SNMP v3 Configuration
--------------------------------------------------
IOS Route
--------------------------------------------------
!--- Access-list defining SNMPv3 servers.
ip access-list standard permit-snmp-v3
permit [[ROUTER-SNMP-SERVER-1]]
permit [[ROUTER-SNMP-SERVER-2]]
deny any log
!
!--- Group creation with read-only privileges.
snmp-server group gp-snmp.monitoring v3 priv read RO access permit-snmp-v3
!
!--- User creation with relevant priv and auth protocols.
snmp-server user monitoring-server1 gp-snmp.monitoring v3 auth sha [[ROUTER-AUTH-PASSWORD]] priv aes 128 [[ROUTER-PRIV-PASSWORD]]
snmp-server user monitoring-server2 gp-snmp.monitoring v3 auth sha [[ROUTER-AUTH-PASSWORD]] priv aes 128 [[ROUTER-PRIV-PASSWORD]]
!
!--- Enable SNMP Traps to the relevant servers
snmp-server host [[ROUTER-SNMP-SERVER-1]] version 3 priv monitoring-server1
snmp-server host [[ROUTER-SNMP-SERVER-2]] version 3 priv monitoring-server2
!
--------------------------------------------------
IOS Switch
--------------------------------------------------
!--- Access-list defining SNMPv3 servers.
ip access-list standard permit-snmp-v3
permit [[SWITCH-SNMP-SERVER-1]]
permit [[SWITCH-SNMP-SERVER-2]]
deny any log
!
!--- Group creation with read-only privileges.
snmp-server group gp-snmp.monitoring v3 priv read RO access permit-snmp-v3
!
!--- User creation with relevant priv and auth protocols.
snmp-server user monitoring-server1 gp-snmp.monitoring v3 auth sha [[SWITCH-AUTH-PASSWORD]] priv aes 128 [[SWITCH-PRIV-PASSWORD]]
snmp-server user monitoring-server2 gp-snmp.monitoring v3 auth sha [[SWITCH-AUTH-PASSWORD]] priv aes 128 [[SWITCH-PRIV-PASSWORD]]
!
!--- Enable SNMP Traps to the relevant servers
snmp-server host [[SWITCH-SNMP-SERVER-1]] version 3 priv monitoring-server1
snmp-server host [[SWITCH-SNMP-SERVER-2]] version 3 priv monitoring-server2
!
--------------------------------------------------
NXOS
--------------------------------------------------
!--- User creation with relevant priv and auth protocols.
snmp-server user monitoring-server1 auth sha [[NXOS-AUTH-PASSWORD]] priv aes-128 [[NXOS-PRIV-PASSWORD]] localizedkey
snmp-server user monitoring-server2 auth sha [[NXOS-AUTH-PASSWORD]] priv aes-128 [[NXOS-PRIV-PASSWORD]] localizedkey
!
!--- Enable native SNMPv3 agent to conduct auth and priv for new users.
snmp-server globalEnforcePriv
!
!-- Apply read-only priviliges to the Users
snmp-server user monitoring-server1 network-operator
snmp-server user monitoring-server2 network-operator
!
--------------------------------------------------
ASA
--------------------------------------------------
!--- New group and user creation
snmp-server group gp-snmp.monitoring v3 priv
!
!--- User creation with relevant priv and auth protocols.
snmp-server user monitoring-server1 gp-snmp.monitoring v3 auth sha [[ASA-AUTH-PASSWORD]] priv aes 128 [[ASA-PRIV-PASSWORD]]
snmp-server user monitoring-server2 gp-snmp.monitoring v3 auth sha [[ASA-AUTH-PASSWORD]] priv aes 128 [[ASA-PRIV-PASSWORD]]
!
!--- Specify SNMPv3 server source interface.
snmp-server host [[ASA-SNMP-INTERFACE-NAME]] [[ASA-SNMP-SERVER-1]] version 3 monitoring-server1
snmp-server host [[ASA-SNMP-INTERFACE-NAME]] [[ASA-SNMP-SERVER-2]] version 3 monitoring-server2
!
--------------------------------------------------
WLC (AireOS)
--------------------------------------------------
!---Navigate to management > SNMP > General
Name: WLC
SNMP v3 Mode: Enable
!---Select SNMPv3 users > new
User Profile Name: monitoring-server1
Access Mode: Read Only
Authentication Protocol: HMAC-SHA
Auth Password: [[WLC-AUTH-PASSWORD]]
Privay Protocol: CFB-AES-128
Priv Password: [[WLC-PRIV-PASSWORD]]
User Profile Name: monitoring-server2
Access Mode: Read Only
Authentication Protocol: HMAC-SHA
Auth Password: [[WLC-AUTH-PASSWORD]]
Privay Protocol: CFB-AES-128
Priv Password: [[WLC-PRIV-PASSWORD]]
!---Apply > Save configuration
(Reboot)
Use this code to post the full script to your own page:
Use this code to post only the variables to your own page: