...
The first step is to enable SNMPv3 on in the /etc/snmp/snmpd.conf file, then restart the daemon.
Required Linux SNMPD Configuration for SNMPv3 communication to
...
NMIS9
Add the following configuration to the top, edit the /etc/snmp/snmpd.conf file as the root user, e.g.
...
| Code Block |
|---|
/usr/local/nmis9/bin/admin/testtests.pl act=snmp node=NODENAME |
...
Update NMIS GUI to show new options
| Code Block |
|---|
# Make a copy of original incase you have customization and forget to add it # If command says it doesnt exisit you can skip to next command sudo cp /usr/local/nmis9/contrib/conf/Table-Nodes.nmis /usr/local/nmis9/conf/Table-Nodes.nmis.bak # Adding in new SNMPv3 Options sudo cp /usr/local/nmis9/contrib/perl-net-snmp-256/Table-Nodes.nmis /usr/local/nmis9/conf |
...
| Vendor / Operating System | SHA | AES | NMIS Considerations | |
|---|---|---|---|---|
| Cisco IOS | SHA1 | AES256 | "aes256c " needs to be configured as the entry.configuration.privprotocol " value in NMIS | |
| SHA1 | AES192 | "aes192c " needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| SHA1 | AES128 | |||
| Cisco NX-OS | SHA1 | AES128 | ||
| SHA256 | AES128 | |||
| Fortinet | SHA1 | SHA256CAES | ||
| SHA224 | AES256 Cisco | sha224 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | ||
| SHA256 | AES256 Cisco | sha256 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol value | ||
| SHA384 | AES256 Cisco | sha384 | AES256C | "sha256" needs to be configured as the entry.configuration.authprotocol " value in NMIS AND "aes256c" value AND aes256c needs to be configured as the entry.configuration.privprotocol value |
| SHA512 | AES256 Cisco | sha512 needs to be configured as the entry.configuration.authprotocol value AND aes256c needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| Palo Alto | SHA1 | AES128 | ||
| SHA224 | AES128 | |||
| SHA256 | AES128 | |||
| SHA384 | AES128 | |||
| SHA224 | AES192 | "aes192c" needs aes192c needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| SHA256 | AES192 | "aes192c" needs aes192c needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| SHA256 | AES256 | "aes256c " needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| SHA384 | AES192 | "aes192c " needs to be configured as the entry.configuration.privprotocol " value in NMIS | ||
| SHA384 | AES256 | aes256c needs to be configured as the entry.configuration.privprotocol value | ||
| NET-SNMP (Tested on v5.8 with Ubuntu 20.04) | SHA512 | AES128 | sha512 "aes256c" needs to be configured as the entry.configuration.privprotocol" authprotocol value in NMIS |
You may notice that when configuring SNMPv3 on a (for example) Cisco IOS device that there is not an explicit AES192C/AES256C in the command, rather it is needed to be defined as AES 192 and/or AES 256.
...