10-04-2005 10:29 AM
I have some 3524XL switches that don't support SNMPv3. I want to include snmp v1/2 RW for Ciscoworks but it is failing. Commands look OK as does the output for show snmp users/groups. My command is below:
access-list 5 permit <csworks IP>
snmp-server community <name> rw 5
I double-checked community name but "Management station to Device" test fails everytime. This is all I need according to Configuring SNMP Support document. What am I missing?
Solved! Go to Solution.
10-05-2005 01:22 PM
Try this on the switch in a telnet session:
- term mon
- debug snmp packet
Do you see the ip address that you have listed in the access-list?
10-04-2005 01:03 PM
It has something to do with the access-list. It works without it but I want some additional security.
10-04-2005 01:37 PM
Are you doing any Network Address Translation?
10-05-2005 06:09 AM
10-05-2005 06:41 AM
You may use Ethereal to open up the files:
http://www.ethereal.com/download.html
I see two different community strings that are attempted here, one that starts with SB and one that starts with R3
Which one is configured on the device?
10-05-2005 07:55 AM
The SB string is for RO access. The R3 is RW access.Both are configured on the device as shown:
A
CCESS LIST
access-list 5 permit 192.168.168.xxx
SNMP
snmp-server engineID local 0000000902000009432XXXX
snmp-server community ******** RO
snmp-server community ******** RW 5
10-05-2005 08:59 AM
what does show access-list 5 return?
10-05-2005 10:25 AM
CSSINTSW2#sho access-list
Standard IP access list 5
permit 192.168.168.XX
Do I need to do an extended list indicating UDP and eq snmp?
10-05-2005 10:27 AM
I was hoping it would show if it denied anything
10-05-2005 01:30 PM
I checked the packet. The only thing I can see is that the header checksum is not correct. Will this cause it to fail?
Internet Protocol, Src: 192.168.168.91 (192.168.168.91), Dst: 192.168.252.190 (192.168.252.190)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 72
Identification: 0xd569 (54633)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0x0000 [incorrect, should be 0x3ed0]
Source: 192.168.168.91 (192.168.168.91)
Destination: 192.168.252.190 (192.168.252.190)
User Datagram Protocol, Src Port: 3864 (3864), Dst Port: snmp (161)
Source port: 3864 (3864)
Destination port: snmp (161)
Length: 52
Checksum: 0x215f [correct]
Simple Network Management Protocol
Version: 1 (0)
Community: R3str1cted
PDU type: GET (0)
Request Id: 0x00000002
Error Status: NO ERROR (0)
Error Index: 0
Object identifier 1: 1.3.6.1.2.1.1.4.0 (SNMPv2-MIB::sysContact.0)
Value: NULL
10-05-2005 01:22 PM
Try this on the switch in a telnet session:
- term mon
- debug snmp packet
Do you see the ip address that you have listed in the access-list?
10-06-2005 06:27 AM
Thank you Nadin...and my apologies. You were right about the NAT issue. Unfortunately, I didn't dig deep enough on that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide