SNMP v3 configuration

Answered Question
Oct 5th, 2009

Hello folks


could you guys please tell me if you know some documents on how to configure SNMPv3 ?


this is the only one i've found so far


http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp19524


but i need to understand how to get the engineID and all of that what's required what's not and maybe some configuration examples


thank you

Correct Answer by Joe Clarke about 7 years 4 months ago

This document may help:


http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml


The engineID should be pre-assigned, and can be obtained with the command:


show snmp engineID


The Local SNMP engineID can then be used in your SNMP managers.


Essentially, all you need to allow a manager to poll your device is an SNMPv3 group and an SNMPv3 user. The simplest working config is:


snmp-server group v3group v3 auth

snmp-server user v3user v3group v3 auth md5 v3user123



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Mon, 10/05/2009 - 11:23

This document may help:


http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094489.shtml


The engineID should be pre-assigned, and can be obtained with the command:


show snmp engineID


The Local SNMP engineID can then be used in your SNMP managers.


Essentially, all you need to allow a manager to poll your device is an SNMPv3 group and an SNMPv3 user. The simplest working config is:


snmp-server group v3group v3 auth

snmp-server user v3user v3group v3 auth md5 v3user123



cris_jimenez Mon, 10/05/2009 - 11:44

Thank you Joe


I was wondering how do you know the engine ID of the management station, like What's up gold ?


what happen when you set a remote engine id on the device ?


this is an optional step, but i don't know what it does


thanks

Joe Clarke Mon, 10/05/2009 - 12:01

You would have to check with Ipswitch. You will only need to set a remote engineID if you are going to be using SNMP informs. With informs, the manager becomes the authoritative engine, and thus the agent has to send the informs with its engineID.

cris_jimenez Tue, 10/06/2009 - 06:55

Joe


i configured the 2 lines for testing purposes on 1 switch

when i issue a show run | i snmp-server


rkl1r324s3750Fa#sh run | i snmp

snmp-server group v3group v3 auth

snmp-server community netmonr RO

snmp-server community netmonrw RW


the command where i set the user doesn't show up, is that ok ?


i'm also running snmp v2c at this point


thanks

Joe Clarke Tue, 10/06/2009 - 08:07

This is expected. Per the SNMPv3 spec, the user cannot appear in the config as even the hashed credentials cannot be displayed. If you want to confirm your user is configured, use "show snmp user".


If you've configured a user, you're actually running SNMPv1, v2c, and v3.

Actions

This Discussion