Reset Search
 

 

Article

Is SNMPv3 default group needed for snmp v1v2c to work?

« Go Back

Information

 
TitleIs SNMPv3 default group needed for snmp v1v2c to work?
Question
Is SNMPv3 default group needed to run SNMPv2 to work?
Environment
EXOS All
Answer
  • SNMPv3 default-group needs to be enabled for successful authentication of  SNMPv2 default-groups-users for SNMP server requests. (Default user groups are the default SNMPv1/ SNMPv2c groups security Name (user) and mapping them to a community)         
    • Example: configure snmpv3 add community "1" name "test1" user "v1v2c_ro"  (Community "test1" mapped to default user-group "v1v2c_ro")
  • Disabling SNMPv3 default-group would only disable SNMPv1 and SNMPv2c default-group and default security-name under them.                                                                                                                                                                               
Note: The command only applies to Default-group and default user called under default group. Any user-defined non-default groups or non-default users called under default-group would continue to remain in 'active' state.               

Example: Below output is for the user "test2" called under default-group "v1v2c_rw"                                                                      
# configure snmpv3 add group "v1v2c_rw" user "test2" sec-model snmpv2c


EXOS # disable snmpv3 default-group
EXOS # show snmpv3 group

Group Name      : v1v2c_ro
Security Name   : v1v2c_ro
Security Model  : snmpv1
Storage Type    : NonVolatile
Row Status      : NotInService

Group Name      : v1v2c_rw
Security Name   : v1v2c_rw
Security Model  : snmpv1
Storage Type    : NonVolatile
Row Status      : NotInService

Group Name      : v1v2c_rw
Security Name   : test2
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : Active

Group Name      : v1v2c_ro
Security Name   : v1v2c_ro
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : NotInService

Group Name      : v1v2c_rw
Security Name   : v1v2c_rw
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : NotInService


When snmpv3 default-group is disabled, following generic message would been seen in the log -
11/30/2018 06:02:12.75 <Warn:SNMP.Master.AuthFail> Login failed through SNMPv1/v2c - bad community name (x.x.x.x)

Enable SNMPv3 default-group  to successfully authenticate default-users under default-group

EXOS # enable snmpv3 default-group
EXOS # show snmpv3 group

Group Name      : v1v2c_ro
Security Name   : v1v2c_ro
Security Model  : snmpv1
Storage Type    : NonVolatile
Row Status      : Active

Group Name      : v1v2c_rw
Security Name   : v1v2c_rw
Security Model  : snmpv1
Storage Type    : NonVolatile
Row Status      : Active

Group Name      : v1v2c_rw
Security Name   : test2
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : Active

Group Name      : v1v2c_ro
Security Name   : v1v2c_ro
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : Active

Group Name      : v1v2c_rw
Security Name   : v1v2c_rw
Security Model  : snmpv2c
Storage Type    : NonVolatile
Row Status      : Active

Total num. of entries in vacmSecurityToGroupTable : 5



 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255