Cisco IOS Configuration | WhiteTiger Blogs

Posts Tagged ‘Cisco IOS configuration’

The Case for SNMPv3

Saturday, February 13th, 2010

Reluctant to deploy SNMPv3?

Often I hear organizations complain about SNMPv3 being too complex to deploy. A lot of TCP/IP protocols in networks today have some level of complexity, encryption, hashed passwords, double authentication, shared key, triple handshake mechanism, etc.
But yet SNMPv2 still has community strings sent in “clear text” over the network.

In a Cisco network, you can tighten SNMPv2 security by binding it to an ACL, but isn’t that just telling a potential hacker who the NMS systems are? I always say: Whoever owns the NMS server(s), owns the network.

Recently I have deployed SNMPv3 onto a Cisco Network and surprisingly to my delight, found that I needed only to spend two hours on research.
The following SNMPv3 configuration is for a Cisco IOS device and it turned out to be very useful, secure and versatile for various NMS systems to manage the network.

I think the core concept to understand about SNMPv3 is users, groups and views. Some of the online PDFs and bulletins I’ve come across so far, has this in common when it comes to creating a SNMP v3 configuration.
–
Conceptually, here are the steps, in this exact order.

1. Assign an Engine ID for the SNMP Entity (its optional, but a very good idea)
2. Define a view and select a MIB
3. Define a group and tie it to a “view”
4. Define a user, add it to a group and add a password.

Example:
1. server engineID local 111100000000000000000000
2.
a. snmp-server view NOCview mib-2 included
b. snmp-server view NOCview cisco included
c. snmp-server view NOCview v1default included

3. snmp-server group NOCengineers v3 auth write NOCview
4. snmp-server user NMSops NOCengineers v3 auth md5 passW0rd20systemX487

Of course, there are more options available with regards to security like adding the “priv” command to the group for instance. All it means is that data will be encrypted: des56 encryption is such an option.

Oh yes, when you display the configuration, you won’t see any users – they’re hidden. The only way you can “see” them is through the “show snmp users/groups” command. I truly hope my explanation was understandable and simple enough to tame the perception of SNMPv3.
All the best.

Cheers
Pierre

[wp_campaign_2]

1 Star 2 Stars 3 Stars 4 Stars 5 Stars (4 votes, average: 4.50 out of 5)
Loading ...

Tags: Cisco IOS configuration, Cisco SNMPv3, SNMPv2 community strings, SNMPv3, SNMPv3 configuration

Posted in Network Management | 4 Comments »

Add this post to Del.icio.us - Digg

Subscription
Fill out the form below to signup to our blog newsletter and we'll drop you a line when new articles come up.

Our strict privacy policy keeps your email address 100% safe & secure.
Choose Language
- English
- Français
Categories
- Cisco ACS (1)
- Cisco CUOM 2 (1)
- CiscoWorks LMS (3)
- CiscoWorks QPM (1)
- Network Management (2)
Archives
Recent Comments
- admin: Hi Mario There has been some errors with WordPress and is corrected now. New posts that were saved in draft...
- Mario: Hi, please post something again? why so quite? too busy? gone?
- admin: You are most welcome – I hope you subscribe to my newsletter. Take care.
- punit: thank you very much for publishing this. It has been really helpful. cheers
- Mario: I love this website! Beautiful. Just the thing I was looking for. Thanx & keep it up!
Users Online
4 Users Online
Users: 4 Guests

WhiteTiger Blogs

Posts Tagged ‘Cisco IOS configuration’

The Case for SNMPv3

Subscription

Choose Language

Categories

Archives

Recent Comments

Users Online