NMIS supports using SNMPv3 for securing the collection of sensivite network information. This is especially important from core switches and routers which if compromised could have a considerable business impact.
| Table of Contents |
|---|
Configuring Cisco IOS for SNMPv3
...
| Code Block |
|---|
snmp-server view NMIS8RO iso included snmp-server group NMIS8 v3 priv match exact read NMIS8RO snmp-server user nmis8 NMIS8 v3 auth md5 nmis4242 priv des nmis4242 |
To view the configured SNMP users
| Code Block |
|---|
asgard# show snmp user User name: nmis8 Engine ID: 800000090300001E13B18D00 storage-type: nonvolatile active Authentication Protocol: MD5 Privacy Protocol: DES Group-name: NMIS8 |
Testing your SNMPv3 Configuration with NET-SNMP
| Code Block |
|---|
snmpwalk -v 3 -l authPriv -u nmis8 -a md5 -A nmis4242 -x DES -X nmis4242 asgard .1.3.6.1.2.1.1 |
Configuring NMIS8 for SNMPv3
Change Nodes.nmis Configuration
You will need to modify the NMIS8 configuration to use SNMPv3, the user name, protocols and passwords need to match the above IOS configuration.
| Code Block |
|---|
'version' => 'snmpv3',
'authkey' => '',
'username' => 'nmis8',
'authpassword' => 'nmis4242',
'authprotocol' => 'md5',
'privpassword' => 'nmis4242',
'privprotocol' => 'des', |
Test SNMPv3 communication to the device
| Code Block |
|---|
/usr/local/nmis8/bin/nmis.pl type=collect node=asgard debug=true |
In the command output you are looking to verify that data was collected from the device, so any updates to an RRD will show that data was collected and is being stored.
| Code Block |
|---|
--snip--
11:19:02 updateRRD, DS MemoryUsedPROC:MemoryFreePROC:avgBusy5:avgBusy1:bufferFail:bufferElHit:MemoryFreeIO:bufferElFree:MemoryUsedIO
11:19:02 updateRRD, value N:19299276:27249732:3:2:0:810903:30345952:1118:4257056
--snip-- |
Ensure NMIS has the necessary encryption modules installed, it may be missing Crypt::DES
| Code Block |
|---|
install Crypt::DES |
install Crypt::DES