Reset Search
 

 

Article

How to set up SNMPv3 on EXOS

« Go Back

Information

 
TitleHow to set up SNMPv3 on EXOS
Objective
Configure SNMPv3 access in EXOS for Netsight or another SNMP application
Environment
EXOS All
Procedure
 
 

Sample SNMPv3 access configuration:
 

configure snmpv3 add user v3admin authentication md5 v3adminauth privacy des v3adminpriv
configure snmpv3 add group v3group user v3admin sec-model usm
configure snmpv3 add access v3group sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView
disable snmp access snmp-v1v2c
disable snmpv3 default-user
disable snmpv3 default-group

SNMPv3 configuration explained: 

SNMP consists of a user, group, and access level portion

This is the user portion:
configure snmpv3 add user <user> authentication m5 <authpassword> priv des <privpassword>
The user portion ties together the username, authentication type (md5 or SHA1), authentication password (<authpassword>), encryption type (des or aes) and the encryption key (<privpassword>). This is all the information required to actually de-encrypt and authenticate the SNMP messages.

The group portion: 
configure snmpv3 add group <group> user <user> sec-model usm
This portion ties the user to a specific group within the switch to be used with SNMPv3

The Access portion:
configure snmpv3 add access <group> sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView

This portion defines the authentication/encrypation level of the SNMP communication (auth only, auth/no priv, etc..) and also defines the groups access to MIBs for specific functions

Any user who has been defined in the group will have access to the MIB views that are configured. By default, the "defaultAdminView" is defined as Subtree 1.0, meaning all MIBs. You can define MIB views to restrict access to specific MIBs or MIB trees, and then configure that MIB view to be used as an allowed "read-view", "write-view", or "notify-view"
  • ready-view: MIBs that are allowed to be read on the device
  • write-view: MIBs that are allowed to be written to the device
  • notify-view: MIBs allowed to be used for traps/informs

The last three lines disable SNMPv1 and v2 access and disable the default SNMPv3 users and groups.
 
Additional notes
Alternatively, there is a script that will help you delete the existing SNMPv3 configuration and create a new one based on your Netsight/ExtremeManagement profile settings located at:
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/snmpassist

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255