Configure SNMPv3 on Netgear GS728TP

Intro

The documentation provided by Netgear about SNMPv3 is fairly incomplete.  The GS728TP is only supposed to be managed using its web interface.  In one of my previous posts, I showed that there is actually a decently powerful CLI hidden from the average consumer.  This is one of the big differences between “Smart Managed” and “Fully Managed” switches.

Why SNMPv3?

SNMPv3 allows for the secure collection of monitoring data.  With previous iterations of SNMP (1, 2c), all traffic was unencrypted.  You can read more on the SNMP Wikipedia page.

Settings

The settings that Netgear advertises are located under System > SNMP > SNMPv3 > User Configuration. Most of the settings are represented here, but there is no mention of the Authentication Password. What confused me was the fact that didn’t say what the Authentication Password (authPassword) was.

I was eventually able to figure out that the authPassword shared the same password needed to log in to the switch.  What a terrible implementation.  Unable to find any solutions to this online, I consulted some of the other manuals I used to figure out the SSH configuration.

The Better Solution

Here are instructions to create an additional SNMP user using the command line, allowing you to keep your switch’s login password secret.

For the purposes of this post, I will be using the following settings:
Username: myuser
Group: default (I picked this because its what group the admin user is in)
Authentication Protocol: SHA, and key: secretauthkey
Privacy Protocol: DES, key: secretprivkey

  1. Connect to the command line of the switch
  2. Get a printout of the current snmp users using show snmp users. You should see your login password next to Auth.
  3. Add a new snmp user
    1. Enter configuration mode by typing configure
    2. Create the new user using:
      snmp-server user myuser default v3 auth sha secretauthkey priv secretprivkey
    3. You can also restrict the switch to only listen to requests from a particular IP address using remote at the end of the previous command. Use “?” to see details.
  4. Exit configuration mode using exit
  5. Verify proper settings using show snmp users

Remember, you can always send a question mark (?) to have the switch show any available documentation.

This entry was posted in WPPC Networking Project. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.