Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

SNMP2/SNMP2C Compatibility with SNMP3

Posted on 2014-11-22
4
Medium Priority
?
736 Views
Last Modified: 2014-11-27
I am new to SNMP protocol and have the following compatibility question.

Our company is an mixed environment and are running both SNMP2/2C and SNMP3. Basically we have a network Monitoring tools called Whatsup Gold Premium. Whatsup Gold is configured to use SNMPv3 to Scan or using the MIB walker to explore our servers (Mainly Windows 2012r2 machine) and network devices (Cisco Swtiches).

My question is whether SNMPV3 is backward compatible with SNMPV2. In other word, can I use a SNMPV3 Management host to monitor both SNMPV3 and SNMPV2 enabled host/device or will there be a conflict ?

Thank you so much for your advice in advance.

Regards
Patrick
0
Comment
Question by:patricktam
4 Comments
 
LVL 62

Expert Comment

by:gheist
ID: 40460504
No, they are different protocols, completely incompatible. v2 device will not interpret v3 packets and vice versa.
0
 
LVL 65

Expert Comment

by:btan
ID: 40460534
Indeed v3 is a big change from 2c and below. SNMP version 3 adds both encryption and authentication, and hence setup is more complex than just defining a community string unlike those supporting just older version.  

By default, WhatsUp Gold has a 2 second timeout for SNMP requests, and retries failed SNMP requests once. It will poll through the profile on the string and credential till it works, I do not recall it will enumerate among snmp version though other scanner may do so. Maybe the newer version has does that ...

Reference an v11 paper (pdf) -
SNMPv3 reports the same data as v2, but uses a different authentication scheme. Instead of community strings, v3 devices require a username and password to poll to the device. In addition, users can be configured on the v3 device to have the data packets encrypted before they are sent to a device requesting the SNMP information.
Also from v14.4 release note pertaining to FIPS 140-2 encryption, only those SNMPv3 credentials with encryption using SHA authentication and AES128 encryption are allowed. Note that when WhatsUp Gold is installed on a FIPS 140-2 compliant operating system, it automatically start in FIPS 140-2 mode. Separately, you can configure it in FIPS 140-2 mode (e.g. Configure > Program Options, then select the General category).
0
 
LVL 22

Accepted Solution

by:
eeRoot earned 2000 total points
ID: 40468195
SNMPv2 and SNMPv3 are very different.  But you should be able to list both v2 and v3 credentials in Whatsup Gold and have it scan the network using both types of credentials.  It's common for networks to have a mix of older and newer devices that use different SNMP protocols and different credentials.
0
 

Author Closing Comment

by:patricktam
ID: 40468934
Thank you so much for your details advice.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question