Tag: cisco

SNMP version 3 configuration for Cisco router or switch

snmp SNMP v1 and v2 are not really worthy of a post. You can configure v1 or v2 with one command and are not secure.
There are only a few commands required to configure SNMP v3. It’s no that difficult but, as with everything Cisco, it’s sometimes difficult for non-CCIE’s to read their documentation.
Connect to you router with your favorite SSH client. I think nearly everyone uses Putty. Log in and make your way to the enable prompt. The first thing I would do is check for existing snmp-server lines in the current config file. Someone may have already tried to configure your router.
This command displays any line in the config file that contains snmp and should result in no output. If it did you may want to clean up your router before getting started.

Router#show run | include snmp

You also need to check for any SNMP v3 users or groups that may have been created. Should produce no output.

Router#show snmp user
Router#show snmp group

Ok. Lets get started. First let’s limit SNMP queries from one particular IP. In my previous post concerning SNMP (highlight)this would be the Manager. Make your way to the config prompt and create an access list that matches your network.

Example:
Router(config)#access-list 10 permit (IP of your Manager) log
Next we need to add point of contact information.

Example:
Router(config)#snmp-server contact Google Glasses Jr.
Router(config)#snmp-server location Secret Floating Google Datacenter
Router(config)#snmp-server chassis-id (serial number)

You do not need to create what is called a VIEW. A VIEW is simply a way to limit what MIB trees the SNMP user account can access. By default the top level down is included. Let’s move on to creating a Group.
Example: We are creating a group called npm that uses authpriv and users in this group must make requests from IP’s listed in access list 10.

Router(config)#snmp-server group npm v3 priv access 10

Now lets create a user.

Example: We are creating a user called orion, adding him/her to the npm group, setting SHA authentication, and AES128 encryption.

Router(config)#snmp-server user orion npm v3 auth sha (password) priv aes 128 (password)

And that’s it. It’s not difficult. Here is the output of the above actions:

smmp1

snmp2

snmp3

Happy monitoring.

Advertisements