I am testing against an MDS 9124 at 3.2(3a), and have not been able to communicate to the switch using SNMP v3 noAuthNoPriv. I have configured an SNMP user with noAuthNoPriv as a member of the network-admin group, using the following command:
snmp-server user test_1 network-admin
All attempts to query the switch with this user result in an authorization failure.
Any ideas on what I am missing in the configuration?
The MDS has 2 logins types that should automatically sync with each other. If you create a CLI user (for telnet and SSH), that same user should be generated for SNMP V3 access (Fabric and Device Manager). If you want to generate an SNMP user called test_1 and provide network-admin role, the command is something like this. (I don't have access to MDS at the moment due to a lab move so I can not confirm the exact command.)
snmp-server user test_1 role network-admin
You need to provide the password, and specify that role is network-admin. As you enter the command, you can use the ? to see what the next possible parameter might be. IE: 'snmp-server user test_1 ?' should show you that the next entry might be the password.
Once entered, if you enter the command 'show snmp users' you should see test_1 appear like the admin user and both should show network-admin.
Also as a result of the snmp-server user being created, a CLI user should be created with the same password and role. This is seen with the 'show user-account' display command.
I have found that if I want to create a user with noAuthNoPriv SNMP V3 access, I cannot give the user a password. If I give the user a password, then it automatically gives the user the authPriv level. Using the 'show snmp user' command this shows up as:
User Auth Priv(enforce) Groups
------ ---- ------------- ------
test_1 md5 des(no) network-admin
What I would like is a user with setting:
test_1 no no network-admin
I know this is probably not the normal usage of SNMP V3, but this is a test case I must cover since it is available in SNMP V3.
Why do you need native HA: The native HA feature allows two Cisco DCNM
appliances to run as active and standby applications, with their
embedded databases synchronized in real time. Therefore, when the active
DCNM is not functioning, the standby DCNM will...
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...