Using snmp version 3 – Cisco ASA 5505 User Manual
Page 1803
79-23
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 79 Configuring SNMP
Configuring SNMP
What to Do Next
See the
“Monitoring SNMP” section on page 79-26
Using SNMP Version 3
To configure parameters for SNMP Version 3, perform the following steps:
Detailed Steps
Command
Purpose
Step 1
snmp-server group
group-name v3
[auth | noauth | priv]
Example:
hostname(config)# snmp-server
group testgroup1 v3 auth
Specifies a new SNMP group, which is for use only with SNMP Version
3. When a community string is configured, two additional groups with the
name that matches the community string are autogenerated: one for the
Version 1 security model and one for the Version 2 security model. For
more information about security models, see the
. The auth keyword enables packet authentication.
The noauth keyword indicates no packet authentication or encryption is
being used. The priv keyword enables packet encryption and
authentication. No default values exist for the auth or priv keywords.
Step 2
snmp-server user
username
group-name {v3 [encrypted]] [auth
{md5 | sha]} auth-password [priv
[des | 3des | aes]
[128 | 192 | 256] priv-password
Example:
hostname(config)# snmp-server
user testuser1 testgroup1 v3 auth
md5 testpassword aes 128
mypassword
hostname(config)# snmp-server
user testuser1 public v3
encrypted auth md5
00:11:22:33:44:55:66:77:88:99:AA:
BB:CC:DD:EE:FF
Configures a new user for an SNMP group, which is for use only with
SNMP Version 3. The username argument is the name of the user on the
host that belongs to the SNMP agent. The group-name argument is the
name of the group to which the user belongs. The v3 keyword specifies
that the SNMP Version 3 security model should be used and enables the
use of the encrypted, priv, and the auth keywords. The encrypted
keyword specifies the password in encrypted format. Encrypted
passwords must be in hexadecimal format. The auth keyword specifies
which authentication level (md5 or sha) should be used. The priv
keyword specifies the encryption level. No default values for the auth or
priv keywords, or default passwords exist. For the encryption algorithm,
you can specify either the des, 3des, or aes keyword. You can also specify
which version of the AES encryption algorithm to use: 128, 192, or 256.
The auth-password argument specifies the authentication user password.
The priv-password argument specifies the encryption user password.
Note
If you forget a password, you cannot recover it and you must
reconfigure the user. You can specify a plain-text password or a
localized digest. The localized digest must match the
authentication algorithm selected for the user, which can be either
MD5 or SHA. When the user configuration is displayed on the
console or is written to a file (for example, the
startup-configuration file), the localized authentication and
privacy digests are always displayed instead of a plain-text
password (see the second example). The minimum length for a
password is 1 alphanumeric character; however, we recommend
that you use at least 8 alphanumeric characters for security.