Cisco Systems ASA5515K9, ASA 5500 Using SNMP Version 3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter79 Configuring SNMP

Configuring SNMP

What to Do Next

See the “Monitoring SNMP” section on page79-26.

Using SNMP Version 3

To configure parameters for SNMP Version 3, perform the following steps:

Detailed Steps

Command Purpose

Step1 snmp-server group group-name v3

[auth | noauth | priv]

hostname(config)# snmp-server

group testgroup1 v3 auth

Specifies a new SNMP group, which is for use only with SNMP Version

3. When a community string is configured, two additional groups with the

name that matches the community string are autogenerated: one for the

Version 1 security model and one for the Version 2 security model. For

more information about security models, see the “Security Models”

section on page79-16. The auth keyword enables packet authentication.

The noauth keyword indicates no packet authentication or encryption is

being used. The priv keyword enables packet encryption and

authentication. No default values exist for the auth or priv keywords.

Step2 snmp-server user username

group-name {v3 [encrypted]] [auth

{md5 |sha]} auth-password [priv

[des |3des |aes]

[128 |192 |256] priv-password

hostname(config)# snmp-server

user testuser1 testgroup1 v3 auth

md5 testpassword aes 128

hostname(config)# snmp-server

user testuser1 public v3

encrypted auth md5

00:11:22:33:44:55:66:77:88:99:AA:

BB:CC:DD:EE:FF

Configures a new user for an SNMP group, which is for use only with

SNMP Version 3. The username argument is the name of the user on the

host that belongs to the SNMP agent. The group-name argument is the

name of the group to which the user belongs. The v3 keyword specifies

that the SNMP Version 3 security model should be used and enables the

use of the encrypted, priv, and the auth keywords. The encrypted

keyword specifies the password in encrypted format. Encrypted

passwords must be in hexadecimal format. The auth keyword specifies

which authentication level (md5 or sha) should be used. The priv

keyword specifies the encryption level. No default values for the auth or

priv keywords, or default passwords exist. For the encryption algorithm,

you can specify either the des, 3des, or aes keyword. You can also specify

which version of the AES encryption algorithm to use: 128, 192, or 256.

The auth-password argument specifies the authentication user password.

The priv-password argument specifies the encryption user password.

Note If you forget a password, you cannot recover it and you must

reconfigure the user. You can specify a plain-text password or a

localized digest. The localized digest must match the

authentication algorithm selected for the user, which can be either

MD5 or SHA. When the user configuration is displayed on the

console or is written to a file (for example, the

startup-configuration file), the localized authentication and

privacy digests are always displayed instead of a plain-text

password (see the second example). The minimum length for a

password is 1 alphanumeric character; however, we recommend

that you use at least 8 alphanumeric characters for security.

Contents