SNMP v3 noAuthNoPriv for MDS 9124

Unanswered Question
Nov 19th, 2008
User Badges:

Hi all,


I am testing against an MDS 9124 at 3.2(3a), and have not been able to communicate to the switch using SNMP v3 noAuthNoPriv. I have configured an SNMP user with noAuthNoPriv as a member of the network-admin group, using the following command:


snmp-server user test_1 network-admin


All attempts to query the switch with this user result in an authorization failure.


Any ideas on what I am missing in the configuration?


Thank you!

--andrea

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Michael Brown Thu, 11/20/2008 - 03:14
User Badges:
  • Cisco Employee,

Andrea,


The MDS has 2 logins types that should automatically sync with each other. If you create a CLI user (for telnet and SSH), that same user should be generated for SNMP V3 access (Fabric and Device Manager). If you want to generate an SNMP user called test_1 and provide network-admin role, the command is something like this. (I don't have access to MDS at the moment due to a lab move so I can not confirm the exact command.)


snmp-server user test_1 role network-admin


You need to provide the password, and specify that role is network-admin. As you enter the command, you can use the ? to see what the next possible parameter might be. IE: 'snmp-server user test_1 ?' should show you that the next entry might be the password.


Once entered, if you enter the command 'show snmp users' you should see test_1 appear like the admin user and both should show network-admin.


Also as a result of the snmp-server user being created, a CLI user should be created with the same password and role. This is seen with the 'show user-account' display command.


Hope this helps,

Mike

andrea.nagao Thu, 11/20/2008 - 09:58
User Badges:

Hi Mike,


Thank you so much for your reply!


I have found that if I want to create a user with noAuthNoPriv SNMP V3 access, I cannot give the user a password. If I give the user a password, then it automatically gives the user the authPriv level. Using the 'show snmp user' command this shows up as:


User Auth Priv(enforce) Groups

------ ---- ------------- ------

test_1 md5 des(no) network-admin


What I would like is a user with setting:


test_1 no no network-admin


I know this is probably not the normal usage of SNMP V3, but this is a test case I must cover since it is available in SNMP V3.


--andrea


Actions

This Discussion

 

 

Trending Topics: Storage Networking