Template:FAQ:Applications 21

From Net-SNMP Wiki
Jump to: navigation, search

The simplest form of SNMPv3 request is unauthenticated and unencrypted (noAuthNoPriv). It simply requires a user name, and would look something like:

       snmpget -v 3 -l noAuthNoPriv -u dave localhost sysUpTime.0

However this approach foregoes the security protection which is the main advantage of using SNMPv3 (and the agent must also be explicitly configured to allow unauthenticated requests from that user).

The most common form of SNMPv3 request is authenticated but not encrypted (authNoPriv). This specifies the pass phrase to authenticate with:

       snmpget -v 3 -l authNoPriv -u dave -A "Open the Door"
                               localhost sysUpTime.0

A fully secure (i.e. encrypted) request (authPriv) would also specify the privacy pass phrase:

       snmpget -v 3 -l authPriv -u dave -A "Open the Door"
                       -X "Bet you can't see me"  localhost sysUpTime.0

In practise, most of these would probably be set via configuration directives in a personal $HOME/.snmp/snmp.conf file (note, not the agent's snmpd.conf file).
The equivalent settings for the third example would be:

       defSecurityName         dave
       defSecurityLevel        authPriv
       defAuthPassphrase       "Open the Door"
       defPrivPassphrase       "Bet you can't see me"

If the AuthPassphrase and the PrivPassphrase are the same, then you can use the setting

               defPassphrase   "Open the Door and see me"

instead.

See the AGENT section for how to configure the agent to respond to SNMPv3 requests.