Hi All,
I have an SNMP related problem to solve. My company has a Nagios server to monitor server activity and an HP OV NNM 7.5 to monitor network activities. We have several WAN network that contains old and really older CISCO routers. The older routers know SNMPv1 protocol and the little newer ones the SNMPv3. I have an idea to handle both of SNMP protocols (v1 and v3) with one Nagios equipment. Can you give me a hand about it? It is possible or not?
Kind regards,
Laszlo.
How to check SNMPv1 and SNMPv3 traps
Re: How to check SNMPv1 and SNMPv3 traps
Firstly our instructions don't use the v2 or v3 extensions and all of your SNMP devices will use v1 with no configuration beyond the outlined Community string and Trap server.
If you want to setup multiple SNMP authentications these will just work after they have been configured. That is you'd open up SNMP by configuring a v1 community, then configure authentication identities that would make there life more difficult. The v2 and v3 security extensions are disabled if you allow v1 clients to connect.
Your best option would be to only use v1 over a secured network that has no traffic other then SNMP. You might be able to use an SNMP proxy to up convert v1 requests to v3 to traverse unsecured networks, however use of VPNs would be preferred though you could do both.
If you want to setup multiple SNMP authentications these will just work after they have been configured. That is you'd open up SNMP by configuring a v1 community, then configure authentication identities that would make there life more difficult. The v2 and v3 security extensions are disabled if you allow v1 clients to connect.
Your best option would be to only use v1 over a secured network that has no traffic other then SNMP. You might be able to use an SNMP proxy to up convert v1 requests to v3 to traverse unsecured networks, however use of VPNs would be preferred though you could do both.
Re: How to check SNMPv1 and SNMPv3 traps
Dear mik,
Thx for your quick answer. I am going to need some additional information. I have to deal with SNMPv1 and v3, no v2 (fortunatelly). I have no intention to mix v1 & v3 traffic. I am not insisted on security extentions.
At this moment we use the SNMP protocol to get information only the router interface status. We use the software to supervise and monitor the network status. For example fortified with SNMP we are able to identify line problems.
With the additional information and restrictions together what do you think it is possible to reconciliate SNMPv1 & v3 version?
Kind reards,
laclaclac.
Thx for your quick answer. I am going to need some additional information. I have to deal with SNMPv1 and v3, no v2 (fortunatelly). I have no intention to mix v1 & v3 traffic. I am not insisted on security extentions.
At this moment we use the SNMP protocol to get information only the router interface status. We use the software to supervise and monitor the network status. For example fortified with SNMP we are able to identify line problems.
With the additional information and restrictions together what do you think it is possible to reconciliate SNMPv1 & v3 version?
Kind reards,
laclaclac.
Re: How to check SNMPv1 and SNMPv3 traps
Yes, then what I'd do is for your v3 clients configure them with only a Community name. This will cause them to send v1 compatible messages. v3 is not a new version per-say it's a set of extensions on v1, so if you don't configure these extensions you will get a backwards compatible client.