Solved: Re: Enable snmp v3 command

azerty800e · ‎01-15-2024

I want to enable SNMPv3 on a Cisco router. I have managed to perform SNMP queries in v1 and v2c, but it is not working in SNMPv3. The server sending the requests is a Debian server.
Could you please provide the commands to enter please ?

balaji.bandi · ‎01-17-2024

What router is this - is this running IOS or IOS XE

R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 AZERTYazerty123 priv aes 128 AZERTYazerty123

You configured as MD5

you doing walk with SHA

snmpwalk -v 3 -u myuser  -a SHA -A AZERTYazerty123 -x AES -X AZERTYazerty123 -l authPriv 192.168.1.254

here SNMPWALK syntax :

snmpwalk -v3 -l (noAuthNoPriv|authNoPriv|authPriv) -u (username) [-a (MD5|SHA)] [-A (authphrase)] [-x DES] [-X (privaphrase)] (ipaddress)[:(dest_port)] [oid]

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

MHM Cisco World · ‎01-15-2024

Share the command you use

MHM

balaji.bandi · ‎01-15-2024

What router is this - is this running IOS or IOS XE

i use standard config as below : On Router with ACL (for protecting)

ip access-list standard BB_SNMP_IN
10 permit x.x.x.x 0.0.0.255

snmp-server engineID local xxxxxxxxxxxxxxx
snmp-server group BB_V3_RO v3 priv read v1default access BB_SNMP_IN
snmp-server user BB_V3_RO BB_V3_RO v3 auth sha <Removed> priv aes 128 <Removed>

Test from debian :

snmpwalk -v3 -l authPriv -u USER -a SHA -A "xxxxxxxxxxxxxxxx" -x AES -X "xxxxxxxxxxxxxxx" 10.x.x.x

on Debian Server what NMS running ? or just SNMPwalk only ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

azerty800e · ‎01-15-2024

Thank you, just SNMPwalk for this moment.

azerty800e · ‎01-17-2024

I have still a problem :

Config router :

R1(config)#snmp-server group MYGROUP v3 priv

R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 AZERTYazerty123 priv aes 128 AZERTYazerty123

Command on linux for request snmpv3

snmpwalk -v 3 -u myuser -a SHA -A AZERTYazerty123 -x AES -X AZERTYazerty123 -l authPriv 192.168.1.254

192.168.1.254 = IP R1

Authentification failure (incorrect password, community or key).

You can help me please ? tks

MHM Cisco World · ‎01-17-2024

Switch#debug snmp packets <<- share this

MHM

balaji.bandi · ‎01-17-2024

What router is this - is this running IOS or IOS XE

R1(config)#snmp-server user MYUSER MYGROUP v3 auth md5 AZERTYazerty123 priv aes 128 AZERTYazerty123

You configured as MD5

you doing walk with SHA

snmpwalk -v 3 -u myuser  -a SHA -A AZERTYazerty123 -x AES -X AZERTYazerty123 -l authPriv 192.168.1.254

here SNMPWALK syntax :

snmpwalk -v3 -l (noAuthNoPriv|authNoPriv|authPriv) -u (username) [-a (MD5|SHA)] [-A (authphrase)] [-x DES] [-X (privaphrase)] (ipaddress)[:(dest_port)] [oid]

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

azerty800e · ‎01-18-2024

Tks !!! I didn't see that!

Georg Pauwen · ‎01-17-2024

Hello,

I tried to check your syntax, based on what you have configured on the server, try the below for the snmpwalk:

snmpwalk -v3 -u myuser -l authPriv -a MD5 -A AZERTYazerty123 -x AES -X AZERTYazerty123 192.168.1.254

192.168.1.254 = IP R1

azerty800e · ‎01-17-2024

Iog :

*Mar 1 00:09:56.707: SNMP: Packet received via UDP from 192.168.1.170 on FastEthernet0/0
*Mar 1 00:09:56.715: SNMP: Report, reqid 1478893616, errstat 0, erridx 0
internet.6.3.15.1.1.4.0 = 1
*Mar 1 00:09:56.719: SNMP: Packet sent via UDP to 192.168.1.170
*Mar 1 00:09:56.735: SNMP: Packet received via UDP from 192.168.1.170 on FastEthernet0/0
*Mar 1 00:09:56.735: SNMP: Report, reqid 2147483647, errstat 0, erridx 0
internet.6.3.15.1.1.5.0 = 1
*Mar 1 00:09:56.735: SNMP: Packet sent via UDP to 192.168.1.170
R1#
*Mar 1 00:10:14.455: SNMP: Packet received via UDP from 192.168.1.170 on FastEthernet0/0
*Mar 1 00:10:14.455: SNMP: Report, reqid 1184464935, errstat 0, erridx 0
internet.6.3.15.1.1.4.0 = 2
*Mar 1 00:10:14.455: SNMP: Packet sent via UDP to 192.168.1.170
*Mar 1 00:10:14.467: SNMP: Packet received via UDP from 192.168.1.170 on FastEthernet0/0
*Mar 1 00:10:14.467: SNMP: Report, reqid 2147483647, errstat 0, erridx 0
internet.6.3.15.1.1.5.0 = 2
*Mar 1 00:10:14.467: SNMP: Packet sent via UDP to 192.168.1.170
R1#

MHM Cisco World · ‎01-17-2024

there traffic
but are it reach or not ?
can you ping from SW to SNMP using source interface
MHM

duwijakarta · ‎06-17-2024

@balaji.bandi @Georg Pauwen

hello, please help

Can anyone help with the following case?
when I create a new device on the cacti server it says

xxxx@cacti-explore:~$ snmpwalk -v3 -l authPriv -u xxxx -a MD5 -A 'xxxxx' -x AES -X 'xxxx' 1xx.x.x.x
Error in packet.
Reason: authorizationError (access denied to that object)

but if I set it with version 2 the results are successful
snmpwalk -c xxxx -v 2c

even though the settings on my switch are for version 3
why does it always say "authorizationError (access denied to that object)" when I set snmp version 3?
Are there any settings that need to be added?
Thank You

example
sh snmp user

User name: switchsnmp
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: SnmpSwitch

snmp-server group SnmpSwitch v3 priv
snmp-server host xx.xx.xx.xx version 3 priv switchsnmp udp-port 161

Is the setting correct like this?