Defaut SNMPv3 access method

We have a network-wide snmpv3 configuration use SHA and AES as default snmpv3 access method. However, there is no where I can store these information in the password rule file. Therefore, everytime user try to discover a device, user always have to manually check authPriv, SHA and AES as access method.

Is there a way to make a default access method for SNMPv3 discovery? This could also benefit device import.

Anyone can help?

Thanks.

Tags:

  • I have not used or tested SNMP v3 in NA, but I see the password rule has the info in 10.x, not sure if it has in 9.x. What version of your NA?

    As seen on 10x:

    Password Information

    Username

    Password

    Confirm Password

    SNMP Read-Only Community String

    SNMP Read/Write Community String

    SNMPv3 Username

    SNMPv3 Authentication Password

    Confirm SNMPv3 Authentication Password

    SNMPv3 Encryption Password

    Confirm SNMPv3 Encryption Password

    10..21 User Guide:

    SNMPv3 (user authentication) — With SNMPv3, you have the following
    options: noAuthNoPriv (username only), authNoPriv (username, authentication
    password), and authPriv (username, authentication, and encryption password).
    Authentication methods include SHA (Secure Hash Algorithm) and MD5
    (Message Digest Algorithm). Encryption methods include DES (Data
    Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption
    Standard), AES128, AES192, and AES256.

    9.20 User Guide:

    SNMP v3 Support — Network devices using SNMPv3 for device discovery are now
    detectable. Using less secure network device detection methods is avoided when
    SNMPv3 protocol is used, enabling the use of the most up-to-date SNMP security
    mechanisms.

    Hope this helps,

    Huy

     

  • Huy,

    Thanks for your reply.

    We are using version 10.20. In the password rule, it only allows you to enter SNMPv3 authentication and encryption password, but no choice for authentication method and encryption method.

    Per your reply, can you confirm 10.21 included authentication and encryption method in the password rule file now?

    Thanks.

    Jay

     

  • Hi Jay,

    Look like I misunderstood your original post.  The authentication and encrypted information are not in the password rule, but stored somewhere outside.

    If you look at the Hardening Guide, (10.20),

    page 6 of 28, For encryption of database and device passwords, NA uses the AES 256 algorithm.

    default hmac: ..., ..., 

    You can add these info in the adjustable_options.rcx.

    Again, this is my pure guess, as I have not implement the SNMP v3 in any installation. Hope someone already implemented SNMP v3 can share his/her how to.

    Thanks,

    Huy

     

     

  • So, I upgraded HPNA from 10.20 to 10.30, the default SNMPv3 access method is not part of the password rules. Nor it can be found in any GUI configurable areas.

    Not able to set the default SNMPv3 access method for authenticaiton and encryption creates a problem when you do bulk importing and run device detection via scheduled job.

    Does anyone else have the same issue or have a solution for this?