How to configure SNMPv3 on Cisco IOS Router

Hi Rene,

What is the use of snmpwalk. How it is different from snmp getbulk?

Hi Ananth,

SNMPWalk obtains a group of values by using SNMP GETNEXT request to query a network for a tree of information. In this lesson we used SNMPWalk on the Linux system to check if it is possible to retrieve information from the router so we know that SNMP is configured correctly on the router.

As for the 2nd part of the question, the GETBULK operation was introduced in SNMP v2 and is used for retrieving large amount of data, particularly from large tables using a single SNMP request.

I hope I could answer your question.

Hi ,

Can you add view part of snmp v3

Hello Sims.

We’ll inform Rene about adding some information about SNMPv3 as well. In the meantime, here is some general information:

SNMPv3 hasn’t changed much from v2 as far as the protocol itself is concerned other than the addition of cryptographic security. Security is the main focus of v3 because security has been the biggest weakness of the protocol since its inception.

Additional changes include new textual conventions, concepts and terminology.

As for the actual configuration of the protocol on Cisco devices, one of the major differences is that you no longer create an SNMP community name, but you create a username, password, and apply authentication and encryption algorithms such as SHA and AES.

So where SNMP commands in v2 would look like this:

Router(config)#snmp-server community StringRW rw SNMPRW

the corresponding command for v3 would be:

Router(config)#snmp-server user snmpManager MGMTSTATIONS v3 auth sha SecurePa55 priv aes 128 Secure3ncrypt access SNMPv3

I hope this has been helpful!



Actually I was talking about the view part of snmpv3

snmp-server view writeview internet included


Hi Sims,

Once you have access through SNMP, you will have access to the entire Management Information Base (MIB).

With views, it’s possible to limit this to certain (sub)trees.

Cisco has some good examples here:

Like this one:

snmp-server view myview mib-2 included
snmp-server view myview atEntry excluded
snmp-server view myview cisco included

It includes access to the MIB-II and Cisco MIB but denies access to the atEntry MIB.

19 posts were merged into an existing topic: How to configure SNMPv3 on Cisco IOS Router


First of all thank you so much for you clear lessons, Im heavily depending on them as my study material for my CCNP 300-101.

I would love to see a full tutorial on how to implement Observium with GNS3 routers, I have searched the whole net, but nothing I can find,

could you please guide us step by step how to use GNS3 (VMware) with Observium


Hi Hussam,

Glad to hear you like it.

If you want to play around with Observium, it’s best to use the tutorial that you can find on the Observium website:

Once you have Observium up and running, the only thing you need to do is to use the cloud icon in GNS3 to connect a physical network card (or a virtual one if you use vmware) to your GNS3 routers:

This is an older video but it’s probably still 99% the same on the latest GNS3 version.


Thank you Rene, I will try them and I will let you know.

How to check below settings? Is there any way to check this configuration?

R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY123

I am not getting this configuration on “show run” all the time but SNMP works always fine.


Hi Manami,

These SNMPv3 commands are not saved in the running config but in the private config. You can’t retrieve the passwords, the usernames will show up though with show snmp user.


Hi Rene

In your config example, do you not also need to configure the snmp server command?

e.g. snmp-server host version 3 priv MYUSER

Where is the IP of the SNMP server

Hello Chris

Thesnmp-server host command specifies the recipient of an SNMP notification either as a trap or a response to an inform request.

If you don’t specify the server as Rene has not in his example, you are able to connect to the router and send responses to SNMP inform requests only. Traps require further configuration on the router because they are initiated by the router itself. Informs are initiated by external SNMP queriers.

I hope this has been helpful!


Need to confirm what is the difference between auth and priv in snmp v3.

If i configure below then what is the difference between them,

snmp-server group SBG v3 auth read ABC
snmp-server group SBG V3 priv read ABC.

Mohammed Oves

Hi Mohammed,

Auth is authentication and priv is privacy (encryption). For authentication we can use MD5 or SHA, for encryption DES/AES.


Why do you have to specify the security level on the group when you do it for the user?

Hello Justin

When you specify the security level in the following command

R1(config)#snmp-server group MYGROUP v3 priv

you are specifying that SNMP packets will be authenticated and encrypted.

When issuing the command:

R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 MYPASS123 priv aes 128 MYKEY123

you are specifying that the user will indeed use the User Based Security Model (USM) for SNMPv3 that has been configured in the previous command. The priv keyword in the second command is not the same as that in the first. In the first, you have the option of specifying auth, noauth or priv while in the second command you either include the priv keyword or you don’t. If you use the priv keyword, you then must specify the encryption method and key sizes.

Take a look at the following two command references from Cisco:

snmp-server group:

snmp-server user:

I hope this has been helpful!



Hello Rene,

In the topic, Introduction to SNMP, you have mentioned that
noAuthNoPriv means that noAuthNoPriv = username authentication but no encryption.

but In the topic SNMPv3, you have mention that
noAuthNoPriv means that : noAuthNoPriv = no authentication and no encryption.

so a bit confused, I think that there is no authentication in SNMPv3 but then what do you mean by username authentication in noAuthNoPriv.

Hello Tejpal

Yes, you are correct that the statements are confusing. First of all, let’s look at what the noAuthNoPriv level of security actually does. For SNMP v1 and v2, noAuthNoPriv will indeed result in no username authentication and no encryption. However, only the community string will be used to match for authentication.

For SNMP v3, because it doesn’t use the concept of a community string, the noAuthNoPriv level will result in no encryption but a username will be used for authentication.

Because of these differences, the statements were made in this way. However, I will let Rene know so that he can clarify this a little more.

Thanks for pointing that out!