SNMP - Engine ID


[SNMP - Simple Network Management Protocol](/snmp-simple-network-management-protocol) is used primarily to monitor and manage devices on computer networks.  There are several versions, with version 3 being the most recent iteration.

SNMPv3 supports both [authentication and encryption](/aaa) and has a new security model that works with users, groups, and three different security levels. Users will be applied to a group and access policies will be applied to a group so that you can determine what groups have read or read-write access and which MIBs (Management Information Bases) they should be able to access.

The three security levels that SNMPv3 offers are:

**NoAuthNoPriv** - NoAuth means no cryptographic authentication. Credentials (username and password) are still used, but there is no cryptographic mechanism to verify the authenticity of the message. NoPriv means no privacy of the contents of the SNMP messages, meaning there is no encryption of the payload.

**AuthNoPriv** - Auth means there is cryptographic authentication. It uses MD5 or SHA for this purpose. The authentication mechanism is actually applied to the associated user using the `snmp-server user` command. The NoPriv remains in this security model as described above.

**AuthPriv** - As in the previous model, Auth means cryptographic authentication is employed.  
Priv indicates that the whole SNMP packet is encrypted, which means if the packet is intercepted, it cannot be deciphered.

The security level is specified on a Cisco IOS device using the following command:

```
R1(config)#snmp-server group MYGROUP v3 ?
  auth    group using the authNoPriv Security Level
  noauth  group using the noAuthNoPriv Security Level
  priv    group using SNMPv3 authPriv security level
```

Once the `v3` keyword is used, it specifies SNMPv3, so you are then given the three options of the security level to use.

Once the security level is specified, the actual authentication and/or encryption is enabled and configured on the user.  For example:

```
R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY123 
```

The above command configures a user, using MD5 for authentication, and using AES128 for encryption.

Links:

https://forum.networklessons.com/t/how-to-configure-snmpv3-on-cisco-ios-router/1033/65?u=lagapides

https://forum.networklessons.com/t/how-to-configure-snmpv3-on-cisco-ios-router/1033/77?u=lagapidis

https://networklessons.com/cisco/ccie-routing-switching/how-to-configure-snmpv3-on-cisco-ios-router

SNMP - Version 3 security levels

Routing - Cisco Performance Routing (PfR)

Routing - Distance Vector Routing Protocols

Routing - Distance-vector routing protocol use cases

Routing - Dynamic routing protocols

Routing - How the routing table is populated

Routing - IP event dampening

Routing - Injecting a Static Route

Routing - Link State Routing Protocols

Routing - Link-State vs Distance-Vector routing protocols

Routing - Link-state routing protocol use cases

Routing - OER master and border routers

Routing - PfR MC and BR on same device

Routing - Using Anycast with BGP Multipath

Routing - address-family

Routing - default gateway

Routing - default routing using DHCP

Routing - directed broadcast

Routing - fully specified route

Routing - ip default-network command

Routing - l2transport

Routing - link-local IPv6 next hop address needs exit interface

Routing - network vs redistribute connected commands

Routing - redistribute command

Routing - redistribution and the routing table

Routing - route tagging

Routing - seed metrics

Routing - what is a WAN port

Routing - what is recursive routing

Routing NX-OS passive-interface default

Routing Table

Routing in both directions

Routing what if the administrative distance is the same

Routing

SD-WAN - EVE-NG connection options

SD-WAN - cEdge

SD-WAN - vAnalytics

SD-WAN - vBond

SD-WAN - vEdge full mesh

SD-WAN - vEdge vs cEdge

SD-WAN - vEdge

SD-WAN - vManage

SD-WAN - vSmart

SD-WAN set TLOC color

SD-WAN

SDN - what is orchestration

SG300-10 - InterVLAN routing defaults

SNMP - Index shuffling

SNMP - Simple Network Management Protocol

SNMP - snmp-server community and host commands

SNMP monitoring routing on a Nexus device

SNMP trap vs inform

SNMP walk

SPAN capturing control packets

SPAN multiple destination ports on Cisco IOS device

SPAN using VLANs as a source on a Nexus device

SPAN

SSH - domain-name prerequisite

SSH connectivity - troubleshooting

STP - Aging time reduction with a TCN

STP - BPDU generation and port roles

STP - BPDUGuard, BPDUFilter, and Portfast

STP - BPDUs on a switch where STP is disabled

STP - Disabling spanning-tree

STP - Dispute

STP - Learning State

STP - MST and PVST+ selecting root port

STP - MST maps groups of VLANs

STP - MST region attributes

STP - MST viewed as a single switch by PVST+

STP - Multiple Spanning Tree (MST)

STP - PVST+ and Rapid PVST+ interaction

STP - Per VLAN Spanning Tree plus (PVST+)

STP - RSTP EdgePort

STP - RSTP convergence process

STP - RSTP port roles

STP - RSTP prerequisites for immediate move to forward state

STP - RSTP proposal-agreement process

STP - RSTP while timer

STP - Shortest Path Bridging (SPB)

STP - Topology Change Acknowledgement (TCA)

STP - bridge priority

STP - determining the blocked port using port ID

STP - port identification

STP - port roles

STP - port states

STP - what bridge ID does the MST region use

STP - what is a topology change

STP BPDU Filter

STP BPDU Guard

STP BPDU Types

STP BPDU destination MAC address

STP Cost Calculation Methods

STP Loop Guard

STP Max Age

STP Message Age

STP PortFast

STP Portfast Options

SNMP - Version 3 security levels

Links to this page: