Skip to main content

Hardening SNMP

If the SNMP service is to be made available, it must first be hardened by deleting communities, creating snmpv3 users, and applying cryptographic settings.


SNMP may not be required for normal operations, so this optional hardening step can be done at the end.

To harden SNMP, do the following:

  1. Enter the following command to stop the SNMP service (if not already stopped):
    $ service snmp stop

  2. Delete default v1/v2c communities:
    $ nmcfg community delete admin
    $ nmcfg community delete public

  3. Define a user for remote administrator or NMS console. Do not use MD5 for authentication or DES for privacy on a hardened system:
    $ nmcfg user define realadmin [sha] "pass phrase" [aes] "pass phrase"
    $ nmcfg access usm permit realadmin admin [priv]


    $ nmcfg user define realadmin sha PassPhrase1 aes PassPhrase2
    Starting SNMP Service
    $ nmcfg access usm permit realadmin admin priv
    Starting SNMP Service
    $ nmcfg access usm
    model    perm/group      level    user/community   source
    -------- --------------- ------- -------------------- ---------
    usm      administrator   noauth   jsmith                 -
    usm      administrator   auth     jsmith3                -
    usm      administrator   priv     realadmin              -
  4. Restart the SNMP service:
    $ service snmp start

  5. Verify the SNMP settings:
    $ nmcfg


    $ nmcfg
    system parameter           value
    ------------------------- -----------------------------------
    engineid                   0x80001f88030050c2a99d7e
    contact                    <undefined>
    location                   <undefined>
    model     perm/group        level   user/community       source
    --------- ----------------- ------- -------------------- -------
    usm       administrator     priv    realadmin             -
    auth protocol      priv protocol     user
    ----------------- ----------------- --------------------
    SHA                AES               realadmin

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.