Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
2
Replies

snmp broken in ISE 3.2 patch-5

adamscottmaster2013
Level 3
Level 3

‎05-28-2024 05:01 AM

I have the EXACT same SNMP configuration in both ISE 3.0 patch-8 and ISE 3.2 patch-5:

snmp-server enable
snmp-server contact "cciesec@cisco.com"
snmp-server location "fixed you"
snmp-server user cciesec v3 plain your_auth_password_here your_privilege_password_here

From a Ubuntu Linux machine, it works with Cisco ISE 3.0:

 ~ $snmpwalk -v3 -O n -l authPriv -u cciesec -a SHA -A "your_auth_password_here" -x AES -X "your_privilege_password_here" CiscoISE Sysname
1.3.6.1.2.1.1.5.0 = STRING: CiscoISE

 

but FAILED on ISE 3.2, regardless of patches:

~ $snmpwalk -v3 -O n -l authPriv -u cciesec -a SHA -A "your_auth_password_here" -x AES -X "your_privilege_password_here" CiscoISE Sysname

Sysname: Unknown Object Identifier (Sub-id not found: (top) -> Sysname)

However, if I replace Sysname with the Sysname OID of 1.3.6.1.2.1.1.5.0, it works:

$snmpwalk -v3 -O n -l authPriv -u cciesec -a SHA -A "your_auth_password_here" -x AES -X "your_privilege_password_here" 1.3.6.1.2.1.1.5.0

1.3.6.1.2.1.1.5.0 = STRING: CiscoISE

Did Cisco change something in ISE 3.2 patch-x?

Thoughts?

 

 

0 Helpful
2 Replies 2

thomas
Cisco Employee
Cisco Employee

‎05-28-2024 08:04 AM

If you think something is broken/buggy, please call or file your findings with the Cisco TAC

https://mycase.cloudapps.cisco.com/case

0 Helpful

Arne Bier
VIP
VIP

‎05-28-2024 01:53 PM - edited ‎05-28-2024 02:05 PM

@adamscottmaster2013 - if you can retrieve the data using the OID, then there is no problem with ISE, IMHO. The fact that you can't retrieve data when using the symbolic name for the OID sounds more like an application issue with the snmp tool.

I have found that since 3.2p4, SNMPv3 started working reliably (surviving ISE reboots etc.) - I can try this later today to see if I have the same issue. 

You should run a tcpdump on the ISE 3.2 node and see what the differences are between the snmpwalk command ending in "Sysname" and "1.3.6.1.2.1.1.5.0" - if the command sent to ISE is the same, then I would argue that the snmpwalk command is unable to handle the response.

Also, you mention Sysname - in my SNMP tool (Net-SNMP v5.5) I have to use sysName

0 Helpful
Customers Also Viewed These Support Documents