SNMPv3

Enable v3, disable v1 and v2c

Need to use v3 only and disable v1 and v2c.

In /etc/snmp/snmpd.conf delete or comment the community names that are used for v1 and v2c (for example):

rocommunity public 127.0.0.1

Your default community names may not exactly be called “public”

Restart the snmpd daemon.

# /etc/init.d/snmpd restart

Verify that the SNMPv1 and SNMPv2c access is disabled using the snmpwalk utility:

# snmpwalk -v1 -c public localhost
Timeout: No Response from localhost

# snmpwalk -v2c -c public localhost
Timeout: No Response from localhost

Then, to setup encryption (which, as far as I understand is the difference from v2c to v3) add following to snmpd.conf:

createUser authOnlyUser MD5 “secretPassword-1”
createUser authPrivUser SHA “secretPassword-2” DES
createUser internalUser MD5 “secretPassword-3”

Restart the snmpd daemon.

# /etc/init.d/snmpd restart

Test out via command line from client (IP address is for my server and OID):

snmpget -v 3 -u authPrivUser -l authPriv -a SHA -x DES -A secretPassword-2 -X secretPassword-2 192.168.13.79 .1.3.6.1.2.1.1.1.0

… and get back something to the effect of the following:

iso.3.6.1.2.1.1.1.0 = STRING: “Linux imxswitch 4.14.55-tlx.3b-armv7-x4 #8 SMP PREEMPT Wed Oct 24 11:42:35 EDT 2018 armv7l”

Also, I use MB-Soft’s MIB Browser. Configure information as follows based on the above command line which worked:

Leave a Reply

Your email address will not be published. Required fields are marked *