I have to indicate v3 in discovery is that correct?

You only need two things to allow basic SNMPv3 management. They are an SNMP group and an SNMP username. For example:

snmp-server group v3group v3 auth

snmp-server user v3user v3group v3 auth md5 v3userPassword

This will allow for basic read-only monitoring of the entire MIB tree using SNMPv3 authNoPriv. However, there are a lot of other options available for SNMPv3. See http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html and http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml for more details.

Yes, when you convert to SNMPv3, you will need to update your Discovery credentials. In LMs, SNMPv3 takes precedence over SNMPv1/v2c. So, if you configure overlapping ranges for v1/v2c and v3 in your Discovery settings, only the v3 credentials will be used for that range.

Thank you, this is a lot more info than I got from TAC.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco