Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Engine ID on SNMPv3

By default, the engine ID uses the default IP address of the router. The engine ID is the administratively unique identifier for the SNMPv3 engine. This statement is optional. To configure the engine ID, include the engine-id statement at the [edit snmp] hierarchy level. For more information about this statement, see engine-id.

Note:

When configuring SNMPv3, you must configure the local SNMP engine ID before configuring SNMPv3 USM users. SNMPv3 authentication and privacy keys are derived from the local engine ID. If SNMPv3 users are configured before the engine ID is set, the keys might need to be regenerated.

To reconfigure SNMPv3, use the following procedure. Do not use the rollback 1 command.

  1. Check what the SNMPv3 configuration is.

  2. Delete the SNMPv3 configuration.

  3. Reconfigure SNMPv3 configuration (see ouput from Step 1).

The engine-id is defined as the administratively unique identifier of an SNMPv3 engine, and is used for identification, not for addressing. There are two ways to configure engine-id:

  • Local configuration - There are two parts for a local engine ID: prefix and suffix. The prefix is formatted according to the specifications defined in RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. You can configure the suffix here.

  • Unique-id configuration - The unique ID uses the engine ID as configured. It does not append an RFC 3411 prefix. It uses full length engine-id with a hexadecimal string of 5 through 32 bytes in length.

Note:

SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID. If you configure or change the engine ID, you must commit the new engine ID before you configure SNMPv3 users. Otherwise, the keys generated from the configured passwords are based on the previous engine ID.

For the engine ID, we recommend using the primary IP address of the device if the device has multiple routing engines and has the primary IP address configured. Alternatively, you can use the MAC address of the management port if the device has only one Routing Engine.