First of all, I am new to this forum and I apologize in advance if I am misunderstanding what this forum is about. I was ask to deploy SNMPv3 which I have never touch before. So after several hours of research, I came up with the below config. This site was part of that research, so i was hoping that I could get some feedback on this.
Here are the criteria from the customer, and i wanted to know if I met all that criteria
(1) I want to use SNMPv3 (auth and priv) for polling
(2) SNMPV3 (auth) for traps
(3) create groups for read only, read/write, and traps and corresponding SNMPv3 users.
(4) limit polling to an access list to SolarWinds and ForeScout 1.1.1.1 and 2.2.2.2
(5) Authentication and authorization should be to our radius server (3.3.3.3) first and fall back to local authentication if radius is not available.
access-list 99 permit host 1.1.1.1
access-list 99 permit host 2.2.2.2
!
!
!
snmp-server group Group1 v3 priv
!
snmp-server user user1 Group1 remote 3.3.3.3 v3 auth md5 MD5_PASS1 priv 3des PRIV_PASS access 99
!
!
!
snmp-server group TRAPS v3 auth
!
snmp-server user user1 Group2_Traps remote 3.3.3.3 v3 auth md5 MD5_PASS2 access 99
!
!
!
snmp-server location Switch_Hostname
!
snmp-server host 1.1.1.1 version 3 auth usertraps