...
The first step is to enable SNMPv3 on in the /etc/snmp/snmpd.conf file, then restart the daemon.
Required Linux SNMPD Configuration for SNMPv3 communication to
...
NMIS9
Add the following configuration to the top, edit the /etc/snmp/snmpd.conf file as the root user, e.g.
...
Code Block |
---|
/usr/local/nmis9/bin/admin/testtests.pl act=snmp node=NODENAME |
...
Update NMIS GUI to show new options
Code Block |
---|
# Make a copy of original incase you have customization and forget to add it # If command says it doesnt exisit you can skip to next command sudo cp /usr/local/nmis9/contrib/conf/Table-Nodes.nmis /usr/local/nmis9/conf/Table-Nodes.nmis.bak # Adding in new SNMPv3 Options sudo cp /usr/local/nmis9/contrib/perl-net-snmp-256/Table-Nodes.nmis /usr/local/nmis9/conf |
...
This is by no means a comprehensive list of the products we support.
Vendor / Operating System | SHA | AES |
---|
NMIS Considerations | |
---|---|
Cisco IOS | SHA1 |
AES256 | aes256c needs to be configured as the entry.configuration.privprotocol value | |
SHA1 | AES192 | aes192c needs to be configured as the entry.configuration.privprotocol value |
SHA1 | AES128 | |
Cisco NX |
-OS | SHA1 | AES128 | |
SHA256 | AES128 | ||
Fortinet | SHA1 | AES | |
SHA224 | AES256 Cisco | sha224 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | |
SHA256 | AES256 Cisco | sha256 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | |
SHA384 | AES256 Cisco | sha384 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | |
SHA512 | AES256 Cisco | sha512 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | |
Palo Alto | SHA1 | AES128 | |
SHA224 | AES128 | ||
SHA256 | AES128 | ||
SHA384 | AES128 | ||
SHA224 | AES192 | aes192c needs to be configured as the entry.configuration.privprotocol value | |
SHA256 | AES192 | aes192c needs to be configured as the entry.configuration.privprotocol value | |
SHA256 | AES256 | aes256c needs to be configured as the entry.configuration.privprotocol value | |
SHA384 | AES192 | aes192c needs to be configured as the entry.configuration.privprotocol value | |
SHA384 | AES256 | aes256c needs to be configured as the entry.configuration.privprotocol value | |
NET-SNMP (Tested on v5.8 with Ubuntu 20.04) | SHA512 | AES128 | sha512 needs to be configured as the entry.configuration.authprotocol value |
You may notice that when configuring SNMPv3 on a (for example) Cisco IOS device that there is not an explicit AES192C/AES256C in the command, rather it is needed to be defined as AES 192 and/or AES 256.
When configuring the device for NMIS, you will need to explicitly tell it to use AES192C/AES256C using node_admin.pl (example covered previously).
Related Topics
...