Network Management Software
LUA Software development
Smart Infrastructure Control
Real Time data collection
Dynamic Map and Synoptic
Custom GUI Design
How to configure SNMP version 3 (SNMP v3) on Cisco routers
SNMP version 3 (SNMP V3) is designed to provide security enhancement to the SNMP protocol by adding authentication and encryption. Unlike in version 1, where identification was performed by community name, sent in clear text in the SNMP packets, the SNMP version 3 allows the use of advanced mechanisms that garanty a strong level of security. The inconvenient of this, is a more complex configuration on both sides, the agent and the manager, of the SNMP peer communication.
This How to is an example of setting of the SNMP agent located in a Cisco Router and the LoriotPro SNMP manager
Cisco SNMP version 3 (SNMPv3) is supported since the version 12.0.3T of the IOS. Verify that you have the good IOS version before starting the SNMP V3 configuration of LoriotPro and work with your Cisco router.
Remark: If you have problems for retreiving SNMP table contained in Cisco router, use the no snmp-server sparse-tables command.
The SNMPV3 support different types of authentication protocol (see rfc2574.TXT for more information).
Due to French government diffusion restriction LoriotPro includes only the NONE and HMAC-MD5-96 SNMP V3 authentication method.
We will first set and check a simple configuration in SNMP V3 without authentication.
This first table show an example of Cisco configuration.
his setting is sufficient if you want to read SNMP information. If you want to Set the SNMP values add these command lines.
Now it is possible to set the syslocation OID with the user LoriotNoAuthUser.
If you want to receive on LoriotPro SNMP notification through this profile add this line
Remarks about Notification (Equivalent to SNMPv1 Traps)
The SNMPV3 notifications received in the LoriotPro Event Manager have agreen circle and SNMPv3 writen in the middle.The SNMPV2c notification have one green circle and SNMPv2c written in the middle.
LoriotPro configuration :
In the Directory tree select your SNMP version 3 (SNMPv3) host (router). Before changing the configuration, verify with a ping the availability of the router.
Click on the <properties> option in the contextual menu or toolbar
In the host configuration window, select SNMPV3 in Global Host Parameters pane.
In the UserName filed add your user name, LoriotNoAuthUser in our example, and press quit.
Answer Yes to this question
If you get in return the following string, check the router configuration, you should have make a mistake.
The answer is like below, you can work in SNMPV3 with this host.
SNMP version 3 (SNMPv3) configuration with authentication
We now modify the previous setting and add authentication. The authentication method is HMAC-MD5-96.
If you want to receive notification through this profile add these command lines
LoriotPro configuration :
Repeat the same procedure than for the noauthentication method but select the correct values for md5 authentication like in the example below.
If the answer looks like that, you can work in SNMPV3 with this host.
Remark : You see the calculated KULL key (see rfc2475)
here under an example of snmp v3 packet get-request on the sysname object:
The get-response of the Cisco router
Dont forget to save your configuration before exiting LoriotPro. LoriotPro supports SNMP V1, SNMP V2c and SNMP V3. When you configure your host withSNMP V1, SNMP V2c or SNMP V3 parameters, LoriotPro use by default SNMP V3, else SNMP V2c in last SNMP V1. In 'Global Host Parameters' options even if the community are set but the V3 parameters are set, LoriotPro will use SNMPv3. You must clear the SNMP V3 parameters with the 'Clear' button in the 'SNMP version 3 (SNMPv3) Parameters Module' to force Loriotto use SNMPV2c or SNMPV1.
If you want more information concerning Cisco router configuration go to www.cisco.com