Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP v3 Migration

I need to implement SNMP v3 across a large estate ~ 400 devices, primarily so that these devices can be managed by CW Prime LMS 4.2.  I have tested this manually and I'm getting LMS talking to the test device ok so I'm getting to grips with things.  However it has only recently become apparent to me that each device needs to have a unique engineID so this could take some time if I have to enter each engineID manually into the CW credential database!

Is there any way I can automate this process using LMS 4.2?  If not has anybody else who has had to migrate from snmp v1/2 able to suggest any solutions for making this process quicker?

Thanks in advance.

Everyone's tags (3)
2 REPLIES
Cisco Employee

SNMP v3 Migration

An SNMP engine ID is generated automatically but is not displayed or stored in the running configuration. You can display the default or configured engine ID by using the show snmp engineID command.

Changing the value of snmpEngineID has important side-effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the local engine ID. The command line password is then destroyed, as required by RFC 2274. Because of this deletion, if the local value of engineID changes, the security digests of SNMPv3 users will be invalid, and the users will have to be reconfigured.


Similar restrictions require the reconfiguration of community strings when the engine ID changes. A remote engine ID is required when an SNMPv3 inform is configured. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.

It is not mandatory to configure snmpEngineID, as it is default generated in IOS. In case you configure it, it will make an already complicated SNMP v3 config even more.

In LMS, it is not possible to configure all devices for snmpEngineID, as each value has to be unique and NetConfig job would not be able to do so.

There can be script to do so, which can be devised, which may add/increment engineID with some fixed value.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **
New Member

SNMP v3 Migration

Thanks for your response Vinod but unfortunately this hasn't really answered my question - I understand that the IOS generates a unique engineID which isn't displayed by default but can be viewed using a show command.

The problem I have is that I need to configure 400 unique engineIDs in our Prime LMS 4.2 NMS and I don't want to have to do this manually, surely somebody must have had to automate this process at some point or am I misunderstanding?

489
Views
0
Helpful
2
Replies