OID in SNMPv3

Answered Question
Oct 11th, 2009
User Badges:

I am configuring SNMPv3 using CiscoWorks, but I am confused which OID, Object Type will be configured for Cisco Switch 3750?

Correct Answer by Joe Clarke about 7 years 8 months ago

LMS is not a general purpose trap manager. Yes, DFM can process certain traps, but sending traps to LMS is still optional.


No, SNMPv3 has no integration with ACS at this time. You do not need to add the SNMPv3 user to ACS. All of the authentication and authorization is done locally on the device.

Correct Answer by Joe Clarke about 7 years 8 months ago

v1default is a built-in view that gives most of the required access you need. You are free to create your own view if you want.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Sun, 10/11/2009 - 18:36
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I don't understand the question. Exactly what are you doing in CiscoWorks? SNMPv3 doesn't use any different OIDs. The only difference between SNMPv1/v2.c and v3 is that you need to specify a username, password, and hash algorithm in SNMPv3 where as in v1/v2c you specify SNMP communities.

Ahmed Shahzad Sun, 10/11/2009 - 18:41
User Badges:

Thanks for your response. I have found that in addition to UID, PWD, Hash Algo, it is also required to define OID. Plesae check attach image file.


Thanks and Regards,



Attachment: 
Joe Clarke Sun, 10/11/2009 - 19:00
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This has nothing to do with configuring SNMPv3. This is simply using the SNMP Set interface. This tool should only be used for troubleshooting purposes, and has nothing to do with the function of LMS.


The OID in this interface is the OID to set. There are countless options for this, and it depends on what you're trying to do. The Object Type is the type of that OID (e.g. DISPLAY STRING, INTEGER, etc.).


So my original question remains: exactly what do you want to do?

Ahmed Shahzad Sun, 10/11/2009 - 19:23
User Badges:

Thanks for your quick reply.


I am trying to configure SNMPv3 on Catalyst and Routers, so that the communication channel between devices and LMS would be SNMPv3. I have found the following configuration guidelines from Cisco.com, which are:


To enable SNMPv3 on Cisco IOS devices, follow these steps:

=====

• Create a view


snmp-server view campus oid-tree included

• Set the security model


snmp-server group cmtest v3 auth read campus write campus access access-list

• Create a user and authentication protocol to be used


snmp-server user cmtester campus v3 auth md5 password

• Create a group and associate the user with it


snmp-server user cmtester cmtest v3


=== Last command is also not working. Also I want to know which OIDs I have to configure for Cisco LMS.


Thanks and Regards,


Last

Joe Clarke Sun, 10/11/2009 - 19:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This is fine. However, the SNMP Set tool you are trying to use has no bearing on whether or not LMS will use SNMPv3 to communicate with the device.


First, configure SNMPv3 on the device. The above is simply a guideline. Actually, all you need is an SNMPv3 group, and an SNMPv3 user. Creating a view and an access-list are optional steps. For example, the following two lines are all you really need:


snmp-server group v3group v3 auth write v1default

snmp-server user v3user v3group v3 auth md5 v3user123


Here, v3group is the SNMPv3 group name, v3user is the SNMPv3 username, the authentication algorithm is MD5, and the authentication password is v3user123. This config is for SNMPv3 authNoPriv, and will allow for both read and write access.


Once you have SNMPv3 configured on the device, add the device to DCR with the appropriate v3 credentials. This is done under Common Services > Device and Credentials > Device Management. Add all of the v3 credentials on the third screen of the Add Device interface. Once that is done, LMS will use SNMPv3 to manage this device.

Ahmed Shahzad Sun, 10/11/2009 - 21:05
User Badges:

Thank you very much for your detailed reply.


Can you just tell me that v1default, which is write view name, needs to be created first?


Thanks and Regards,

Correct Answer
Joe Clarke Sun, 10/11/2009 - 21:08
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

v1default is a built-in view that gives most of the required access you need. You are free to create your own view if you want.

Ahmed Shahzad Sun, 10/11/2009 - 21:40
User Badges:

Thank you very much for your support.


One more thing, can I have to configure snmp-server host command as well.


Thanks and Regards,


Joe Clarke Sun, 10/11/2009 - 21:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, this is not required. You need to use snmp-server host only if you want the device to send traps to an SNMP trap manager.

Ahmed Shahzad Sun, 10/11/2009 - 21:51
User Badges:

I believe it is a good idea to use snmp-server host, so that device can send snmp traps to LMS in a proactive manner.


Secondly LMS is integrated with ACS, do we need to create the same account on ACS as well.

Correct Answer
Joe Clarke Sun, 10/11/2009 - 21:53
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

LMS is not a general purpose trap manager. Yes, DFM can process certain traps, but sending traps to LMS is still optional.


No, SNMPv3 has no integration with ACS at this time. You do not need to add the SNMPv3 user to ACS. All of the authentication and authorization is done locally on the device.

Ahmed Shahzad Sun, 10/11/2009 - 21:58
User Badges:

Thank you very much for your prompt support.


I am facing one more issue, for which I already have open a conversation, but I have not got a solution for it.


After login into CiscoWorks Assistant, whenever trying to access any other link like Add Device or Allocate Device, results in given below error:


===== Error Message =======

Status polling timed out for the last run task [Add Devices].

Step may be running in the backend.

Do you wish to stop status checking and continue with the selected task?

============


I have tried to restart the services, and even restart the machine as well, but still getting same error since last three days.

Joe Clarke Sun, 10/11/2009 - 22:01
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I already replied on that thread with instructions to fix the problem. Have you tried my suggestion?

Ahmed Shahzad Sun, 10/11/2009 - 22:03
User Badges:

LMS is installed on Windows 2003 Standard Ed, and I belive your instruction assumes that OS is not Win.

Joe Clarke Sun, 10/11/2009 - 22:04
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

No, the command is the same for Windows. Just change the path separator.

Ahmed Shahzad Sun, 10/11/2009 - 22:19
User Badges:

Thanks for your quick reply.


Can you guide me how to shutdown the Daemon Manager?


Best Regards,

Joe Clarke Mon, 10/12/2009 - 06:25
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Please continue the discussion about CWA on the CWA thread.

Actions

This Discussion