Intro
The documentation provided by Netgear about SNMPv3 is fairly incomplete. The GS728TP is only supposed to be managed using its web interface. In one of my previous posts, I showed that there is actually a decently powerful CLI hidden from the average consumer. This is one of the big differences between “Smart Managed” and “Fully Managed” switches.
Why SNMPv3?
SNMPv3 allows for the secure collection of monitoring data. With previous iterations of SNMP (1, 2c), all traffic was unencrypted. You can read more on the SNMP Wikipedia page.
Settings
The settings that Netgear advertises are located under System > SNMP > SNMPv3 > User Configuration. Most of the settings are represented here, but there is no mention of the Authentication Password. What confused me was the fact that didn’t say what the Authentication Password (authPassword) was.
I was eventually able to figure out that the authPassword shared the same password needed to log in to the switch. What a terrible implementation. Unable to find any solutions to this online, I consulted some of the other manuals I used to figure out the SSH configuration.
The Better Solution
Here are instructions to create an additional SNMP user using the command line, allowing you to keep your switch’s login password secret.
For the purposes of this post, I will be using the following settings:
Username: myuser
Group: default (I picked this because its what group the admin user is in)
Authentication Protocol: SHA, and key: secretauthkey
Privacy Protocol: DES, key: secretprivkey
- Connect to the command line of the switch
- Get a printout of the current snmp users using
show snmp users
. You should see your login password next to Auth. - Add a new snmp user
- Enter configuration mode by typing
configure
- Create the new user using:
snmp-server user myuser default v3 auth sha secretauthkey priv secretprivkey
- You can also restrict the switch to only listen to requests from a particular IP address using
remote
at the end of the previous command. Use “?” to see details.
- Enter configuration mode by typing
- Exit configuration mode using
exit
- Verify proper settings using
show snmp users
Remember, you can always send a question mark (?) to have the switch show any available documentation.