cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3368
Views
0
Helpful
3
Replies

Facing issue in using SNMPV3 on Cisco Routers

ayazali_ned
Level 1
Level 1

Hi,

Actually, i am trying to implement SNMPV3 on Cisco Routers & Switches to manage & monitor these devices in a more secure manner using NMS called Orion (NPM) Network Performance Monitor.

When i am going to add the node on Orion (NPM), it is showing me an error that the device does not support the interfaces MIB.

The Routers IOS Version and its feature set is as under:

Cisco 3800 & 2800 (IOS version 12.4(20)T2 Advance IP Services).

Configuration as under:

snmp-server DEPT_GRP V3 auth context DEPT_CTX read DEPT_VIEW

snmp-server view DEPT_VIEW iso included

snmp-server view DEPT_VIEW internet included

snmp-server view DEPT_VIEW interfaces included

snmp-server view DEPT_VIEW system  included

snmp-server view DEPT_VIEW chassis included

snmp-server context DEPT_CTX

snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123

snmp-server host 213.42.48.158 version 3 auth SNMPADMIN

At Orion parameters are given as under:

username :- SNMPADMIN

SNMPV3 context :- DEPT_CTX

SNMPV3 Authentication :- SHA1

SNMPV3 Privacy/Encryption :- DES56

Password Key :- cisco123 (All the places)

Kindly help me out and advise me where i am going wrong. Kindly check the configuration above is anything missing in it regarding the SNMPV3 configuration.

Rgds,

Ayaz Ali

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

First, get rid of the context.  It's not needed.  Leave that field blank in Orion.  Second, I'd get rid of this view, as it is insecure.  Instead, use the built-in "v1default" view:

snmp-server group DEPT_GRP v3 auth read v1default

snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123

That config alone should allow you to poll the device.

View solution in original post

3 Replies 3

Joe Clarke
Cisco Employee
Cisco Employee

First, get rid of the context.  It's not needed.  Leave that field blank in Orion.  Second, I'd get rid of this view, as it is insecure.  Instead, use the built-in "v1default" view:

snmp-server group DEPT_GRP v3 auth read v1default

snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123

That config alone should allow you to poll the device.

Hi Joe,

Thanks for your response. As per your reply, i had removed the context and views which were configured earlier on the router and followed the same instructions as you mentioned in your reply, but i would like to tell you one thing about the configuration that i had done for snmp v3.

Your configuration is :-

snmp-server group DEPT_GRP v3 auth read v1default
snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123

My Configuration is :-

snmp-server group DEPT_GRP v3 priv read v1default
snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123

In your configuration, you are using Authentication (Auth) for the SNMP v3 group and if u select auth (Keyword) then you have to only provide authentication method (SHA,MD5) no privacy keys for encryption (DES,AES) in snmp user configuration, otherwise it will give you an error that credential not matched on the host when you try to poll the device.

In my configuration, I am using privacy (priv) for the SNMP v3 group, thats why i had given both authentication and encryption keys under SNMP user configuration.

In short, user settings are dependent on the group settings if you are using auth then it only support authentication but no privacy and if you are using priv then it allow both authentication and encryption (privacy).

Thanks for your support, it really helped me out in solving the issue. Now, i am able to poll my all routers using snmp v3.

Rgds,

Ayaz Ali

Yes, that was a typo.  I mean to use the priv keyword for the group.  Without it, the user configuration is invalid.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco