Now we get to put the SNMPv3 concepts to use. We’ll look at two examples: configuring a Cisco router and setting up the Net-SNMP tools on a system running Unix. The concepts are the same for both entities; the only difference is how you configure SNMPv3.
Most of the work in administering SNMPv3 has to do with managing users and their passwords. It shouldn’t be surprising that the table of users, passwords, and other authentication information is just another SNMP table, called usmUser. The table’s full object ID is .iso.org.dod.internet.snmpV2.snmpModules.snmpUsmMIB.usmMIBObjects usmUser ; the numeric form is .188.8.131.52.184.108.40.206.2.
Chapter 7 describes how to configure SNMP on a Cisco router. This section assumes that you’re already familiar with IOS and that we don’t have to tell you the basics, such as how to log into the router and get to privileged mode. It also assumes that you’ve read Chapter 7 and have configured basic SNMP on your router.
The first task in configuring SNMPv3 is to define a view. To simplify things, we’ll create a view that allows access to the entire internet subtree:
snmp-server view readview internet included
This command creates a view called readview. If
you want to limit the view to the system tree,
for example, replace
states that the specified tree should be included in the view; use
excluded if you wanted to exclude a certain subtree. ...