Overview:
SNMPv3 contains significant changes to SNMPv2 including options for message integrity, authentication and encryption
Study Notes:
- SNMPv3 does not use community-strings
- SNMPv3 provides message integrity, authentication, encryption
- Security model (Auth) is an authentication strategy for groups and users within those groups
- Security level (Priv) is the permitted level of security within a security model
- Security mechanism is the combination of security model and security level in use
Security Model | Security Level | Authentication | Encryption |
SNMPv1 | noAuthNoPriv | Community String | No |
SNMPv2 | noAuthNoPriv | Community String | No |
SNMPv3 | noAuthNoPriv | Username | No |
SNMPv3 | authNoPriv | MD5 or SHA | No |
SNMPv3 | authPriv | MD5 or SHA | DES or AES |
- SNMP agents must be configured to use the SNMP version as the management station(s)
SNMPv3 noAuthnoPriv Configuration
Router(config)#snmp-server group <groupname> v3 noauth Router(config)#snmp-server user <username> <groupname> v3
From the SNMP manager, try to snmpwalk the agent
C:\>snmpwalk -v3 -u <username> <router-IP> <OID-to-walk(.1.3.6)>
SNMPv3 authNoPriv Configuration
Router(config)#snmp-server group <groupname> v3 auth Router(config)#snmp-server user <username> <groupname> v3 auth md5 <auth-password>
From the SNMP manager, try to snmpwalk the agent
C:\>snmpwalk -v3 -u <username> -l authNoPriv -A <auth-password> -a MD5 <router-IP> <OID-to-walk(.1.3.6)>
SNMPv3 authPriv Configuration
Router(config)#snmp-server group <groupname> v3 priv Router(config)#snmp-server user <username> <groupname> v3 auth md5 <auth-password> priv aes256 <priv-password>
From the SNMP manager, try to snmpwalk the agent
C:\>snmpwalk -v3 -u <username> -l authPriv -A <auth-password> -a MD5 -x AES -X <priv-password> <router-IP> <OID-to-walk(.1.3.6)>
To verify:
Router#show snmp group Router#show snmp user Router#show running-config | inc snmp