Solved

SNMP2/SNMP2C Compatibility with SNMP3

Posted on 2014-11-22
4
377 Views
Last Modified: 2014-11-27
I am new to SNMP protocol and have the following compatibility question.

Our company is an mixed environment and are running both SNMP2/2C and SNMP3. Basically we have a network Monitoring tools called Whatsup Gold Premium. Whatsup Gold is configured to use SNMPv3 to Scan or using the MIB walker to explore our servers (Mainly Windows 2012r2 machine) and network devices (Cisco Swtiches).

My question is whether SNMPV3 is backward compatible with SNMPV2. In other word, can I use a SNMPV3 Management host to monitor both SNMPV3 and SNMPV2 enabled host/device or will there be a conflict ?

Thank you so much for your advice in advance.

Regards
Patrick
0
Comment
Question by:patricktam
4 Comments
 
LVL 61

Expert Comment

by:gheist
ID: 40460504
No, they are different protocols, completely incompatible. v2 device will not interpret v3 packets and vice versa.
0
 
LVL 61

Expert Comment

by:btan
ID: 40460534
Indeed v3 is a big change from 2c and below. SNMP version 3 adds both encryption and authentication, and hence setup is more complex than just defining a community string unlike those supporting just older version.  

By default, WhatsUp Gold has a 2 second timeout for SNMP requests, and retries failed SNMP requests once. It will poll through the profile on the string and credential till it works, I do not recall it will enumerate among snmp version though other scanner may do so. Maybe the newer version has does that ...

Reference an v11 paper (pdf) -
SNMPv3 reports the same data as v2, but uses a different authentication scheme. Instead of community strings, v3 devices require a username and password to poll to the device. In addition, users can be configured on the v3 device to have the data packets encrypted before they are sent to a device requesting the SNMP information.
Also from v14.4 release note pertaining to FIPS 140-2 encryption, only those SNMPv3 credentials with encryption using SHA authentication and AES128 encryption are allowed. Note that when WhatsUp Gold is installed on a FIPS 140-2 compliant operating system, it automatically start in FIPS 140-2 mode. Separately, you can configure it in FIPS 140-2 mode (e.g. Configure > Program Options, then select the General category).
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 500 total points
ID: 40468195
SNMPv2 and SNMPv3 are very different.  But you should be able to list both v2 and v3 credentials in Whatsup Gold and have it scan the network using both types of credentials.  It's common for networks to have a mix of older and newer devices that use different SNMP protocols and different credentials.
0
 

Author Closing Comment

by:patricktam
ID: 40468934
Thank you so much for your details advice.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now