10-04-2005 10:29 AM
I have some 3524XL switches that don't support SNMPv3. I want to include snmp v1/2 RW for Ciscoworks but it is failing. Commands look OK as does the output for show snmp users/groups. My command is below:
access-list 5 permit <csworks IP>
snmp-server community <name> rw 5
I double-checked community name but "Management station to Device" test fails everytime. This is all I need according to Configuring SNMP Support document. What am I missing?
Solved! Go to Solution.
10-05-2005 01:22 PM
Try this on the switch in a telnet session:
- term mon
- debug snmp packet
Do you see the ip address that you have listed in the access-list?
10-04-2005 01:03 PM
It has something to do with the access-list. It works without it but I want some additional security.
10-04-2005 01:37 PM
Are you doing any Network Address Translation?
10-05-2005 06:09 AM
10-05-2005 06:41 AM
You may use Ethereal to open up the files:
http://www.ethereal.com/download.html
I see two different community strings that are attempted here, one that starts with SB and one that starts with R3
Which one is configured on the device?
10-05-2005 07:55 AM
The SB string is for RO access. The R3 is RW access.Both are configured on the device as shown:
A
CCESS LIST
access-list 5 permit 192.168.168.xxx
SNMP
snmp-server engineID local 0000000902000009432XXXX
snmp-server community ******** RO
snmp-server community ******** RW 5
10-05-2005 08:59 AM
what does show access-list 5 return?
10-05-2005 10:25 AM
CSSINTSW2#sho access-list
Standard IP access list 5
permit 192.168.168.XX
Do I need to do an extended list indicating UDP and eq snmp?
10-05-2005 10:27 AM
I was hoping it would show if it denied anything
10-05-2005 01:30 PM
I checked the packet. The only thing I can see is that the header checksum is not correct. Will this cause it to fail?
Internet Protocol, Src: 192.168.168.91 (192.168.168.91), Dst: 192.168.252.190 (192.168.252.190)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 72
Identification: 0xd569 (54633)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0000 [incorrect, should be 0x3ed0]
Source: 192.168.168.91 (192.168.168.91)
Destination: 192.168.252.190 (192.168.252.190)
User Datagram Protocol, Src Port: 3864 (3864), Dst Port: snmp (161)
Source port: 3864 (3864)
Destination port: snmp (161)
Length: 52
Checksum: 0x215f [correct]
Simple Network Management Protocol
Version: 1 (0)
Community: R3str1cted
PDU type: GET (0)
Request Id: 0x00000002
Error Status: NO ERROR (0)
Error Index: 0
Object identifier 1: 1.3.6.1.2.1.1.4.0 (SNMPv2-MIB::sysContact.0)
Value: NULL
10-05-2005 01:22 PM
Try this on the switch in a telnet session:
- term mon
- debug snmp packet
Do you see the ip address that you have listed in the access-list?
10-06-2005 06:27 AM
Thank you Nadin...and my apologies. You were right about the NAT issue. Unfortunately, I didn't dig deep enough on that.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: