Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

snmpv3 config

snmp-server user myuser mygroup v3 encrypted auth sha password

Does anyone know what might that encrypted do/cause in that entry. When i add that encrypted word to my new snmpv3 user i dont get any snmp packets from switch. Without that it works fine. Poller is DFM 2.0.6

Juha

3 REPLIES
Cisco Employee

Re: snmpv3 config

The encrypted keyword means you will be specifying the user's password as an MD5 or SHA hash. You would use this if you already had the password hashed, and you wanted to input the data as-is. If "password" in your above line is not in a SHA hash (in your example), then you have just broken SNMPv3 for myuser.

Community Member

Re: snmpv3 config

Hi

"then you have just broken SNMPv3 for myuser."

I havent use that "encrypted". But if i sniffer my smnpv3 data the password can not read from sniffer data.(its hashed) If i use that "encrypted" what should i enter for the password. If i dont use that "encrypted" is my user auth password easy to broken. Quite hard now understand what actually that "encrypted" means. Maybe some example might give some light this. I found one document and there was somenthing like adding hex codes instead of plain text for that password if use that "encrypted".

thanks

Juha

Cisco Employee

Re: snmpv3 config

The use of the encrypted keyword does not change what is sent on the wire. In either case, the password is hashed on the wire using the desired algorithm.

Using "encrypted" just changes the way the input is processed. Given that SNMPv3 users do not show up in the config due to the way the RFC is defined, you should never really have a reason to use the encrypted keyword. But you are correct. If you use the encrypted keyword, you will enter a encoded hash. An example MD5 hash may look like:

$1$RvVG$4seAnQAeV1VYyD5tAjoyS0

309
Views
5
Helpful
3
Replies
CreatePlease to create content