Configuring SNMPv3 can be a daunting task compared to earlier questions, just from the copious amount of authentication parameters compared to earlier SNMP versions. In this short primer I’ll walk you through the steps necessary to set it up to get the same functionality as earlier SNMP versions, but with real (at least compared to SNMPv2c) security. I’m totally skipping the lesser security models, and moving directly to the Auht/Priv model.
First we need to enter the configuration context
Switch1# conf t
Then we need to create a user group with the right SNMP version, privacy and authentication settings, as well as the right read and write views
Switch1(config)#snmp-server group SNMPV3Group v3 priv read V3Read write V3Write
Then we need to create the user that belongs to this group, feel free to use a higher AES level if you so desire (128, 192 or 256 bits)
Switch1(config)#snmp-server user SNMPV3User SNMPV3Group v3 auth sha [auth password] priv aes 128 [priv password]
Then we need to assign the read and write views the right privileges to actually read and write to the SNMP objects.
Switch1(config)#snmp-server view V3Read iso included
Switch1(config)#snmp-server view V3Write iso included
Exit the configuration context
Test that everything works, and write the configuration to memory
Switch1# copy running-config startup-config
Leave a Reply