SNMP v3 multi-vendor : configuration sécurisée and bonnes pratiques

SNMP v3 configuration multi-vendor sécurisée : authentification SHA, chiffrement AES, users + groups + views. Remplace SNMP v2c non chiffré. Essentiel for monitoring moderne. Guide config Cisco/Juniper/FortiGate/Aruba SNMP v3 2026.

Forquoi v3 vs v2c

• v2c : community string en clair (security theatre)
• v3 : authentification + chiffrement
• v3 levels : noAuthNoPriv, authNoPriv, authPriv
• Recommandation : toujours v3 en 2026 (NIS2 exige)

Composants SNMP v3

• User : identité SNMP
• Group : rassemble users with même access
• View : filtre OIDs accessibles
• Engine ID : unique par agent
• Auth : SHA / SHA-256 / SHA-384 / SHA-512
• Priv : AES-128 / AES-256

Configuration Cisco

• snmp-server group MONITORING v3 priv read VIEW-READ
• snmp-server user admin MONITORING v3 auth sha AuthPass123 priv aes 128 PrivPass123
• snmp-server view VIEW-READ iso included
• snmp-server enable traps
• snmp-server host 10.0.0.100 version 3 priv admin

Configuration Juniper

• set snmp v3 usm local-engine user admin authentication-sha authentication-password AuthPass
• set snmp v3 usm local-engine user admin privacy-aes128 privacy-password PrivPass
• set snmp v3 vacm security-to-group security-model usm security-name admin group READONLY

OIDs clés to monitorer

• 1.3.6.1.2.1.1 : system (uptime, description)
• 1.3.6.1.2.1.2 : interfathese (ifInOctets, ifOutOctets)
• 1.3.6.1.2.1.25 : host resourthese (CPU, mémoire)
• 1.3.6.1.4.1.9 : Cisco enterprise MIB
• 1.3.6.1.4.1.2636 : Juniper
• 1.3.6.1.4.1.12356 : Fortinet

SNMP v3 vs streaming telemetry

• SNMP v3 : polling, stable, 5-60s intervals
• Streaming telemetry (gNMI, gRPC) : push, sub-second, moderne
• Tendance 2026 : migration SNMP → streaming for hyperscale
• SNMP restera for legacy + small deployments

Commander chez OPTINOC

Déploiement SNMP v3 multi-vendor + monitoring stack. Security configurations. Devis sous 48h.