Perform monitoring of the network infrastructure, can this safely be done with SNMPv2

Securitysnmp

I need to perform monitoring of my network infrastructure but I'm wondering if using SNMPv2 is secure? What are the weaknesses of SNMPv2?

Best Answer

If SNMPv3 is not an option you can do some things to help secure SNMPv2 better.

Don't enable the Read-Write string. There are very few reasons to enabled it.
Choose community strings that are more complex and remove any that are 'private' or 'public'.
Use an access-list on the community string to restrict what IP addresses can poll the device.
Do not enable 'system-shutdown' option.
Use a different community string for SNMP traps vs the polling SNMP string.

Related Solutions

Switch – Can a VLAN bridge be used to replace a bypass switch with an IPS device

I don't believe this will be possible on one single switch. The reason being is that you are relying on STP to catch a link failure, but to go back to back on a single switch, you would have to suspend normal STP operation by either BPDU filtering or something similar.

Cisco – SNMPv3 Setup – Cisco 3750

I think your username is wrong in your commands, try substituting testusername for ALL

snmp-server view TESTVIEW mib-2 included 
snmp-server group TESTGROUP v3 auth read TESTVIEW 
snmp-server user testusername TESTGROUP v3 auth sha testpassword

Best Answer

Related Solutions

Switch – Can a VLAN bridge be used to replace a bypass switch with an IPS device

Cisco – SNMPv3 Setup – Cisco 3750

Related Topic