../_images/openl2m_logo.png

Sample SNMP Configs

Below are example SNMP configurations for several switch vendors. Please note these are examples only, and by no means are the most secure. You should make sure that you implement SNMP access according to your organizations’ security policies and configuration standards!

We recommend v3, as it is most secure. The below examples of v3 configs use the “AuthPriv” mode, with SHA1/AES128 as the authentication and privacy protocols. Presently, more then AES-128 is NOT supported!

None of the examples use an access-list to protect snmp queries. We strongly recommend you implement that additional measure!

Cisco

There are many “flavors” of Cisco IOS, but something along the lines below may work. Note that this has not been tested on IOS-XR or Nexus devices.

  • Version 3 (recommended!):

snmp-server location DEVICE LOCATION
snmp-server contact YOUR CONTACT INFO
snmp-server view READ_ALL_VIEW iso included
snmp-server view WRITE_ALL_VIEW iso included
snmp-server group WRITE_GROUP v3 auth read READ_ALL_VIEW write WRITE_ALL_VIEW
# this next one is only needed on routers with VRF's defined:
snmp-server group WRITE_GROUP v3 auth context vlan- match prefix
snmp-server user WRITE_USER WRITE_GROUP v3 auth sha AUTH_PASSWORD priv aes 128 PRIV_PASSWORD
# this last one is not absolutely needed, but keeps logs synched between device reboots
snmp-server ifindex persist

  • Version 2c:

snmp-server location DEVICE LOCATION
snmp-server contact YOUR CONTACT INFO
snmp-server community V2C_WRITE_COMMUNITY RW
# this last one is not absolutely needed, but keeps logs synched between device reboots
snmp-server ifindex persist

Aruba / Procurve

  • Version 3 (recommended!):

snmp-server location "DEVICE LOCATION"
snmp-server contact "YOUR CONTACT INFO"
# enabling will create user ‘initial’
snmpv3 enable
no snmpv3 user initial
snmpv3 only
snmpv3 restricted-access
snmpv3 user WRITE_USER auth sha AUTH_PASSWORD priv aes PRIV_PASSWORD
snmpv3 group operatorauth user WRITE_USER sec-model ver3
snmpv3 group managerpriv user WRITE_USER sec-model ver3

  • Version 2c:

snmp-server location "DEVICE LOCATION"
snmp-server contact "YOUR CONTACT INFO"
snmp-server community "V2C_WRITE_COMMUNITY" Unrestricted

HPE Comware

  • Version 3 (recommended!):

snmp-agent
snmp-agent log all
snmp-agent sys-info version v3
snmp-agent sys-info location DEVICE LOCATION
snmp-agent sys-info contact YOUR CONTACT INFO
snmp-agent mib-view included WRITE_ALL_VIEW iso
snmp-agent group v3 WRITE_GROUP write-view WRITE_ALL_VIEW
snmp-agent usm-user v3 WRITE_USER WRITE_GROUP simple authentication-mode sha AUTH_PASSWORD privacy-mode aes128 PRIV_PASSWORD

  • Version 2c:

snmp-agent
snmp-agent log all
snmp-agent sys-info version v2c
snmp-agent sys-info location DEVICE LOCATION
snmp-agent sys-info contact YOUR CONTACT INFO
snmp-agent mib-view included WRITE_ALL_VIEW iso
snmp-agent community write V2C_WRITE_COMMUNITY mib-view WRITE_ALL_VIEW