SNMPv3 is a secure way to monitor and manage networked devices, but it can be daunting to those who haven’t previously setup SNMPv3 or any of the prior SNMP versions. In this article we’ll cover the basics to get you started as quick as possible!
SNMPv3 Components
- Port: 161 by default
- SNMP User
- SNMP Password: This is either SHA or MD5 (configured on your SNMP device)
- Encryption Key: This is either AES or DES (configured on your SNMP device)
- In some cases, if a device supports SNMPv3 but only lets you configure one password, the password is used for both the SNMP User and the Encryption Key
- OIDs: These are Object ID numbers that correspond to specific items on networked devices that you want to manage/monitor. The first 6 numbers are usually 1.3.6.1.4.1. The remaining numbers change depending on the manufacturer, model, and specific object you want to monitor.
- MIBs: In simple terms, these are just a collection of OIDs which were formatted into a text file and form a database. This database can be imported into SNMP Managers. A more detailed explanation of MIBs versus OIDs is found on comparitech.com
Finding OIDs For Your Devices
The easiest way I’ve found to find the OIDs of the devices I want to manage is using the MIB browser on bestmonitoringtools.com. A recent example I needed to monitor was the active NetExtender connections on a SonicWall SMA virtual appliance. By searching “Sonicwall” on the website above, I drilled down to the SSL VPN MIB here and can easily see that active NetExtender connections OID is: 1.3.6.1.4.1.8741.6.2.1.10.
Getting Started With SNMPv3
- Download and install an SNMP Testing software. I recommend Paessler SNMP Tester. This program will make testing your SNMP devices a breeze.
- Configure your Port/Username/Password/Encryption Key on your SNMP device.
- Run your SNMP Testing software, and fill out the IP/Port/User/Password/Encryption Key information specific to your SNMP device.
- Use authentication as MD5 or SHA, and encryption as DES or AES as configured or supported on your SNMP devices.
- If you couldn’t set an encryption key on your device, it’s probably the same value as the password!
- It’s always helpful to double check that the SNMP tester can ping the SNMP device.
- Select “Custom OID”, enter the OID you want to request, and click the start button to run the test.
- If you received an error like “no such instance”, try selecting and putting the OID into the “Walk” request type and hit test. If there are additional numbers needed at the end of your OID, “Walk” will find them and display them to you.
Here’s an example of a successful walk of an OID showing the missing .0 at the end, the value of my NetExtender connections (5), and the variable type (integer).
All that’s left is to download an SNMP manager of your choice (if you don’t have one already, Paessler’s PRTG is good), and go ham connecting your SNMP devices to your SNMP manager!