For the longest time in the networking industry, we had a running joke about Simple Network Management Protocol (SNMP). We would love to state that it actually stood for “Security is Not My Problem!”. This was because even though SNMP was dealing with all of this potentially sensitive information about your network device, it would rely on a plain text password for security. Yuck!
SNMP version 3 really responded to the security weaknesses of the protocol by introducing a security model within the protocol. The wonderful components of this new security model that we can leverage are the user, group and security level.
That’s right, this approach is so flexible, there are multiple security levels you can take advantage of depending on the security requirements of your environment. The following security levels exits:
- “noAuthNoPriv” (no authentication and no encryption – use the noauth keyword in the CLI)
- “AuthNoPriv” (messages are authenticated but not encrypted – use the auth keyword in the CLI)
- “AuthPriv” (messages are authenticated and encrypted – use the priv keyword in the CLI)
You should note that the old SNMPv1 and SNMPv2 approaches only supported the “noAuthNoPriv” model since they used plain text community strings to match the incoming packets.
With our SNMPv3 implementations, you can configure the appropriate security model on per-group basis.
In SNMPv3, a group defines the access policy for a set of users. The access policy defines which SNMP objects can be accessed for reading and writing or which SNMP objects can generate notifications to the members of a group. A group also defines the security model and security level for its users.
Here is an example configuration for you. Here three groups are created. They are the TEST1, TEST2, and TEST3 groups. Notice these groups consist of users and can be associated with SNMP views to control the scope of access.
snmp-server view VIEW1 iso included
snmp-server view VIEW2 ifEntry.*.3 included
snmp-server group TEST1 v3 priv read VIEW1 write VIEW1
snmp-server group TEST2 v3 auth read VIEW2
snmp-server group TEST3 v3 priv
snmp-server user JOHN TEST1 v3 auth sha CISCO priv des56 CISCO
snmp-server user SARAH TEST2 v3 auth sha CISCO
snmp-server user LUCY TEST3 v3 auth sha CISCO priv des56 CISCO
Always the observant one, I have driven by the Florida highway exit for ITProTV many times! I guess I really did think their HQ would be in California! It turns out, Gainesville, Florida is famous for more than just the Gators (and gators).
Many IT training companies have thought about trying the ITProTV “Hollywood” approach, but few even try and execute it. Those that do typically fail rather spectacularly and publicly. ITProTV, on the other hand, nails it.
I am currently enjoying their Intro to Ansible course and quickly remembered why so many companies were thinking of trying to lead at this (I was with one called KnowledgeNet many years back). Two trainers are way better than one, and they do actual professional video production. And we all love watching television. In fact, this allows you to binge (even in the free account tier!)
ITProTV absolutely pops and sounds terrific on today’s mobile devices. I am not sure about you, but after hammering away at a keyboard for hours each day, I really like propping the pillows and jamming some DevOps training on the iPhone 11 Huge Max or whatever the heck it’s called.
Enjoy my quick little photo tour, which really undersells how amazing it is. We are talking numerous uniquely designed sets that are fun to perform in, and even more fun to watch. I can’t wait to appear in some upcoming episodes!
Enjoy a Free Personal Account that never expires. Should you want to upgrade, that starts as a free trial. Entire starter courses are in the free account tier, like CompTIA’s IT Fundamentals. A perfect first step for an upcoming addict. 🙂 In a super cool move, they even broadcast live into the free tier. Always something cool to check out. Here is a link to the personal plans. There are also business plans available.