Solved

SNMP2/SNMP2C Compatibility with SNMP3

Posted on 2014-11-22
4
492 Views
Last Modified: 2014-11-27
I am new to SNMP protocol and have the following compatibility question.

Our company is an mixed environment and are running both SNMP2/2C and SNMP3. Basically we have a network Monitoring tools called Whatsup Gold Premium. Whatsup Gold is configured to use SNMPv3 to Scan or using the MIB walker to explore our servers (Mainly Windows 2012r2 machine) and network devices (Cisco Swtiches).

My question is whether SNMPV3 is backward compatible with SNMPV2. In other word, can I use a SNMPV3 Management host to monitor both SNMPV3 and SNMPV2 enabled host/device or will there be a conflict ?

Thank you so much for your advice in advance.

Regards
Patrick
0
Comment
Question by:patricktam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40460504
No, they are different protocols, completely incompatible. v2 device will not interpret v3 packets and vice versa.
0
 
LVL 63

Expert Comment

by:btan
ID: 40460534
Indeed v3 is a big change from 2c and below. SNMP version 3 adds both encryption and authentication, and hence setup is more complex than just defining a community string unlike those supporting just older version.  

By default, WhatsUp Gold has a 2 second timeout for SNMP requests, and retries failed SNMP requests once. It will poll through the profile on the string and credential till it works, I do not recall it will enumerate among snmp version though other scanner may do so. Maybe the newer version has does that ...

Reference an v11 paper (pdf) -
SNMPv3 reports the same data as v2, but uses a different authentication scheme. Instead of community strings, v3 devices require a username and password to poll to the device. In addition, users can be configured on the v3 device to have the data packets encrypted before they are sent to a device requesting the SNMP information.
Also from v14.4 release note pertaining to FIPS 140-2 encryption, only those SNMPv3 credentials with encryption using SHA authentication and AES128 encryption are allowed. Note that when WhatsUp Gold is installed on a FIPS 140-2 compliant operating system, it automatically start in FIPS 140-2 mode. Separately, you can configure it in FIPS 140-2 mode (e.g. Configure > Program Options, then select the General category).
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40468195
SNMPv2 and SNMPv3 are very different.  But you should be able to list both v2 and v3 credentials in Whatsup Gold and have it scan the network using both types of credentials.  It's common for networks to have a mix of older and newer devices that use different SNMP protocols and different credentials.
0
 

Author Closing Comment

by:patricktam
ID: 40468934
Thank you so much for your details advice.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Is this network design suitable? 3 100
SD - WAN 2 65
Syslog-ng works. Now what? How to filter and manage? 8 93
migrate cisco cat configs 3 35
Transparency shows that a company is the kind of business that it wants people to think it is.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question