Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts

Should every switch have a unique SNMPv3 groupname/username?

New to SNMPv3.

Should every switch have a unique group name, user name and Priv/Auth passwords?

What is the norm when configuring multiple switches for snmp?


74% Upvoted
What are your thoughts? Log in or Sign uplog insign up
level 1
18 points · 7 days ago · edited 7 days ago

Don't over-complicate things. Just going to SNMPv3 puts you ahead of 80% of corporate networks :)

IMHO, "best practice" is to keep all the switches in a given site or security level with the same credentials. A device which is located in a less secure area (physically or logically) should probably not use the SNMP and passwords as the sites inside the perimeter.

Devices at a remote site where you share access with the local admins, get a separate site-level set of credentials so a rogue admin at that site can't compromise devices at HQ.

level 2
A+/N+/S+/CCNA1 point · 7 days ago

add another thing that needs to be addressed at place of employment, thanks for some pointers.

level 1

This has been my mentality when working with SNMP/SNMPv3.

  1. Turn it on. Don’t let that crappy “[CompanyName]Public” community string hangout there any longer! Anything is better than that. (I only allow AES+SHA if it only supports MDA + DES it goes away)

  2. Each site gets their own password + priv. Rotate them yearly.

  3. Add an ACL to only allow incoming and outgoing SNMP requests from/to your NMS.

  4. Restrict to read only.

  5. If applicable, restrict the SNMP view to only the OIDs you want to read.

level 1
CCNA1 point · 6 days ago

We normally keep it the same per system/network. Makes adding it all to solar winds so much easier.

level 1

For questions like this the answer is usually whatever your regulations tell you to do. If there are no regulations then write some and begin enforcing them.

Community Details





###Enterprise Networking Routers, switches and firewalls. Network blogs, news and network management articles. Cisco, Juniper, Brocade and more all welcome.

Create Post
r/networking Rules
Rule #1: No Home Networking.
Rule #2: No Certification Brain Dumps / Cheating.
Rule #3: No BlogSpam / Traffic re-direction.
Rule #4: No Low Quality Posts.
Rule #5: No Early Career Advice.
Rule #6: Educational Questions must show effort.
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.