SNMPv3 doesn't user community-strings like SNMPv1 and SNMPv2
SNMPv3 can you authentication (MD5 and SHA) and encryption with ( AES and 3DES)
in addition to authentication and encryption, SNMPv3 has a message integrity which ensures the packet has not been changed during transit.
SNMPv3 security levels:
1. noAuthNoPriv Only username required, no password and no encryption is done.
2. AuthNoPriv MD5 or SHA is used and no encryption
3.AuthPriv in here MD5 and SHA used for authentication plus encryption.
Configuring SNMPv3:
To configure SNMPv3 we need the following
1. SNMP agent which is a Router or Switch (devices we need to connect to SNMP manager)
2. SNMP manager which is the (NMS)
we will configure the SNMP agents:
#snmp-server group CCIE v3 priv
this group will be configured with security model
Now we create the user for this group
#snmp-server user ADMIN CCIE v3 auth MD5 cisco priv AES 128 KEY123
Verify:
Router#show snmp user
User name: ADMIN
Engine ID: 800000090300AABBCC007000
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: CCIE
#show snmp group
groupname: CCIE security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active
Now we have finished configuring the (snmp agent) we will configure the NMS to add the router
all you need to do is add new device, specify the name, choose the snmp version 3 and add the authentication method and user and password and add.
No comments:
Post a Comment