Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2929
Views
0
Helpful
2
Replies

Attempting to use SNMP v3 between 2900 router and SpiceWorks

Go to solution
mat_rouch
Level 1
Level 1

‎01-24-2013 06:54 AM

I am attempting to set up snmp v3 monitoring of my 2900 series routers from the third party Spiceworks utility.  My snmp config on the router looks like this:

SNMP-Server view Westv3View internet included

SNMP-Server group Westv3Group v3 priv Read Westv3View

SNMP-Server user Westv3User Westv3Group v3 auth MD5 <password1>  priv DES <password1>

In SpiceWorks my network account looks like this:

Type: SNMPV3

Description: network-snmpv3

Login: authPriv:md5:des:Westv3User

Password: <password1>

I have set the logging level on the 2900 router to informational and see no errors of any kind popping up when I try to scan the router from SpiceWorks.  Spiceworks just returns a generic "unable to contact host" message.

Anyone managed to make this kind of setup work in the past?

Thanks,

-Mat

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joel Monge
Cisco Employee
Cisco Employee

‎01-24-2013 11:04 AM

Do a "show snmp" before your SpiceWorks scan.  After the scan do another one and check if you see the incoming packet counter increment.  If not, something is blocking the SNMP traffic from arriving on the device. You can also check further with SNMP debugs on the device to see if packets are getting there:

term mon

debug snmp packets

Alternatively,  I would suggest testing a basic SNMPv3 authentication/encryption as some tools have issues with levels of encryption, i.e.

snmp-server view Westv3View iso included

snmp-server group Westv3Group v3 auth read Westv3View

snmp-server user Westv3User Westv3Group v3 auth md5 12345678

A walk to the above shows fine:

C:\usr\bin>snmpwalk -v3 -l authNoPriv -u Westv3User -a md5 -A 12345678 10.198.28.68 sysObjectID

SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.576

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Joel Monge
Cisco Employee
Cisco Employee

‎01-24-2013 11:04 AM

Do a "show snmp" before your SpiceWorks scan.  After the scan do another one and check if you see the incoming packet counter increment.  If not, something is blocking the SNMP traffic from arriving on the device. You can also check further with SNMP debugs on the device to see if packets are getting there:

term mon

debug snmp packets

Alternatively,  I would suggest testing a basic SNMPv3 authentication/encryption as some tools have issues with levels of encryption, i.e.

snmp-server view Westv3View iso included

snmp-server group Westv3Group v3 auth read Westv3View

snmp-server user Westv3User Westv3Group v3 auth md5 12345678

A walk to the above shows fine:

C:\usr\bin>snmpwalk -v3 -l authNoPriv -u Westv3User -a md5 -A 12345678 10.198.28.68 sysObjectID

SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.576

0 Helpful

Go to solution
mat_rouch
Level 1
Level 1
In response to Joel Monge

‎01-25-2013 07:55 AM

Got it.  I had control-plane management defined on the router and had not added snmp to the list of allowed protocols.  The packets were getting to the router but being dropped there.  Thanks for the nudge in the right direction.

-Mat

0 Helpful
Customers Also Viewed These Support Documents