SNMP V3 Example

Cisco SNMP V3 Basic Configuration

Description:
Here’s a quick configuration for SNMP V3 to allow remote polling of your Cisco IOS devices. In this example, an access list 99 is created to restrict who can use SNMP. You’ll want to change that in Line 1 to reflect your management server, or wherever you’ll be accessing the devices from. Change the SNMP group and user names in lines 3 and 4 to your own standard, along with the passwords. Finally, take note that certain devices or IOS versions may not be capable of SHA or AES 256. If this is the case, you may need to use a different authentication or encryption protocol which you can determine through context help. Down below there is an editable version of the code so you can make changes and copy/paste them to your device(s).

[divider]

[tabs]

[tab title=”View Configuration”]
View the configuration:

access-list 99 permit 10.0.0.0 0.0.0.255
access-list 99 deny any log
snmp-server group GROUPNAME v3 priv
snmp-server user USERNAME GROUPNAME v3 auth sha P@SSW0RD123! priv aes 256 K3Y12!@ access 99

[/tab]
[tab title=”Edit Configuration”]
Edit and Use:

access-list 99 permit 10.0.0.2 0.0.0.255
access-list 99 deny any log
snmp-server group GROUPNAME v3 priv
snmp-server user USERNAME GROUPNAME v3 auth sha P@SSW0RD123! priv aes 256 K3Y12!@ access 99

[/tab]
[tab title=”Show Commands”]

• show snmp group
• show snmp user
• show snmp community   (For SNMPv2 community strings)
• show ip access-lists  (To view ACL used to restrict access to SNMP, if implemented)

[/tab]
[/tabs]

[button color=”blue” size=”medium” align=”center” style=”lessround” target=”_blank” link=”http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html” ]View More Documentation[/button]