SNMP v3 on Cisco Switch

Using these instructions I set up SNMP v3 on my Cisco 2950-T switch.


2950T-24>enable
Password:
2950T-24#conf t
2950T-24(config)#snmp-server view readview internet included
2950T-24(config)#snmp-server group readonly v3 auth read readview
2950T-24(config)#snmp-server user richard readonly v3 auth md5 bejtlichpass
Adding an snmpv3 user could cause a bootup delay,
do you wish to continue? (y/n)[confirm]y
2950T-24(config)#exit
2950T-24#

I was not able to use DES encryption because the switch does not have a crypto image. This output has the clues I need to track down what image I'm using.

orr:/home/richard$ snmpwalk -v3 -u richard -l authNoPriv -a MD5
-A bejtlichpass 192.168.2.2 system

SNMPv2-MIB::sysDescr.0 = STRING: Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Mar-03 02:14 by yenanh
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.359
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (128520) 0:21:25.20
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING: 2950T-24
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 2
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00

I believe a router I own has a crypto image, so to enable DES encryption of SNMP v3 packets I would say this instead:

2950T-24(config)#snmp-server user richard readonly v3 auth md5 bejtlichpass
priv des56 bejtlichpass

Comments

Anonymous said…
Very useful. Thanks :-)

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics