Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

snmp configuration

In a router if the configuration is as below is it using SNMPv3 security features.

snmp-server engineID local xxxx

snmp-server community xxxx RO

snmp-server community xxxx RW

snmp-server enable traps tty

6 REPLIES

Re: snmp configuration

Hi,

SNMP configuration (except for snmpv1) normally has the keyword 'v', e.g. v3 to indicate the snmp version.

Refer to the following example on how snmpv3 is configured in router:

http://www.cisco.com/en/US/partner/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a008020826d.html#wp1007644

Other resources to refer:

->SNMPv3:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1830/products_feature_guide09186a00800878fa.html

->Cisco IOS Network Management Command Reference, Release 12.4T

http://www.cisco.com/en/US/partner/products/ps6441/products_command_reference_book09186a00804973bc.html

->Improving Security on Cisco Routers:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml#snmp

->Understanding System Management Configuration Management

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1820/products_configuration_guide_chapter09186a0080087d02.html

Rgds,

AK

Re: snmp configuration

SNMPv1 does not require the 'v1' keyword (default), and this is matched with your config - running snmpv1.

Rgds,

AK

New Member

Re: snmp configuration

What is exactly the risk in having snmpv1 ... what is the worse that can happen if the configuration is on an internal segment.

Rgds,

Ranjit

Re: snmp configuration

Hi,

In SNMPv1, the transferred/exchanged snmp data is not encrypted. It's in clear text format. Somebody with sniffing tool can pick-up this traffic and view the device config/status. It could get worst if the intercepted info between managed network devices and management machine is running in read-write (RW) mode. In SNMPv3, everything is fully encrypted.

How safe using SNMPv1 vs SNMPv3 is depending on your business requirements, how critical managed network infra devices and how critical/sensitive those snmp/management data to your organization.

But I believed, banking sector normally has a strict security policy, including on network infra.

Hope this helps.

Rgds,

AK

New Member

Re: snmp configuration

yes, they do have a strict security policy and thats why you have IT Auditors who check agnst the policies.

In essence at max someone can view the config and if it RW mode then change the config.

Thanks for you help.

New Member

Re: snmp configuration

Their security policy can't be very strict if it allows something like

  snmp-server community xxxx RW

with no access list.

373
Views
0
Helpful
6
Replies