Documente Academic
Documente Profesional
Documente Cultură
This document will assist you in setting up SNMP v2 and SNMPv3 on Network Devices. This will be a live
document on Thwack, and is accessible from https://thwack.solarwinds.com/docs/DOC-172650
Quick Links:
Setup SNMPv2
Setup SNMPv3
Adding SNMPv3 Device in Solarwinds Web Console
Setup SNMPv3 Traps
Setup SNMv3 Wireless
Setup SNMPv3 Network Topology
Troubleshooting SNMPv3
Understanding SNMP:
When to use Read Only
SNMP Read Only (RO) is a basic security we recommend to ensure that users are not able to
make changes to devices.
When to use Read/Write
Read/Write (RW) is an additional function of SNMP that allows you to set configurations
through SNMP. Network Configuration Manager (NCM) needs RW in order to read configurations when
the configuration is pulled via SNMP. VoIP and Network Quality Manager (VNQM) needs, but is not
required, order to configure IP SLA operations on devices. Both of these apply only to Cisco Devices.
Why should I use SNMPv3 over SNMPv2?
SNMPv1 and SNMPv2 traffic data is sent in plain text from the devices to the Network
Management Server. SNMPv3 allows you to setup a higher security of a Username, Authentication
Password, and an encryption password
What additional Configuration steps do I need to take for full SNMPv3 access?
SNMPv3 is very different from other versions in that it requires the device to open additional
MIB and OID access to gain additional details. If you have SNMPv3 and you are not seeing Wireless or
Topology information, you will need to modify the configuration to allow the data to be seen. This will
be covered in our SNMPv3 Configuration area of this document.
Common SNMP Fields that Solarwinds Products read:
SNMP allows you to set the location of the device, and the Point of Contact for the devices. This
information is displayed in the Node Details Resource in the Node Details Page.
Most Devices support this information by utilizing the following commands:
snmp-server location <Location>
snmp-server contact <Contact>
Configuring SNMPv3:
This is for Basic setup for SNMPv3. This document was designed to get the device monitored
securely and to troubleshoot any Issues. This document is color coded to easily see which fields are
available and the description of the fields.
Before you start, you will need to come up with the following information for SNMP to work
SNMPv3 User Name
SNMPv3 View Name
SNMPv3 Group Name
In this example I have simplified it to easily understand when you are working in a User, Group, or
View. If after creation you are having issues monitoring the system, please see troubleshooting at
the bottom of this document.
Reference: SNMPv3
1. Command: Enable
2. Command: Config T
3. Create the View
a. Command: SNMP-Server view TestSNMPv3View Internet included
Note: ASA Command does not exist, this will default to standard view
TestSNMPv3View is the View Name
Note: If you see %Bad OID, then Internet does not exist, use ISO (if exists), or 1.3.6
I.
Included MIB Family is included in the view
II.
Excluded MIB Family is excluded from the view
4. Create the Group
. Command: SNMP-Server group TestSNMPv3Group v3 priv Read TestSNMPv3View Write
TestSNMPv3View
5.
6.
x.
xi.
Create a User
a. Command (same for ASA): SNMP-Server user TestSNMPv3User TestSNMPv3Group v3 auth
sha P@$$w0rd priv AES 256 P@$$w0rd
TestSNMPv3User is the User Name
i.
v1: Group using the v1 security model
ii.
v2c: Group using the v2c security model
iii.
v3: Group using the User security model (SNMPv3)
iv.
Access: Specify an access-list associated with this group
v.
Auth: Authentication parameters for the user
vi.
Encrypted: Specifying passwords as MD5 or SHA digests
vii.
MD5: Use HMAC MD5 algorithm for authentication
viii.
SHA: Use HMAC SHA algorithm for authentication
ix.
3DES: Use 168 bit 3DES algorithm for encryption
x.
AES: Use AES algorithm for encryption for 128, 192, and 256
Note: Entered as AES 128, AES 192, or AES 256
xi.
DES: Use 56 but DES algorithm for encryption
Note: Access can be used at the end for ACL use.
Send to Destination Host (ASA Only)
a. Command (ASA Only): SNMP-Server Host inside 10.10.1.1 version 3 TestSNMPv3Group
Note: 10.10.1.1 is the destination host (Solarwinds Server) that is able to monitor the
Device, if the IP Address of Solarwinds NPM is not in the list, then you will not be able to
add the Device
i.
inside Name of interface Vlan1
ii.
outside Name of interface Vlan2
Standard Cisco:
Cisco:enable
Cisco#config t
Enter configuration commands, one per line.
b.
Cisco ASA:
Cisco:enable
Cisco#config t
Cisco(config)# SNMP-Server group TestSNMPv3Group v3 priv
Cisco(config)# SNMP-Server user TestSNMPv3User TestSNMPv3Group v3 auth MD5
P@$$w0rd priv DES P@$$w0rd
Wireless:
When you have wireless Access Points or a Wireless Controller, you will need to allow a
specific MIB into the SNMP View to see the Clients, SNR, and Data transfer.
Add to your current View:
a. Command: SNMP-Server view TestSNMPv3View ieee802dot11 included
Important Commands to use to Remove existing configurations, please use ? for more options:
a. No snmp-server group
b. No snmp-server user
c. No snmp-server host
2.
2.
3.
4.
The view name we are looking for here is TestSNMPv3View, and you can
see it includes everything from Internet down
iii.
MIB Iso is 1. and below
Command: Show snmp group
a. Group view associates from the TestSNMPv3Group is the following:
i.
Read view: TestSNMPv3View
ii.
Write View: TestSNMPv3View
iii.
Security Model: v3 priv
Command: show snmp user
a.
b.
c.
Shows the current SNMP Configuration. Note that this is the exact same configuration
as in step 7, and the password is encrypted.
Also Note the Host and the Interface it is going out on