Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1592
Views
0
Helpful
7
Replies

SNMP v3 Config

Mario C. G.
Level 1
Level 1

‎10-01-2010 10:16 AM

Hi Team,

Any have a good config to SNMPv3. for all products to CWLMS3.2

I try something and I have manage all devices. But by example, the DFM can not manage. I thing that some config en SNMPv3 is missing

Thanks

Labels:
0 Helpful
7 Replies 7

Joe Clarke
Cisco Employee
Cisco Employee

‎10-01-2010 10:00 PM

The following is all you need for IOS:

snmp-server group v3group v3 auth
snmp-server user v3user v3group v3 auth md5 v3user123

But there are certainly other options you can use.

However, some devices have a bug where they use a non-unique engine ID.  DFM requires that every device have a unique SNMP engine ID.  Use "show snmp engineID" on your devices and make sure the IDs are unique across all of them.  Use the "snmp-server engineID" command to set a unique value if you find any duplicates.  Then delete and re-add the devices in DFM and they should become managed.

0 Helpful

Mario C. G.
Level 1
Level 1
In response to Joe Clarke

‎10-02-2010 12:05 PM

Hi Joseph,

Thanks for you help, I try that you say me.

Regards

0 Helpful

Mario C. G.
Level 1
Level 1
In response to Joe Clarke

‎10-04-2010 11:43 AM

Hi Clark,

I have this command:

snmp-server user USER GROUP v3 auth md5 xxxxxx priv des xxxxx access 2

In  the access-list is Ok, I validate that I have access.

In think so, that the DES is my problem, you know some about to use DES, By example I can not get configs from RME Config Managment.

I validate device credentials and I have recieved some error, but for some reason, I have manage this device in CM. And CiscoVIew

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Mario C. G.

‎10-05-2010 04:22 PM

RME supports DES encryption, so that is not the problem.  If you are using SNMP/TFTP to fetch the configs (as opposed to telnet or SSH), t

hen be sure your SNMPv3 group has a write-view associated with it.  For example:

snmp-server group v3group v3 auth write v1default
0 Helpful

Erick.Valle
Level 1
Level 1
In response to Joe Clarke

‎10-07-2010 09:07 AM

Joseph, in regards to the same snmpv3 configuration, what is the "v1default" and why use this view as appose to another?

I have set up this on my 2811 router:

snmp-server group groupv3 v3 auth write v1defualt
snmp-server user testv3 groupv3 v3 auth md5 TESTv3 priv 3des heat

but when I run try to perform a management to the device using snmpv3,

the snmpv3 "READ" passes, but the "WRITE" fails?

Your opinion is appreciated.

EV

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Erick.Valle

‎10-07-2010 01:21 PM

It looks like you spelled default wrong.  Make sure the view is v1default.  This is a special built-in view that exposes all of the typical MIB branches.

0 Helpful

Erick.Valle
Level 1
Level 1
In response to Joe Clarke

‎10-08-2010 06:15 AM

My apologies JClark.  I made the simple change and everything is working as expected.

Regards,

EV

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents