Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1543
Views
0
Helpful
5
Replies

snmp v3 is broken in ISE 3.1 patch 3

adamscottmaster2013
Level 3
Level 3

‎06-09-2022 07:40 AM

I have a fresh install ISE 3.1 patch 3 on an SNS-3615 appliance.  Everything works except snmp v3.  I have the following in the configuration:

 

snmp-server enable
snmp-server contact "master@abc.com"
snmp-server location "Northern Virginia"
snmp-server engineID WZP20811ABC
snmp-server user adam-v3 v3 sha1 plain adamscottmaster2013 adamscottmaster2013

 

However, when I attempted to do an snmpwalk from my linux management system, I got this:

snmpwalk -v3 -l authPriv -u adam-v3 -a SHA -A adamscottmaster2013 -x AES -X adamscottmaster2013 X.X.X.X Sysname
snmpwalk: Unknown user name (Sub-id not found: (top) -> Sysname)  ---> X.X.X.X is the ISE IP address

 

The same exact configuration works perfectly on Cisco ISE 3.0 patch-1. 

 

Is this a bug on ISE 3.1 patch 3?  Thoughts?

 

 

0 Helpful
5 Replies 5

andrewswanson
Level 7
Level 7

‎06-09-2022 08:51 AM

I can't see the commands below on an ISE ver 2.7 appliance - can you use them on 3.1?

hth
Andy

snmp-server view myview iso included
snmp-server group adam-v3 v3 auth read myview write myview

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to andrewswanson

‎06-09-2022 09:01 AM

those commands don't exist.  See below.

 

cise/admin(config)# snmp-server ?
community Set community string
contact Text for mib object sysContact
enable Enable and Disable SNMP Server
engineid Change EngineID
host Specify hosts to receive SNMP notifications
location Text for mib object sysLocation
trap SNMP Trap Condition to use for notification messages
user Add snmp user

cise/admin(config)# snmp-server

0 Helpful

Arne Bier
VIP
VIP

‎06-09-2022 06:52 PM

Hey @adamscottmaster2013  - I have not tried this in ISE 3.1 - but I managed to confirm that without the -m ALL switch in the SNMPWalk command, it didn't work in ISE 3.0 or ISE 3.2 either.

 

ISE 3.0 & 3.2

abier@rnolabubu-01:~$ snmpwalk -v3 -l authPriv -u adam-v3 -a SHA -A adamscottmaster2013 -x AES -X adamscottmaster2013 *.*.*.* -m ALL SysName
Bad operator (INTEGER): At line 73 in /usr/share/snmp/mibs/ietf/SNMPv2-PDU
SNMPv2-MIB::sysName.0 = STRING: rnolabise03
abier@rnolabubu-01:~$

 

I am using Ubuntu Server 22.04, using the net-snmp (apt install snmp) and I loaded the MIBs additionally from the repo

 

# apt install snmp-mibs-downloader

 

 

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to Arne Bier

‎06-10-2022 06:11 AM

Hey @Arne Bier :  I am using CentOS 7 so the syntax is probably different than Ubuntu.   The same command (my command) working on ISE 3.1 patch-3 but failed on ISE 3.1 patch-1.  TAC is investigating. 

 

In summary, the command syntax is correct on CentOS-7, FWIW.

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎06-10-2022 06:51 AM

Please contact TAC with anything you think is broken so they may file a bug(s).

 

0 Helpful
Customers Also Viewed These Support Documents