FM - Switch Status error....

Unanswered Question
Apr 16th, 2007

In Cisco MDS FMS running on Windows 2003 Server, I see errors like "UknownUSer Name(Server), "Invalid Auth Password or Wrong Digest (Server)" under Status column against each switches and they are yellowed out and errors are occuring randomly. Switches are configured for TACACS authentication and they working fine.

But when I launch the FM installed on my laptop and login, I do not see those errors.

Could someone explain what causes those errors to come.


Mohan A

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
colin.mcnamara Mon, 04/16/2007 - 10:16

Well, the MDS supports both MD5 and SHA hashes, and also supports a seperate privacy password from the initial password.

I would double check that everything matches up from the FMS host to the MDS. Also remember that snmp user information is housed locally, not on the tacacs+ server.

colin.mcnamara Mon, 04/16/2007 - 10:32

AAA (TACACS+) is only referenced for Command Lin e Interactive Users, FC-SP, and ISCSI users. (I may have missed one, if so please point it out)

snmp-server users are configured locally (local username and password on the MDS).

Here is the confusing part. The MDS can automatically generate snmp-server user names and passwords that allow snmp access.

I recommend configuring a separate snmp-server user for the your FMS.

Here are the docs for creating a snmp-server user

One thing to keep a heads up on.. is that you need to specify your role when you do this.

the built-in role for full access is network-admin.

SAK_Mohan Mon, 04/16/2007 - 10:52

thanks Colin for your time.

But AAA (tacacs+) uses Windows AD here. So, whenever a CLI user is created , automatically MDS creates an SNMP user (which I think is temporary) or vice versa. When it is automatically created, why do i need to create one more...would it not amount to duplication

Or are they temporary ?

Do you mean to say "create permanent users' using snmp-server command.

If that is going to be the case,then how the passwords will be synchronised between CLI users (AD users via TACACS+) and SNMP users...i know some automatic synchronization happen implicitly.

Also, I read the following Note from Cisco MDS config guide 3.0


For an SNMPv3 operation using the external AAA server, user configurations in the external AAA server require AES to be the

privacy protocol to use SNMP PDU encryption.





This Discussion



Trending Topics: Storage Networking