SNMPv3

From VyOS Wiki
Jump to: navigation, search

Using SNMPv3

To start, we will create the usual SNMP meta-data, such as contat and location just as we would with SNMPv1:

   set service snmp contact 'Joe Smith'
   set service snmp listen-address 10.0.0.1
   set service snmp location 'New York'

Note that you should use single or double quotes if your string contains spaces.


Now, we will start configuring SNMPv3. All commands will use the set service snmp v3 prefix. The first step is to create an engineID in hexidecimal format.

   set service snmp v3 engineid '0x80001f8810b61f9921b417a48b00000'

The second step is to create an SNMP view. It will require both a text string ofr the name, and an OID, which you can create as well.

   set service snmp v3 view snmpview1 oid 1.2.3.4.5.6.7


With the view created, we must now create a group. The group will define SNMP parameters for SNMPv3 users (to be created in the next step). Here we will create a group, give this group read-only privileges, select the security level for the group,and lastly assign the group a view. It is strongly recommended to assign read-only privileges to SNMP.

   set service snmp v3 group group1 mode ro
   set service snmp v3 group group1 seclevel priv
   set service snmp v3 group group1 view snmpview1


Now that we have our view, and group created, we can create a user Lets do this step by step:

Create a username with password

   set service snmp v3 user user1 auth plaintext-key Password1

Define the hash algorithm for the password

   set service snmp v3 user user1 auth type sha

Assign the user a group

   set service snmp v3 user user1 group group1

Set the encryption key for the user to provide privacy for SNMP traffic

  set service snmp v3 user user1 privacy plaintext-key Privacykey1

Define encryption standard for privacy

   set service snmp v3 user user1 privacy type aes

You should now have the parameters in place to manage your VyOS node with SNMPv3.