Mutiny can poll devices configured to run SNMP Version 3 that comply with the User-Based Security Model (USM) or the View-based Access Control Model (VACM).
On the monitored systems you will need to configure some or all, of the following:
- authProtocol - Sets the authentication protocol (MD5 or SHA) used for authenticated SNMPv3 messages.
- authPassword - Sets the authentication pass phrase used for authenticated SNMPv3 messages.
- contextName - Set the Context Name used for SNMPv3 messages. The default context name is the empty string "".
- engineID - Set the authoritative (security) engine id used for SNMPv3 REQUEST messages. It is typically not necessary to specify this, as it will usually be discovered automatically.
- privProtocol - Sets the privacy protocol (DES or AES) used for encrypted SNMPv3 messages.
- privPassword - Set the privacy pass phrase used for encrypted SNMPv3 messages.
- secLevel - Sets the security level used for SNMPv3 messages (noAuthNoPriv|authNoPriv|authPriv). (Note that the appropriate pass phrase(s) must be provided when using any level higher than “noAuthNoPriv”).
The SNMP v3 monitored nodes in Mutiny, will need to be configured with the same parameters, although the “secLevel” is deduced from the values set.
There are some limitations to using SNMP v3 with Mutiny as opposed to SNMP v1/v2c
- Mutiny (by default) cannot receive SNMP v3 Informs (Traps), although a patch can be installed to allow this.
- Some of the older Mutiny Adapters do not currently support SNMP v3.
- Polling of SNMP v3 nodes will be substantially slower than polling with SNMP v2c.
- Only 64-bit interfaces are allowed in SNMP v3, so some older devices may not work properly when configured as SNMP v3.
- Microsoft have announced that they will not support SNMP v3 for Windows systems (although, there may be some 3rd party agents).
Useful Links:
https://mutiny.freshdesk.com/support/solutions/articles/13000060608-setting-up-snmpv3