CCNA, CCNA Exam, CCNA help, Cisco Certified Network Associate, CCNA study, CCNA prep

CCNA 7.1.b: SNMPv3

Overview:

SNMPv3 contains significant changes to SNMPv2 including options for message integrity, authentication and encryption

 

Study Notes:

  • SNMPv3 does not use community-strings
  • SNMPv3 provides message integrity, authentication, encryption
  • Security model (Auth) is an authentication strategy for groups and users within those groups
  • Security level (Priv) is the permitted level of security within a security model
  • Security mechanism is the combination of security model and security level in use

 

Security Model Security Level Authentication Encryption
SNMPv1 noAuthNoPriv Community String No
SNMPv2 noAuthNoPriv Community String No
SNMPv3 noAuthNoPriv Username No
SNMPv3 authNoPriv MD5 or SHA No
SNMPv3 authPriv MD5 or SHA DES or AES
  • SNMP agents must be configured to use the SNMP version as the management station(s)

 

SNMPv3 noAuthnoPriv Configuration

Router(config)#snmp-server group <groupname> v3 noauth
Router(config)#snmp-server user <username> <groupname> v3

From the SNMP manager, try to snmpwalk the agent

C:\>snmpwalk -v3 -u <username> <router-IP> <OID-to-walk(.1.3.6)>

 

SNMPv3 authNoPriv Configuration

Router(config)#snmp-server group <groupname> v3 auth
Router(config)#snmp-server user <username> <groupname> v3 auth md5 <auth-password>

From the SNMP manager, try to snmpwalk the agent

C:\>snmpwalk -v3 -u <username> -l authNoPriv -A <auth-password> -a MD5 <router-IP> <OID-to-walk(.1.3.6)>

 

SNMPv3 authPriv Configuration

Router(config)#snmp-server group <groupname> v3 priv 
Router(config)#snmp-server user <username> <groupname> v3 auth md5 <auth-password> priv aes256 <priv-password> 

From the SNMP manager, try to snmpwalk the agent

C:\>snmpwalk -v3 -u <username> -l authPriv -A <auth-password> -a MD5 -x AES -X <priv-password> <router-IP> <OID-to-walk(.1.3.6)>

 

To verify:

Router#show snmp group
Router#show snmp user
Router#show running-config | inc snmp

 


Leave a Reply

s2Member®