SNMP helps to gather and organize device information in an IP network. Currently, it has three main versions – v1, v2c, v3. The problem with the version v1 and v2c, there is almost no security. So, SNMP v3 was introduced to add security.
Earlier, we have configured SNMP v2c, and today we will learn to configure SNMP v3 in Cisco IOS devices. So, let’s get started.
Example: Configure SNMP v3 in Cisco
SNMPv3 support three (3) modes. These are-
- noAuthNoPriv
- authNoPriv
- authPriv
We will configure all the modes one by one. Let’s start with noAuthNoPriv first.
noAuthNoPriv
This mode has no authentication and no encryption services.
snmp-server view OUR-MIB-VIEW mib-2 included snmp-server group OUR-SNMP-GROUP v3 noauth read OUR-MIB-VIEW snmp-server user SNMPuser OUR-SNMP-GROUP v3
Explanation:
SNMPuser is the username for SNMP.
OUR-SNMP-GROUP is our Security Model group.
OUR-MIB-VIEW is the name of our MIB-Tree view group.
mib-2 is a part of MIB where all the interfaces and system information can be found. Below are the reference for MIB.
authNoPriv
In this mode, authentication will be there, but no encryption services.
snmp-server view OUR-MIB-VIEW mib-2 included snmp-server group OUR-SNMP-GROUP v3 auth read OUR-MIB-VIEW snmp-server user SNMPuser OUR-SNMP-GROUP v3 auth md5 LetsConfig_AUTH
Explanation:
SNMPuser is the username and LetsConfig_AUTH is the authentication code.
authPriv
In this mode, authentication and encryption services will be there.
snmp-server view OUR-MIB-VIEW mib-2 included snmp-server group OUR-SNMP-GROUP v3 auth read OUR-MIB-VIEW snmp-server user SNMPuser OUR-SNMP-GROUP v3 auth md5 LetsConfig_AUTH priv 3des LetsConfig_PRIV
Explanation:
SNMPuser is the username, LetsConfig_AUTH is the authentication code and LetsConfig_PRIV is encryption code.
If you want, you can watch this video on SNMP v3 to know how it works.
