Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

SNMP V3 and CiscoWorks


today I configered a router (1760) for snmp v3:

snmp-server view ReadView internet included

snmp-server group OurGroup v3 auth read ReadView

snmp-server user xxxx OurGroup v3 auth md5 yyyy

Trying out with net-snmp works fine:

snmpwalk -v3 -u xxxx -l authNoPriv -a MD5 -A yyyy system


system.sysORTable.sysOREntry.sysORUpTime.1 = Timeticks: (0) 0:00:00.00

system.sysORTable.sysOREntry.sysORUpTime.2 = Timeticks: (0) 0:00:00.00

system.sysORTable.sysOREntry.sysORUpTime.3 = Timeticks: (0) 0:00:00.00

system.sysORTable.sysOREntry.sysORUpTime.4 = Timeticks: (0) 0:00:00.00

system.sysORTable.sysOREntry.sysORUpTime.5 = Timeticks: (0) 0:00:00.00

system.sysORTable.sysOREntry.sysORUpTime.6 = Timeticks: (0) 0:00:00.00


Now I want to manage the router via our CiscoWorks and configuered:

Campus Manager Administration - Admin - Device Discovery - SNMP Settings


Target: 192.168.1.*

Username: xxxx

Password: yyyy

Authentication: MD5

and started discovery with result "device unreachable".

Sniffering the packets I found out, that the CW sets "AuthParam" with value NULL, while net-snmp sets some (crypted) data.

The router doesn't responde to CW.

Looks to me like that's the problem.

We're using LMS 2.6.1

Any ideas how to make it work?

Thanks in advance,

kind regards

Rolf Fischer

Cisco Employee

Re: SNMP V3 and CiscoWorks

If the device is already in DCR, check the v3 credentials under Common Services > Device and Credentials > Device Management. The first packet will go out incomplete so that Discovery can discover the SNMP engine ID, engine time, and boots. Once these values are sent from the device, the actual request packet should go out with valid AuthData, engine time, and boot count.

New Member

Re: SNMP V3 and CiscoWorks

Hm, I don't know who rated this post - definitely it wasn't me ?!

The router is in DCR with correct credentials.

We're still having the same problem.


Re: SNMP V3 and CiscoWorks

Could you post a redacted snippet of your snmpv3 view set from your router so we can see what you've allowed it to access ?

New Member

Re: SNMP V3 and CiscoWorks

I'm not sure if I understand the question.

Thought with

"snmp-server view ReadViewITZ internet included"

I allow the whole internet-tree (

Please correct me if I'm wrong.

Regarding my posted picture:

The traced packet from Net-SNMP was full encrypted, this was a first try with authPriv.

I changed that to authNoPriv meanwhile.


Re: SNMP V3 and CiscoWorks

Thats part of what I was looking for, redacted meaning remove or obscure the sensitive information from your configs...

Your device configuration should look something like this for querying remotel:

snmp-server group remotegroup v3 priv

snmp-server user remote PrivUser remotePrivGroup remote #.#.#.# v3 auth md5

password1 priv des56 password2

New Member

Re: SNMP V3 and CiscoWorks

Right, I posted this part of my config yesterday:

snmp-server view ReadView internet included

snmp-server group OurGroup v3 auth read ReadView

snmp-server user CiscoWorks OurGroup v3 auth md5 yyyy

Doing a Device Credentials Verification Job a couple of minutes ago I got this message:

Setting v3 Param mode to authNoPriv. querying sysLocation.obtained exception while g/setting sysLocation SnmpRequestTimeout on while performing SnmpGet at index = -1. Wrong Credentials.

That's strange because I re-checked the parameters and they are correct.

Cisco Employee

Re: SNMP V3 and CiscoWorks

The CiscoWorks query should cause a report packet back from the device? What is the next packet to come from the device?

New Member

Re: SNMP V3 and CiscoWorks

The problem is fixed now - I have to say sorry.

Between the router and the CW-server we have a cryptor which needs to have a bypass for our management-traffic.

This bypass was configered incompletely: The way back to the CW-server was missing.

We added that rule and now it works.


CreatePlease to create content