Enabling SNMPv3
Problem
You want to enable SNMPv3 on your router for security purposes.
Solution
SNMPv3 supports three modes of operation, each with different security features. These modes are summarized in Table 17-1. The following configuration commands enable SNMPv3 with no authentication and no encryption services (noAuthNoPriv):
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#snmp-server view
TESTV3
mib-2 include
Router(config)#snmp-server group
NOTSAFE
v3 noauth read
Router(config)#
TESTV3
snmp-server user
WEAK NOTSAFE
v3
Router(config)#end
Router#
Use the following configuration commands to enable SNMPv3 with MD5 authentication and no encryption services (authNoPriv):
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#snmp-server view
TESTV3
mib-2 include
Router(config)#snmp-server group
ORAROV3
v3 auth read
Router(config)#
TESTV3
snmp-server user
cking ORAROV3
v3 auth md5
daytona19yRouter(config)#
end
Router#
And you can enable SNMPv3 with MD5 authentication and DES encryption services (authPriv) as follows:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router(config)#snmp-server view
TESTV3
mib-2 include
Router(config)#snmp-server group
ORAROV3
v3 auth read
Router(config)#
TESTV3
snmp-server user
bpugsley ORAROV3
v3 auth md5
hockeyrules
priv des56
Router(config)#
shortguy
end
Router#
Discussion
At the time of writing this book, the IETF had ...
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.