This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enable SNMPv3 with enhanced security

Enable SNMPv3 with enhanced security

Stephen_Stormon
Contributor

‎06-21-2018 05:09 PM

We are setting up some x460G2 and x440G2 units and we chose the initial option to use "enhanced security" which disables SNMP. We only use SNMPv3 in our environment. We followed the steps in the following link, but that isn't enough: https://extremeportal.force.com/ExtrArticleDetail?an=000083334

Our config currently looks like this, but we clearly need something else added to get SNMPv3 working:

configure snmpv3 add user "v3admin" engine-id authentication md5 auth-encrypted localized-key privacy privacy-encrypted localized-key
configure snmpv3 add group "v3group" user "v3admin" sec-model usm
configure snmpv3 add access "v3group" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
disable snmpv3 default-group

8 REPLIES 8

StephanH
Valued Contributor III
In response to Stephen_Stormon

‎06-21-2018 05:17 PM

Here is what you can do to clean up the config:

configure snmpv3 delete user "initial"
configure snmpv3 delete user "initialmd5"
configure snmpv3 delete user "initialsha"
configure snmpv3 delete user "initialmd5Priv"
configure snmpv3 delete user admin
configure snmpv3 delete user initialshaPriv
configure snmpv3 delete community "private"
configure snmpv3 delete community "public"

Regards Stephan
0 Kudos

StephanH
Valued Contributor III
In response to Stephen_Stormon

‎06-21-2018 05:17 PM

For a first step you setting are enough I think.

You should use AES and SHA (not md5) because it's more secure.
You do not need the setting the used did in you post.

If you want a clean system you can delete all inital user and the two group public and privat like in the small black window in your last link.

You added an new user "v3admin" and a new group in your config (your first post) and this user and group is enough for the snmpv3 communication.

Best regards
Stephan
Regards Stephan
0 Kudos

StephanH
Valued Contributor III

‎06-21-2018 05:16 PM

Stephen,

you can check these setting with "show management". In the answer you will find an entry like "SNMP access"

Best regards
Stephan
Regards Stephan
0 Kudos

StephanH
Valued Contributor III

‎06-21-2018 05:14 PM

Hello Stephen,

you have to add "enable snmp access" (if needed followed by snmpv3).

Best regards
Stephan
Regards Stephan
0 Kudos
GTM-P2G8KFN