Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1323
Views
0
Helpful
2
Replies

SNMP v3 noAuthNoPriv for MDS 9124

andrea.nagao
Level 1
Level 1

‎11-19-2008 03:06 PM

Hi all,

I am testing against an MDS 9124 at 3.2(3a), and have not been able to communicate to the switch using SNMP v3 noAuthNoPriv. I have configured an SNMP user with noAuthNoPriv as a member of the network-admin group, using the following command:

snmp-server user test_1 network-admin

All attempts to query the switch with this user result in an authorization failure.

Any ideas on what I am missing in the configuration?

Thank you!

--andrea

Labels:
0 Helpful
2 Replies 2

Michael Brown
Cisco Employee
Cisco Employee

‎11-20-2008 03:14 AM

Andrea,

The MDS has 2 logins types that should automatically sync with each other. If you create a CLI user (for telnet and SSH), that same user should be generated for SNMP V3 access (Fabric and Device Manager). If you want to generate an SNMP user called test_1 and provide network-admin role, the command is something like this. (I don't have access to MDS at the moment due to a lab move so I can not confirm the exact command.)

snmp-server user test_1 role network-admin

You need to provide the password, and specify that role is network-admin. As you enter the command, you can use the ? to see what the next possible parameter might be. IE: 'snmp-server user test_1 ?' should show you that the next entry might be the password.

Once entered, if you enter the command 'show snmp users' you should see test_1 appear like the admin user and both should show network-admin.

Also as a result of the snmp-server user being created, a CLI user should be created with the same password and role. This is seen with the 'show user-account' display command.

Hope this helps,

Mike

0 Helpful

andrea.nagao
Level 1
Level 1
In response to Michael Brown

‎11-20-2008 09:58 AM

Hi Mike,

Thank you so much for your reply!

I have found that if I want to create a user with noAuthNoPriv SNMP V3 access, I cannot give the user a password. If I give the user a password, then it automatically gives the user the authPriv level. Using the 'show snmp user' command this shows up as:

User Auth Priv(enforce) Groups

------ ---- ------------- ------

test_1 md5 des(no) network-admin

What I would like is a user with setting:

test_1 no no network-admin

I know this is probably not the normal usage of SNMP V3, but this is a test case I must cover since it is available in SNMP V3.

--andrea

0 Helpful
Customers Also Viewed These Support Documents