Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Local Engine ID on SNMPv3

By default, the local engine ID uses the default IP address of the router. The local engine ID is the administratively unique identifier for the SNMPv3 engine. This statement is optional. To configure the local engine ID, include the engine-id statement at the [edit snmp] hierarchy level. For more information about this statement, see No link title.

Note:

If you are using SNMPv3 and if the engine ID is based on the MAC address and you upgrade from an earlier release to one of the releases (14.1X53-D50, 16.1R5, 17.1R2, 17.2R1, 15.1X53-D231, 14.1X53-D43, 15.1X53-D232), you must reconfigure SNMPv3 because the engine ID is changed by the upgrade. If you do not reconfigure SNMPv3, you will see authentication error for SNMPv3 polling because the engine ID is changed after the upgrade. You only need to reconfigure SNMPv3 on the first such upgrade. If you then upgrade from one of the mentioned releases to another of these releases, you do not have to upgrade SNMPv3 again.

To reconfigure SNMPv3, use the following procedure. Do not use the rollback 1 command.

  1. Check what the SNMPv3 configuration is.

  2. Delete the SNMPv3 configuration.

  3. Reconfigure SNMPv3 configuration (see ouput from Step 1).

The local engine ID is defined as the administratively unique identifier of an SNMPv3 engine, and is used for identification, not for addressing. There are two parts of an engine ID: prefix and suffix. The prefix is formatted according to the specifications defined in RFC 3411, An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks. You can configure the suffix here.

Note:

SNMPv3 authentication and encryption keys are generated based on the associated passwords and the engine ID. If you configure or change the engine ID, you must commit the new engine ID before you configure SNMPv3 users. Otherwise, the keys generated from the configured passwords are based on the previous engine ID.

For the engine ID, we recommend using the primary IP address of the device if the device has multiple routing engines and has the primary IP address configured. Alternatively, you can use the MAC address of the management port if the device has only one Routing Engine.