SNMP v3 Config

Unanswered Question
Oct 1st, 2010
User Badges:

Hi Team,


Any have a good config to SNMPv3. for all products to CWLMS3.2


I try something and I have manage all devices. But by example, the DFM can not manage. I thing that some config en SNMPv3 is missing


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Fri, 10/01/2010 - 22:00
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The following is all you need for IOS:


snmp-server group v3group v3 auth

snmp-server user v3user v3group v3 auth md5 v3user123


But there are certainly other options you can use.


However, some devices have a bug where they use a non-unique engine ID.  DFM requires that every device have a unique SNMP engine ID.  Use "show snmp engineID" on your devices and make sure the IDs are unique across all of them.  Use the "snmp-server engineID" command to set a unique value if you find any duplicates.  Then delete and re-add the devices in DFM and they should become managed.

mcerrillos Sat, 10/02/2010 - 12:05
User Badges:

Hi Joseph,


Thanks for you help, I try that you say me.


Regards

mcerrillos Mon, 10/04/2010 - 11:43
User Badges:

Hi Clark,


I have this command:


snmp-server user USER GROUP v3 auth md5 xxxxxx priv des xxxxx access 2

In  the access-list is Ok, I validate that I have access.

In think so, that the DES is my problem, you know some about to use DES, By example I can not get configs from RME Config Managment.

I validate device credentials and I have recieved some error, but for some reason, I have manage this device in CM. And CiscoVIew

Joe Clarke Tue, 10/05/2010 - 16:22
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

RME supports DES encryption, so that is not the problem.  If you are using SNMP/TFTP to fetch the configs (as opposed to telnet or SSH), t

hen be sure your SNMPv3 group has a write-view associated with it.  For example:


snmp-server group v3group v3 auth write v1default

Joseph, in regards to the same snmpv3 configuration, what is the "v1default" and why use this view as appose to another?

I have set up this on my 2811 router:


snmp-server group groupv3 v3 auth write v1defualt
snmp-server user testv3 groupv3 v3 auth md5 TESTv3 priv 3des heat


but when I run try to perform a management to the device using snmpv3,


the snmpv3 "READ" passes, but the "WRITE" fails?


Your opinion is appreciated.


EV

Joe Clarke Thu, 10/07/2010 - 13:21
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It looks like you spelled default wrong.  Make sure the view is v1default.  This is a special built-in view that exposes all of the typical MIB branches.

Actions

This Discussion