Configuring SNMPv3
Now we get to put the SNMPv3 concepts to use. We’ll look at two examples: configuring a Cisco router and setting up the Net-SNMP tools on a system running Unix. The concepts are the same for both entities; the only difference is how you configure SNMPv3.
Most of the work in administering SNMPv3 has to do with managing users and their passwords. It shouldn’t be surprising that the table of users, passwords, and other authentication information is just another SNMP table, called usmUser. The table’s full object ID is .iso.org.dod.internet.snmpV2.snmpModules.snmpUsmMIB.usmMIBObjects usmUser ; the numeric form is .1.3.6.1.6.3.15.1.2.
Configuring SNMPv3 for a Cisco Router
Chapter 7 describes how to configure SNMP on a Cisco router. This section assumes that you’re already familiar with IOS and that we don’t have to tell you the basics, such as how to log into the router and get to privileged mode. It also assumes that you’ve read Chapter 7 and have configured basic SNMP on your router.
The first task in configuring SNMPv3 is to define a view. To simplify things, we’ll create a view that allows access to the entire internet subtree:
router(config)#snmp-server view readview internet included
This command creates a view called readview. If
you want to limit the view to the system tree,
for example, replace internet
with
system
. The included
keyword
states that the specified tree should be included in the view; use
excluded
if you wanted to exclude a certain subtree. ...
Get Essential SNMP now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.