Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
9

Should every switch have a unique SNMPv3 groupname/username?

New to SNMPv3.

Should every switch have a unique group name, user name and Priv/Auth passwords?

What is the norm when configuring multiple switches for snmp?

Thanks

5 comments
74% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1
18 points · 7 days ago · edited 7 days ago

Don't over-complicate things. Just going to SNMPv3 puts you ahead of 80% of corporate networks :)

IMHO, "best practice" is to keep all the switches in a given site or security level with the same credentials. A device which is located in a less secure area (physically or logically) should probably not use the SNMP and passwords as the sites inside the perimeter.

Devices at a remote site where you share access with the local admins, get a separate site-level set of credentials so a rogue admin at that site can't compromise devices at HQ.

level 2
A+/N+/S+/CCNA1 point · 7 days ago

add another thing that needs to be addressed at place of employment, thanks for some pointers.

level 1

This has been my mentality when working with SNMP/SNMPv3.

  1. Turn it on. Don’t let that crappy “[CompanyName]Public” community string hangout there any longer! Anything is better than that. (I only allow AES+SHA if it only supports MDA + DES it goes away)

  2. Each site gets their own password + priv. Rotate them yearly.

  3. Add an ACL to only allow incoming and outgoing SNMP requests from/to your NMS.

  4. Restrict to read only.

  5. If applicable, restrict the SNMP view to only the OIDs you want to read.

level 1
CCNA1 point · 6 days ago

We normally keep it the same per system/network. Makes adding it all to solar winds so much easier.

level 1

For questions like this the answer is usually whatever your regulations tell you to do. If there are no regulations then write some and begin enforcing them.

Community Details

127k

Subscribers

1.1k

Online

###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
1.
Rule #1: No Home Networking.
2.
Rule #2: No Certification Brain Dumps / Cheating.
3.
Rule #3: No BlogSpam / Traffic re-direction.
4.
Rule #4: No Low Quality Posts.
5.
Rule #5: No Early Career Advice.
6.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.