Thursday, March 21, 2019

Confused with SNMPv3 and required configuration

I've been tasked with clearing SNMPv1/SNMPv2 and configuring all of our devices with SNMPv3. I'm slightly perplexed with how to go about this since I've seen numerous potential configurations online. I don't want to give too much power to our SNMP server (which is a SolarWinds server) since the only thing it really does outside of normal monitoring is perform configuration backups every night.

Is it safe to say that the following configuration is accurate?

ip access-list standard <ACL-NAME>

permit <SOLARWINDS-SERVER-IP-ADDRESS>

snmp-server group <GROUP-NAME> v3 priv access <ACL-NAME>

snmp-server user hasadmin has v3 auth sha <INSERT-PW-HERE> priv aes 128 <INSERT-PW-HERE> access <ACL-NAME>

I apologize as well as these questions might come off as stupid, but I simply would like to have a better grasp as to what I'm actually configuring here:

  1. Why do I need to specify an ACL for both the group and the user?
  2. What's the difference between using access or read when specifying the snmp-server group?
  3. Why do I need to specify the password twice when performing the snmp-server user command? Is this the same password?

I saw some other articles online referencing something like an engineID and so I'm just not sure where to get started.



No comments:

Post a Comment