cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4599
Views
9
Helpful
16
Replies

SNMP V3

ambi
Level 1
Level 1

We have been asked to migrate all devices to SNMP V3.

I tried to test this out on a 2811 router but it is failing. All i need is to allow my NMS (solarwinds) to poll using snmpv3

Here is my config

snmp-server user test test v3 auth md5 test priv des56 test

snmp-server group test v3 priv

IS there anything else i need to do to use snmp v3 for polling

Ambi

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

The SNMP USM spec says that passwords must be at least eight characters. So you should increase the length of your passwords (e.g. tester123). Also, you do not want to specify a context name in Solarwinds (i.e. leave this field blank). Contexts are not used for general polling. Other than that, this looks okay.

View solution in original post

16 Replies 16

Joe Clarke
Cisco Employee
Cisco Employee

The SNMP USM spec says that passwords must be at least eight characters. So you should increase the length of your passwords (e.g. tester123). Also, you do not want to specify a context name in Solarwinds (i.e. leave this field blank). Contexts are not used for general polling. Other than that, this looks okay.

Thanks......that did the trick

However i have one more problem. eventhough i disabled snmp and renabled it, the old username still appears in sh snmp users

Is there any way i can get rid of these (ofcourse without a reload). since the sh runn config does not show the username it is difficult to identify the exact commands need to remove them

Ambi

no snmp-server user USER GROUP v3

Joe

I have run into another problem now with snmp v3

Solarwinds is able to poll/ identify interfacesetc but not showing any traffic statistics like utilization, errors etc..

Do we need any configuration with respect to MIBs as well

Ambi

There is nothing that needs to be done in IOS to enable this. Typically, the objects to poll for utilization are ifInOctets and ifOutOctets (along with ifSpeed). Faster interfaces will require ifHCInOctets and ifHCOutOctets and ifHighSpeed. All of these should be pollable with the SNMPv3 config you provided earlier.

I tried using whatups gold and it too had the same error. interface statistic stops as soon as you disable SNMP v1 or v2c

When polled for CPU, it throws an error stating that the remote device does nto support host resource MIB

Ambi

Our devices don't support the HOST-RESOURCE-MIB. We use the CISCO-PROCESS-MIB for CPU utilization. To figure out why the interface utilization is not working, you will need to provide a sniffer trace of the NMS polling the device.

Will check that and upload ..

Is there any good net monitoring tool which works properly with V3. i think with the problems i am facing its time to move to a new tool

Ambi

I use Cacti in my lab and at home for this kind of monitoring. It supports SNMPv3 authNoPriv and authPriv using net-snmp's stack. It works really well (http://www.cacti.net/).

I have been trying to setup cacti in windows for the past 2 days..

Polling seems to be ok but for some reason graphs are not shown

Are you using it under wondows or linux?

Any other tool that immediately comes to mind other than cacti ?

Ambi

I use it under FreeBSD. You might also give PRTG a try (http://www.paessler.com/prtg).

Many tools will not be able to handle SNMPv3 priv for SNMPv3 polling. I think that is why polling is ok in many of the instances in this conversation but not the display of the data.

The data returned by an SNMPv3 authPriv poll is the same returned by SNMPv3 authNoPriv and SNMPv2c. The only difference is encryption. If the encryption was broken, the device shouldn't be responding with any data at all (only report packets). That is why I requested a sniffer trace early on.

Agreed.

But there is SNMPv3 authPriv and Priv. The settings in the user example looks to me to be authPriv and Priv rather than AuthPriv and noPriv meaning the data is to be encrypted. Many SNMP managers will support SNMPv3 authpriv if you configure them correctly but only in noPriv mode ...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco