Enable SNMPv3 with enhanced security


Userlevel 1
We are setting up some x460G2 and x440G2 units and we chose the initial option to use "enhanced security" which disables SNMP. We only use SNMPv3 in our environment. We followed the steps in the following link, but that isn't enough: https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-set-up-SNMPv3-on-EXOS

Our config currently looks like this, but we clearly need something else added to get SNMPv3 working:

configure snmpv3 add user "v3admin" engine-id [i] authentication md5 auth-encrypted localized-key privacy privacy-encrypted localized-key
configure snmpv3 add group "v3group" user "v3admin" sec-model usm
configure snmpv3 add access "v3group" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
disable snmpv3 default-group

8 replies

Userlevel 5
Hello Stephen,

you have to add "enable snmp access" (if needed followed by snmpv3).

Best regards
Stephan
Userlevel 5
Stephen,

you can check these setting with "show management". In the answer you will find an entry like "SNMP access"

Best regards
Stephan
Userlevel 1
Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...
Userlevel 5
Stephen Stormont wrote:

Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...

For a first step you setting are enough I think.

You should use AES and SHA (not md5) because it's more secure.
You do not need the setting the used did in you post.

If you want a clean system you can delete all inital user and the two group public and privat like in the small black window in your last link.

You added an new user "v3admin" and a new group in your config (your first post) and this user and group is enough for the snmpv3 communication.

Best regards
Stephan
Userlevel 5
Stephen Stormont wrote:

Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...

Here is what you can do to clean up the config:

configure snmpv3 delete user "initial"
configure snmpv3 delete user "initialmd5"
configure snmpv3 delete user "initialsha"
configure snmpv3 delete user "initialmd5Priv"
configure snmpv3 delete user admin
configure snmpv3 delete user initialshaPriv
configure snmpv3 delete community "private"
configure snmpv3 delete community "public"
Userlevel 1
Stephen Stormont wrote:

Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...

Is AES256 supported by Extreme Management Center? Devices were reporting in when I had it set to 128, but then Management Center lost contact when I upped it to AES256.
Userlevel 5
Stephen Stormont wrote:

Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...

No,

here you can see the official answer:
https://gtacknowledge.extremenetworks.com/articles/Q_A/Does-Extreme-Management-Center-support-SNMPv3...
Userlevel 1
Stephen Stormont wrote:

Well that was easy and somewhat embarrassing. Just to confirm, none of these other settings that this user refers to are needed, correct? https://www.virtualizationhowto.com/2015/09/enable-snmpv3-on-summit-xos-switch-configured-with-enhan...

Strange that the switch still lets you configure it even though it isn't supported. Thanks for all of the help!

Reply