Solved

SNMP2/SNMP2C Compatibility with SNMP3

Posted on 2014-11-22
4
407 Views
Last Modified: 2014-11-27
I am new to SNMP protocol and have the following compatibility question.

Our company is an mixed environment and are running both SNMP2/2C and SNMP3. Basically we have a network Monitoring tools called Whatsup Gold Premium. Whatsup Gold is configured to use SNMPv3 to Scan or using the MIB walker to explore our servers (Mainly Windows 2012r2 machine) and network devices (Cisco Swtiches).

My question is whether SNMPV3 is backward compatible with SNMPV2. In other word, can I use a SNMPV3 Management host to monitor both SNMPV3 and SNMPV2 enabled host/device or will there be a conflict ?

Thank you so much for your advice in advance.

Regards
Patrick
0
Comment
Question by:patricktam
4 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40460504
No, they are different protocols, completely incompatible. v2 device will not interpret v3 packets and vice versa.
0
 
LVL 62

Expert Comment

by:btan
ID: 40460534
Indeed v3 is a big change from 2c and below. SNMP version 3 adds both encryption and authentication, and hence setup is more complex than just defining a community string unlike those supporting just older version.  

By default, WhatsUp Gold has a 2 second timeout for SNMP requests, and retries failed SNMP requests once. It will poll through the profile on the string and credential till it works, I do not recall it will enumerate among snmp version though other scanner may do so. Maybe the newer version has does that ...

Reference an v11 paper (pdf) -
SNMPv3 reports the same data as v2, but uses a different authentication scheme. Instead of community strings, v3 devices require a username and password to poll to the device. In addition, users can be configured on the v3 device to have the data packets encrypted before they are sent to a device requesting the SNMP information.
Also from v14.4 release note pertaining to FIPS 140-2 encryption, only those SNMPv3 credentials with encryption using SHA authentication and AES128 encryption are allowed. Note that when WhatsUp Gold is installed on a FIPS 140-2 compliant operating system, it automatically start in FIPS 140-2 mode. Separately, you can configure it in FIPS 140-2 mode (e.g. Configure > Program Options, then select the General category).
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40468195
SNMPv2 and SNMPv3 are very different.  But you should be able to list both v2 and v3 credentials in Whatsup Gold and have it scan the network using both types of credentials.  It's common for networks to have a mix of older and newer devices that use different SNMP protocols and different credentials.
0
 

Author Closing Comment

by:patricktam
ID: 40468934
Thank you so much for your details advice.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NSX Distributed Firewall 6 55
EIGRP  router failure 14 42
catalyst 6500 - recover from corrupted IOS 4 58
EIGRP on point-to-point vlan 14 65
So, you're experiencing issues on your network and you've decided that you need to perform some tests to determine whether your cabling is good.  You're likely thinking that you may need to spend money which you probably don't have on hiring/purchas…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now