Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1215
Views
0
Helpful
4
Replies

FM - Switch Status error....

SAK_Mohan
Level 1
Level 1

‎04-16-2007 07:21 AM

In Cisco MDS FMS running on Windows 2003 Server, I see errors like "UknownUSer Name(Server), "Invalid Auth Password or Wrong Digest (Server)" under Status column against each switches and they are yellowed out and errors are occuring randomly. Switches are configured for TACACS authentication and they working fine.

But when I launch the FM installed on my laptop and login, I do not see those errors.

Could someone explain what causes those errors to come.

Thanks

Mohan A

Labels:
0 Helpful
4 Replies 4

colin.mcnamara
Level 4
Level 4

‎04-16-2007 10:16 AM

Well, the MDS supports both MD5 and SHA hashes, and also supports a seperate privacy password from the initial password.

I would double check that everything matches up from the FMS host to the MDS. Also remember that snmp user information is housed locally, not on the tacacs+ server.

0 Helpful

SAK_Mohan
Level 1
Level 1
In response to colin.mcnamara

‎04-16-2007 10:20 AM

Could you explain me in detail....

Thanks

M

0 Helpful

colin.mcnamara
Level 4
Level 4
In response to SAK_Mohan

‎04-16-2007 10:32 AM

AAA (TACACS+) is only referenced for Command Lin e Interactive Users, FC-SP, and ISCSI users. (I may have missed one, if so please point it out)

snmp-server users are configured locally (local username and password on the MDS).

Here is the confusing part. The MDS can automatically generate snmp-server user names and passwords that allow snmp access.

I recommend configuring a separate snmp-server user for the your FMS.

Here are the docs for creating a snmp-server user

http://www.cisco.com/univercd/cc/td/doc/product/sn5000/mds9000/2_0/cliguide/part5/snmp.htm#wp1232970

One thing to keep a heads up on.. is that you need to specify your role when you do this.

the built-in role for full access is network-admin.

0 Helpful

SAK_Mohan
Level 1
Level 1
In response to colin.mcnamara

‎04-16-2007 10:52 AM

thanks Colin for your time.

But AAA (tacacs+) uses Windows AD here. So, whenever a CLI user is created , automatically MDS creates an SNMP user (which I think is temporary) or vice versa. When it is automatically created, why do i need to create one more...would it not amount to duplication

Or are they temporary ?

Do you mean to say "create permanent users' using snmp-server command.

If that is going to be the case,then how the passwords will be synchronised between CLI users (AD users via TACACS+) and SNMP users...i know some automatic synchronization happen implicitly.

Also, I read the following Note from Cisco MDS config guide 3.0

-----

For an SNMPv3 operation using the external AAA server, user configurations in the external AAA server require AES to be the

privacy protocol to use SNMP PDU encryption.

-------

--Thanks

Mohan

0 Helpful
Customers Also Viewed These Support Documents