Using SNMPv3 in AirWave Template

  • The SNMPv3 engine-id in the AirWave template must be a variable whose value is retrieved from the target switch at runtime. The same engine-id variable must be configured as a local engine-id in the template. The local engine-id makes a target switch to have constant engine-id always. The template must not have hardcoded engine-id. The SNMPv3 engine-id must be unique for each device in the network managed by AirWave.

    snmp-server engine-id local "%snmpv3_engineid%"

    snmpv3 engine-id "%snmpv3_engineid%"

  • There must be at least one SNMPv3 user configuration in the template. The user configuration must have plaintext key values for auth and priv. The plaintext keys will be encrypted when template is pushed to switch. Each SNMPv3 user should be assigned to a suitable SNMPv3 group with security model as version 3 in the template. 

    snmpv3 enable
snmpv3 group managerauth user "snmpv3user" sec-model ver3
snmpv3 user "snmpv3user" auth md5 "snmpv3user" priv des "snmpv3user"
  • The following is the sample template: 
    %template_header%
hostname "%hostname%"
%module_command%
include-credentials
snmp-server community "public" unrestricted
snmp-server engine-id local "%snmpv3_engineid%"
snmpv3 engineid "%snmpv3_engineid%"
snmpv3 enable
snmpv3 group managerauth user "snmpv3user" sec-model ver3
snmpv3 user "snmpv3user" auth md5 "snmpv3user" priv des "snmpv3user"
vlan 1
   name "DEFAULT_VLAN"
   untagged %vlan_1_untag_command%
%if use_dhcp=1%
   ip address dhcp-bootp
%endif%
%if use_dhcp=0%
   ip address %ip_address% %netmask%
%endif%
   ipv6 enable
%if use_ipv6_dhcp=1%
   ipv6 address dhcp full
%endif%
%if use_ipv6_dhcp=0%
   ipv6 address %ipv6_address%/%ipv6_prefix_length%
%endif%
   exit
amp-server ip 192.168.240.242 group "group" folder "folder" secret "secret"