Here are the steps to configure SNMPv3 on a router and opmanager. Lets configure a privileged user called Henry with the relevant details below.
username : Henry
authProtocol : MD5
privProtocol : DES
authPassword : authUser
privPassword : privUser
Configure the user in router using the following commands,
1. First telnet the router . Enable the console mode using command 'enable'
Router> enable
2. Enter in to configuration mode using the command 'configure terminal'
Router# configure terminal
3. Create the view for read / write / notify. Here we have to give oid-tree which can be accessible using that view. View can be created using the command 'snmp-server view view-name oid-tree { included | excluded } '
Router(config)# snmp-server view readview iso included
Router(config)# snmp-server view writeview iso included
Router(config)# snmp-server view notifyview iso included
4. Create the user group and associate the above created view with that group. Command used for this is ' snmp-server group [group-name {v1 | v2c | v3 [auth | noauth | priv]}] [read read-view] [write write-view] [notify notify-view] [access access-list]'
Router(config)# snmp-server group privGroup v3 priv read readview write writeview
5. Now create the user and associate with above created user group. Command used for this is 'snmp-server user user-name group-name [remote ip-address [udp-port port]] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password]} [priv { des| aes } auth-password]} [access access-list]'
Router(config)# snmp-server user Henry privGroup v3 auth md5 authUser priv des privUser
6. Now you can check with the configured credential by snmpwalk in your snmp manager terminal. Command used for this is 'snmpwalk -d -v 3 -a MD5 -A authUser -l authPriv -u Henry -x DES -X privUser <TargestHostName>:<TargetPort> system'
snmpwalk -d -v 3 -a MD5 -A authUser -l authPriv -u Henry -x DES -X privUser proto-test3:161 system
If you can see some reply in the command line it really works.
7. Now add a new Credential in OpManager under Admin --> CredentialSettings with those relevant details and add a new device to OpManager
8. Apart from these, SNMP context name can be configured in router and same can be given in opmanager, if needed. SNMP contexts provide VPN users with a secure way of accessing MIB data. When a VPN is associated with a context, that VPN’s specific MIB data exists in that context. Associating a VPN with a context enables service providers to manage networks with multiple VPNs. Creating and associating a context with a VPN enables a provider to prevent the users of one VPN from accessing information about users of other VPNs on the same networking device. The following example shows SNMP context “nocVPN” associated with the views in SNMPv3 group “privGroup”:
Router(config)# snmp-server context nocVPN
Router(config)# snmp mib community public
Router(config)# snmp mib community-map public context nocVPN target-list commonnocVPN
Router(config)# snmp-server group privGroup v3 context nocVPN read readview write writeview notify notifyview