https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969928#M1106426 <P>I am setting up SNMP v3 on a 9200 below are the commands I am using. When testing I am not getting a response from the switch. When I run an nmap it doesnt show port 161 open.&nbsp;</P> <P>&nbsp;</P> <P>snmp-server group Test_GROUP v3 priv<BR />snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword</P> <P>&nbsp;</P> <P>I am sure I am missing something.</P> <P>Thanks,Dave</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 01 Dec 2023 17:47:28 GMT daveh@innovat.com 2023-12-01T17:47:28Z https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969928#M1106426 <P>I am setting up SNMP v3 on a 9200 below are the commands I am using. When testing I am not getting a response from the switch. When I run an nmap it doesnt show port 161 open.&nbsp;</P> <P>&nbsp;</P> <P>snmp-server group Test_GROUP v3 priv<BR />snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword</P> <P>&nbsp;</P> <P>I am sure I am missing something.</P> <P>Thanks,Dave</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 01 Dec 2023 17:47:28 GMT https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969928#M1106426 daveh@innovat.com 2023-12-01T17:47:28Z https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969935#M1106427 <P><SPAN class="keyword kwd">MHM</SPAN></P> Tue, 05 Dec 2023 20:45:09 GMT https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969935#M1106427 MHM Cisco World 2023-12-05T20:45:09Z https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969960#M1106428 <P>If you have any ACL or anything blocking - what else you see when you do NMAP ?</P> <P>You can check #show snmp (see snmp enabled)</P> <P>#show udp details&nbsp;&nbsp; -show you teh details</P> <P>&nbsp;</P> <P>check the correct syntax as example below :</P> <P class="p">This example shows how to associate a user with a remote host and to send <SPAN class="ph synph"><SPAN class="keyword kwd">auth</SPAN> </SPAN> (authNoPriv) authentication-level informs when the user enters global configuration mode:</P> <SECTION class="p"> <PRE class="pre codeblock"><CODE><SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server engineID remote 192.180.1.27 00000063000100a1c0b4011b</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server group authgroup v3 auth</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server user authuser authgroup remote 192.180.1.27 v3 auth md5 mypassword</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server user authuser authgroup v3 auth md5 mypassword</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server host 192.180.1.27 informs version 3 auth authuser config</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server enable traps</STRONG></KBD> <SPAN class="ph">Device</SPAN>(config)# <KBD class="userinput"><STRONG class="ph userinput">snmp-server inform retries 0<BR /><BR /></STRONG></KBD> </CODE></PRE> </SECTION> Fri, 01 Dec 2023 17:41:59 GMT https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4969960#M1106428 balaji.bandi 2023-12-01T17:41:59Z https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4971644#M1106552 <P>My nmap only shows port 22 open</P><P>PORT STATE SERVICE VERSION<BR />22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)</P><P>SN Snmp</P><P>119 SNMP packets input<BR />0 Bad SNMP version errors<BR />45 Unknown community name<BR />0 Illegal operation for community name supplied<BR />16 Encoding errors<BR />0 Number of requested variables<BR />0 Number of altered variables<BR />0 Get-request PDUs<BR />0 Get-next PDUs<BR />0 Set-request PDUs<BR />0 Input queue packet drops (Maximum queue size 1000)<BR />89 SNMP packets output<BR />0 Too big errors (Maximum packet size 1500)<BR />0 No such name errors<BR />0 Bad values errors<BR />0 General errors<BR />0 Response PDUs<BR />31 Trap PDUs<BR />SNMP global trap: enabled</P><P>SNMP logging: enabled<BR />Logging to xxx.xxx.xxx, 0/10, 26 sent, 5 dropped.</P><P>SNMP Manager-role output packets<BR />0 Get-request PDUs<BR />0 Get-next PDUs<BR />0 Get-bulk PDUs<BR />0 Set-request PDUs<BR />0 Inform-request PDUs<BR />0 Timeouts<BR />0 Drops<BR />SNMP Manager-role input packets<BR />0 Inform request PDUs<BR />0 Trap PDUs<BR />0 Response PDUs<BR />0 Responses with errors</P><P>SNMP informs: disabled<BR />SNMP agent enabled</P><P>Sh UDP detail</P><P>Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17 xxx.xxx.xxx.xxx 55818 xxx.xxx.xxx.xxx 161 0 0 10001001 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater <span class="lia-unicode-emoji" title=":smiling_face_with_sunglasses:">😎</span><BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17 --listen-- xxx.xxx.xxx.xxx 162 0 0 10001011 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater 0)<BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17 --listen-- xxx.xxx.xxx.xxx 63890 0 0 10001011 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater 0)<BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17(v6) --listen-- --any-- 161 0 0 10020001 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater 0)<BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17(v6) --listen-- --any-- 162 0 0 10020011 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater 0)<BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17(v6) --listen-- --any-- 55296 0 0 10020001 0<BR />Queues: output 0<BR />input 0 (drops 0, max 200, highwater 0)<BR />Proto Remote Port Local Port In Out Stat TTY OutputIF<BR />17 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 55893 0 0 10000000 2<BR />Queues: output 0<BR />input 0 (drops 0, max 0, highwater 0)</P><P>Here is the code I used to turn on snmp v3 to connect to PRTG and ops manager.</P><P><SPAN>snmp-server group Test_GROUP v3 priv</SPAN><BR /><SPAN>snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks,Dave</SPAN></P><P>&nbsp;</P> Tue, 05 Dec 2023 12:50:29 GMT https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4971644#M1106552 daveh@innovat.com 2023-12-05T12:50:29Z https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4971950#M1106573 <P><SPAN>snmp-server group Test_GROUP v3 priv</SPAN><BR /><SPAN>snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword</SPAN></P> <P><SPAN>Change the auth from sha to md5</SPAN></P> <P><SPAN>Change priv from des to other</SPAN></P> <P><STRONG>Add engine ID </STRONG></P> <P><SPAN>The server use two ports 161 and 162 so open ports in acl of outside interface.</SPAN></P> <P><SPAN>MHM</SPAN></P> Tue, 05 Dec 2023 21:44:03 GMT https://community.cisco.com/t5/network-security/setting-up-snmp-v3-on-a-cisco-9200/m-p/4971950#M1106573 MHM Cisco World 2023-12-05T21:44:03Z