Cisco SNMP V3 Basic Configuration
Description:
Here’s a quick configuration for SNMP V3 to allow remote polling of your Cisco IOS devices. In this example, an access list 99 is created to restrict who can use SNMP. You’ll want to change that in Line 1 to reflect your management server, or wherever you’ll be accessing the devices from. Change the SNMP group and user names in lines 3 and 4 to your own standard, along with the passwords. Finally, take note that certain devices or IOS versions may not be capable of SHA or AES 256. If this is the case, you may need to use a different authentication or encryption protocol which you can determine through context help. Down below there is an editable version of the code so you can make changes and copy/paste them to your device(s).
access-list 99 permit 10.0.0.0 0.0.0.255
access-list 99 deny any log
snmp-server group GROUPNAME v3 priv
snmp-server user USERNAME GROUPNAME v3 auth sha P@SSW0RD123! priv aes 256 K3Y12!@ access 99
- show snmp group
- show snmp user
- show snmp community (For SNMPv2 community strings)
- show ip access-lists (To view ACL used to restrict access to SNMP, if implemented)