SNMPv3 Support in InterMapper
InterMapper has supported SNMP version 3 since version 4.4 was released in 2005. In addition to providing the management information and statistics or the earlier SNMPv1 and SNMPv2c versions, SNMPv3 provides security and authentication. This prevents attacks from other equipment spoofing credentials, impersonating the device, or eavesdropping on the information that is transmitted.
SNMPv3 credentials employ five items instead of the single "community string" of SNMPv1 and SNMPv2c. You fill these fields in the Set Probe... window when you select SNMPv3. Here's a screen shot.
- User Name
- Authentication method (e.g., MD5, SHA, or none)
- Authentication key
- Privacy method (e.g., DES, AES, or none)
- Privacy key
Each of these must first be configured into your router, and the corresponding values should be entered into the Set Probe... window. For example, you can use these commands to configure the router:
| Code: |
# Configuration Commands for Cisco IOS
R1(config)#snmp-server group MYGROUP v3 priv
R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY123 |
and then test with an InterMapper probe set like this:
- User Name: MYUSER
- Authentication method: MD5
- Authentication key: MYPASS123
- Privacy method: AES
- Privacy key: MYKEY123
... or test from the command line with:
| Code: |
| % snmpwalk -v3 -u MYUSER -l AuthPriv -a md5 -A MYPASS123 -x aes -X MYKEY123 192.168.82.138 |
Note: The process described above works for Cisco and most other network equipment. However, the configuration facilities for certain equipment cannot generate the SNMP credentials by entering a simple string for the authentication and privacy keys. The process described in the SNMPv3 auth and privacy keys tech note may help you configure your equipment and then update the SNMPv3 credentials in InterMapper.
