Solved: Re: snmpv3 and Cisco ISE 3.1 patch-1

adamscottmaster2013 · ‎03-29-2022

I have a hard time to get this snmpV3 working on my ISE 3.1 patch-1 box. I entered the following configuration on the CLI:

snmp-server enable
snmp-server contact "cciesec.net"
snmp-server location "cciesec"
snmp-server user net-v3 v3 sha1 plain CcieSec15515 CCieSec15516

However, when I tried to attempt to do an snmpwalk from my CentOS linux box with the command: snmpwalk -v3 -l authPriv -u net-v3 -a SHA -A CcieSec15515 -x AES -X CCieSec15516 CiscoISE_IP_Address

It keeps timing out. Both the Linux and the ISE is on the same network, and from tcpdump on the ISE, I could see snmpwalk get request on the ISE but no replies.

The configuration that applied to the ISE 3.1 works perfectly on the ISE 2.6 patch-10

Any ideas?

adamscottmaster2013 · ‎03-30-2022

I resolved the issue by doing this about five times on the node:

no snmp-server enable
no snmp-server contact "cciesec.net"
no snmp-server location "cciesec"
no snmp-server user net-v3 v3 sha1 plain CcieSec15515 CCieSec15516

snmp-server enable
snmp-server contact "cciesec.net"
snmp-server location "cciesec"
snmp-server user net-v3 v3 sha1 plain CcieSec15515 CCieSec15516

After that, it starts working, very weird.

View solution in original post

adamscottmaster2013 · ‎03-30-2022

I resolved the issue by doing this about five times on the node:

no snmp-server enable
no snmp-server contact "cciesec.net"
no snmp-server location "cciesec"
no snmp-server user net-v3 v3 sha1 plain CcieSec15515 CCieSec15516

snmp-server enable
snmp-server contact "cciesec.net"
snmp-server location "cciesec"
snmp-server user net-v3 v3 sha1 plain CcieSec15515 CCieSec15516

After that, it starts working, very weird.