Versions Compared

Old Version 16

changes.mady.by.user Mitchell Saunders

Saved on

compared with

New Version Current

changes.mady.by.user Ross Tanner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The first step is to enable SNMPv3 on in the /etc/snmp/snmpd.conf file, then restart the daemon.

Required Linux SNMPD Configuration for SNMPv3 communication to

...

NMIS9

Add the following configuration to the top, edit the /etc/snmp/snmpd.conf file as the root user, e.g.

...

Code Block
/usr/local/nmis9/bin/admin/testtests.pl act=snmp node=NODENAME

...

Update NMIS GUI to show new options

Code Block
# Make a copy of original incase you have customization and forget to add it
# If command says it doesnt exisit you can skip to next command
sudo cp /usr/local/nmis9/contrib/conf/Table-Nodes.nmis /usr/local/nmis9/conf/Table-Nodes.nmis.bak
# Adding in new SNMPv3 Options
sudo cp /usr/local/nmis9/contrib/perl-net-snmp-256/Table-Nodes.nmis /usr/local/nmis9/conf

...

This is by no means a comprehensive list of the products we support.

Vendor / Operating SystemSHAAES
Cisco IOSSHA1AES256CCisco IOS
NMIS Considerations
Cisco IOSSHA1
AES192C
AES256aes256c needs to be configured as the entry.configuration.privprotocol value
SHA1AES192aes192c needs to be configured as the entry.configuration.privprotocol value
SHA1AES128
Cisco NX
-OSSHA1AES128Cisco NX-OSSHA256AES128FortinetSHA256C
-OSSHA1AES128
SHA256AES128
FortinetSHA1AES
SHA224AES256 Ciscosha224 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value
SHA256AES256 Ciscosha256 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value
SHA384AES256 Ciscosha384 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value
SHA512AES256 Ciscosha512 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value
Palo AltoSHA1AES128
SHA224AES128
SHA256AES128
SHA384AES128
SHA224AES192aes192c needs to be configured as the entry.configuration.privprotocol value
SHA256AES192aes192c needs to be configured as the entry.configuration.privprotocol value
SHA256AES256aes256c needs to be configured as the entry.configuration.privprotocol value
SHA384AES192aes192c needs to be configured as the entry.configuration.privprotocol value
SHA384AES256aes256c needs to be configured as the entry.configuration.privprotocol value
NET-SNMP (Tested on v5.8 with Ubuntu 20.04)SHA512AES128sha512 needs to be configured as the entry.configuration.authprotocol value
AES256C

You may notice that when configuring SNMPv3 on a (for example) Cisco IOS device that there is not an explicit AES192C/AES256C in the command, rather it is needed to be defined as AES 192 and/or AES 256.

When configuring the device for NMIS, you will need to explicitly tell it to use AES192C/AES256C using node_admin.pl (example covered previously).

Related Topics

...