ExtremeSwitching (EXOS)

Expand all | Collapse all

Enable SNMPv3 with enhanced security

  • 1.  Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:09

    We are setting up some x460G2 and x440G2 units and we chose the initial option to use "enhanced security" which disables SNMP. We only use SNMPv3 in our environment. We followed the steps in the following link, but that isn't enough: https://extremeportal.force.com/ExtrArticleDetail?an=000083334

    Our config currently looks like this, but we clearly need something else added to get SNMPv3 working:

    configure snmpv3 add user "v3admin" engine-id [i] authentication md5 auth-encrypted localized-key privacy privacy-encrypted localized-key
    configure snmpv3 add group "v3group" user "v3admin" sec-model usm
    configure snmpv3 add access "v3group" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
    disable snmpv3 default-group



  • 2.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:14
    Hello Stephen,

    you have to add "enable snmp access" (if needed followed by snmpv3).

    Best regards
    Stephan


  • 3.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:16
    Stephen,

    you can check these setting with "show management". In the answer you will find an entry like "SNMP access"

    Best regards
    Stephan


  • 4.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17
    Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...


  • 5.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17
    For a first step you setting are enough I think.

    You should use AES and SHA (not md5) because it's more secure.
    You do not need the setting the used did in you post.

    If you want a clean system you can delete all inital user and the two group public and privat like in the small black window in your last link.

    You added an new user "v3admin" and a new group in your config (your first post) and this user and group is enough for the snmpv3 communication.

    Best regards
    Stephan


  • 6.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17
    Here is what you can do to clean up the config:

    configure snmpv3 delete user "initial"
    configure snmpv3 delete user "initialmd5"
    configure snmpv3 delete user "initialsha"
    configure snmpv3 delete user "initialmd5Priv"
    configure snmpv3 delete user admin
    configure snmpv3 delete user initialshaPriv
    configure snmpv3 delete community "private"
    configure snmpv3 delete community "public"



  • 7.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17
    Is AES256 supported by Extreme Management Center? Devices were reporting in when I had it set to 128, but then Management Center lost contact when I upped it to AES256.


  • 8.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17

    No,

    here you can see the official answer:
    https://extremeportal.force.com/ExtrArticleDetail?an=000089655



  • 9.  RE: Enable SNMPv3 with enhanced security

    Posted 06-21-2018 17:17
    Strange that the switch still lets you configure it even though it isn't supported. Thanks for all of the help!