Restrict SNMP to use V3 only

acssol · August 13, 2019, 12:42pm

Hello folks,

i’d like to monitor a MikroTik device via SNMP over the public internet. I therefore would like to allow monitoring via SNMPv3 (with authentication and encryption) only.

As soon as I enable SNMP, I can query the device using all SNMP versions.

Is it possible to restrict querying to SNMPv3 only?

If not - what’s the idea behind implementing SNMPv3 as the more secure standard when SNMPv2 is still sending information unencrypted over the network?

Thanks in advance for your feedback!

Elans · August 14, 2019, 4:52am

Hello,

You can use only SNMP v3 for monitoring.
More information about SNMP find below:
https://wiki.mikrotik.com/wiki/Manual:SNMP

acssol · August 14, 2019, 7:49am

Hello Elans,

thanks for your feedback. I already knew that wiki article and have read it - but I don’t see where it explains how to enable/ disable only certain versions of SNMP.

SNMP is either

enabled (yes | no; Default: no)

…

Am I missing something?

Elans · August 15, 2019, 9:57am

You have to configure “snmp community” (through GUI it would be IP → SNMP → Communities) where you will specify security, authentication protocol etc.

Detailed description about Community Properties:
https://wiki.mikrotik.com/wiki/Manual:SNMP#Community_Properties