Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SNMP V3

We have been asked to migrate all devices to SNMP V3.

I tried to test this out on a 2811 router but it is failing. All i need is to allow my NMS (solarwinds) to poll using snmpv3

Here is my config

snmp-server user test test v3 auth md5 test priv des56 test

snmp-server group test v3 priv

IS there anything else i need to do to use snmp v3 for polling

Ambi

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: SNMP V3

The SNMP USM spec says that passwords must be at least eight characters. So you should increase the length of your passwords (e.g. tester123). Also, you do not want to specify a context name in Solarwinds (i.e. leave this field blank). Contexts are not used for general polling. Other than that, this looks okay.

16 REPLIES
Cisco Employee

Re: SNMP V3

The SNMP USM spec says that passwords must be at least eight characters. So you should increase the length of your passwords (e.g. tester123). Also, you do not want to specify a context name in Solarwinds (i.e. leave this field blank). Contexts are not used for general polling. Other than that, this looks okay.

New Member

Re: SNMP V3

Thanks......that did the trick

However i have one more problem. eventhough i disabled snmp and renabled it, the old username still appears in sh snmp users

Is there any way i can get rid of these (ofcourse without a reload). since the sh runn config does not show the username it is difficult to identify the exact commands need to remove them

Ambi

Cisco Employee

Re: SNMP V3

no snmp-server user USER GROUP v3

New Member

Re: SNMP V3

Joe

I have run into another problem now with snmp v3

Solarwinds is able to poll/ identify interfacesetc but not showing any traffic statistics like utilization, errors etc..

Do we need any configuration with respect to MIBs as well

Ambi

Cisco Employee

Re: SNMP V3

There is nothing that needs to be done in IOS to enable this. Typically, the objects to poll for utilization are ifInOctets and ifOutOctets (along with ifSpeed). Faster interfaces will require ifHCInOctets and ifHCOutOctets and ifHighSpeed. All of these should be pollable with the SNMPv3 config you provided earlier.

New Member

Re: SNMP V3

I tried using whatups gold and it too had the same error. interface statistic stops as soon as you disable SNMP v1 or v2c

When polled for CPU, it throws an error stating that the remote device does nto support host resource MIB

Ambi

Cisco Employee

Re: SNMP V3

Our devices don't support the HOST-RESOURCE-MIB. We use the CISCO-PROCESS-MIB for CPU utilization. To figure out why the interface utilization is not working, you will need to provide a sniffer trace of the NMS polling the device.

New Member

Re: SNMP V3

Will check that and upload ..

Is there any good net monitoring tool which works properly with V3. i think with the problems i am facing its time to move to a new tool

Ambi

Cisco Employee

Re: SNMP V3

I use Cacti in my lab and at home for this kind of monitoring. It supports SNMPv3 authNoPriv and authPriv using net-snmp's stack. It works really well (http://www.cacti.net/).

New Member

Re: SNMP V3

I have been trying to setup cacti in windows for the past 2 days..

Polling seems to be ok but for some reason graphs are not shown

Are you using it under wondows or linux?

Any other tool that immediately comes to mind other than cacti ?

Ambi

Cisco Employee

Re: SNMP V3

I use it under FreeBSD. You might also give PRTG a try (http://www.paessler.com/prtg).

New Member

Re: SNMP V3

Many tools will not be able to handle SNMPv3 priv for SNMPv3 polling. I think that is why polling is ok in many of the instances in this conversation but not the display of the data.

Cisco Employee

Re: SNMP V3

The data returned by an SNMPv3 authPriv poll is the same returned by SNMPv3 authNoPriv and SNMPv2c. The only difference is encryption. If the encryption was broken, the device shouldn't be responding with any data at all (only report packets). That is why I requested a sniffer trace early on.

New Member

Re: SNMP V3

Agreed.

But there is SNMPv3 authPriv and Priv. The settings in the user example looks to me to be authPriv and Priv rather than AuthPriv and noPriv meaning the data is to be encrypted. Many SNMP managers will support SNMPv3 authpriv if you configure them correctly but only in noPriv mode ...

Cisco Employee

Re: SNMP V3

There is authPriv and there is authNoPriv. If the manager claims to support authPriv, it must expect encryption (using the specified algorithm). There is no such thing as authPriv without encryption (then it would be called authNoPriv, and the manager should not be offering fields to specify encryption parameters).

New Member

Re: SNMP V3

Well i even tried with authNoPriv but that doesn't work too..

snmpwalk with net-snmp does return the data

Will try to get a sniffer trace from the solarwinds server

Ambi

1517
Views
9
Helpful
16
Replies