Difference between revisions of "SNMP v.3"
From Zenitel Wiki
| Line 1: | Line 1: | ||
| − | + | This article describes how to open for SNMPv3 on Turbine and Exigo devices. SNMPv3 Traps are not implemented. | |
| − | |||
| − | + | SNMPv3 supports authentication of user/requester based on the protocols MD5 or SHA, and encryption of data (payload) based on the protocol DES. | |
| − | + | To open for SNMPv3, the snmpd.conf file already existing on the device can be modified. If only SNMP v1/v2c are to be used, this can be changed from the web interface of the device, '''Advanced Network > SNMP'''. | |
| − | + | For SNMPv3 one can use this file as a template to start with. If v1/v2c is to be available in parallel to v3, one can look at the snmpd.conf from '''Advanced Network > SNMP''' and select "View custom snmpd.conf" and copy/change/add what is is v1/v2c specific to the new snmpd.conf file, or select "Download custom snmpd.conf" file and add v3 specific congiguration to the file. | |
| − | + | Link to Net-SNMPv3: http://www.net-snmp.org/wiki/index.php/TUT:SNMPv3_Options | |
| − | + | It is possible to define multiple "usm" (User-based Security Model) parameters, below is what is considered to be a minimum. "usm" parameters are used with SNMPv3 only. | |
| + | |||
| + | |||
| + | Example snmpd.conf for v3: | ||
---- | ---- | ||
Revision as of 12:52, 8 January 2020
This article describes how to open for SNMPv3 on Turbine and Exigo devices. SNMPv3 Traps are not implemented.
SNMPv3 supports authentication of user/requester based on the protocols MD5 or SHA, and encryption of data (payload) based on the protocol DES.
To open for SNMPv3, the snmpd.conf file already existing on the device can be modified. If only SNMP v1/v2c are to be used, this can be changed from the web interface of the device, Advanced Network > SNMP.
For SNMPv3 one can use this file as a template to start with. If v1/v2c is to be available in parallel to v3, one can look at the snmpd.conf from Advanced Network > SNMP and select "View custom snmpd.conf" and copy/change/add what is is v1/v2c specific to the new snmpd.conf file, or select "Download custom snmpd.conf" file and add v3 specific congiguration to the file.
Link to Net-SNMPv3: http://www.net-snmp.org/wiki/index.php/TUT:SNMPv3_Options
It is possible to define multiple "usm" (User-based Security Model) parameters, below is what is considered to be a minimum. "usm" parameters are used with SNMPv3 only.
Example snmpd.conf for v3:
master agentx # # SNMPv3 specific config # # Minimum generic setup for authentication only # createUser descriptiveUserName [MD5 or SHA] "your Auth Password" # rouser descriptiveUserName # # Minimum generic setup for authentication and privacy/encryption # createUser anotherDescriptiveUserName [MD5 or SHA] "your Auth Password" DES "your Priv Password" # rouser anotherDescriptiveUserName
# # If only authentication using MD5 is wanted # createUser userAuthMD5NoPriv MD5 "authPasswordMD5" rouser userAuthMD5NoPriv
# # If only authentication using SHA is wanted # createUser userAuthSHANoPriv SHA "authPasswordSHA" rouser userAuthSHANoPriv
# # If authentication using MD5 and privacy/encryption using DES is wanted # createUser userAuthMD5PrivDE MD5 "authPasswordMD5" DES "privPasswordDES" rouser userAuthMD5PrivDES
# # If authentication using SHA and privacy/encryption using DES is wanted # createUser userAuthSHAPrivDES SHA "authPasswordSHA" DES "privPasswordDES" rouser userAuthSHAPrivDES
Ved request av både autentisering og kryptering kan feks en snmpwalk sekvens se slik ut:
snmpwalk -v 3 -u userAuthMD5PrivDES -l authPriv -a MD5 -A "authPasswordMD5" -x DES -X "privPasswordDES" 192.168.50.21 1.3.6.1.4.1.26122.3.1 iso.3.6.1.4.1.26122.3.1.1.0 = STRING: "5.1.2.5 (vsft)" iso.3.6.1.4.1.26122.3.1.2.0 = STRING: "Stentofon Exigo Amplifier ENA2" iso.3.6.1.4.1.26122.3.1.3.0 = INTEGER: 8330 iso.3.6.1.4.1.26122.3.1.4.0 = STRING: "ENA2200" iso.3.6.1.4.1.26122.3.1.5.0 = STRING: "3.10.0[st_dev]+ #1 PREEMPT Fri Jan 3 12:48:10 CET 2020" iso.3.6.1.4.1.26122.3.1.6.0 = STRING: "07" iso.3.6.1.4.1.26122.3.1.7.0 = INTEGER: 2
Ved kun autentisering kan feks en snmpwalk sekvens se slik ut:
snmpwalk -v 3 -u userAuthSHANoPriv -a SHA -A "authPasswordSHA" -l authNoPriv 192.168.50.21 1.3.6.1.4.1.26122.3.1 iso.3.6.1.4.1.26122.3.1.1.0 = STRING: "5.1.2.5 (vsft)" iso.3.6.1.4.1.26122.3.1.2.0 = STRING: "Stentofon Exigo Amplifier ENA2" iso.3.6.1.4.1.26122.3.1.3.0 = INTEGER: 8330 iso.3.6.1.4.1.26122.3.1.4.0 = STRING: "ENA2200" iso.3.6.1.4.1.26122.3.1.5.0 = STRING: "3.10.0[st_dev]+ #1 PREEMPT Fri Jan 3 12:48:10 CET 2020" iso.3.6.1.4.1.26122.3.1.6.0 = STRING: "07" iso.3.6.1.4.1.26122.3.1.7.0 = INTEGER: 2
-v : snmp protocol version, param: 3 -u : securityName, param: free text -l : securityLevel, param: noAuthNoPriv | authNoPriv | authPriv -a: authentcation protocol, param: MD5 | SHA -A : authentication password, param: free text -x : privacy/encryption protocol, param: DES -X : privacy/encryption password, param: free text
Hvis det kun skal være mulighet for SNMPv3 med autentisering og privacy/kryptering kan for eksempel snmpd.conf se slik ut:
master agentx createUser theAuthSHAPrivDES SHA "the SHA Password" DES "the DES Password" rouser theAuthSHAPrivDES
og for å liste ut data:
snmpwalk -v 3 -u theAuthSHAPrivDES -l authPriv -a SHA -A "the SHA Password" -x DES -X "the DES Password" <ip-address> <OID>