Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6605
Views
5
Helpful
1
Replies

How to set up SNMP v3 views correctly.

Yermander
Level 1
Level 1

‎07-30-2019 04:43 AM

I am trying to perform a MIB walk on a device I have recently configured SNMPv3 on. I have configured my v3 view as follows...

 

snmp-server view ALL iso included

snmp-server group MyReadWriteGroup v3 priv read ALL write ALL access 1

snmp-server user Myv3User MyReadWriteGroup v3 auth sha PASSWORD priv aes 128 PASSWORD access 1

 

As far as I know this all looks good to me and I have created a view that will allow any user in the group I've configured called 'MyReadWriteGroup' to view everything in the MIB table below the OID which is everything.

 

However when I try a MIB walk my MIB walking tool, it keeps dying during the walk. The applications vendor support are trying to tell me this has something to do with SNMPV3 contexts (contexts are views right?), they are trying to telll me my config is only allowing a certain amount of the MIB to be viewable but as you can see above I have configured the view for my user to be from iso down so he should have a view of everything? 

 

Am I correct in saying this? 

 

Also the other approach I was thinking was not to create a view at all as I have read that if no view is configured then the whole MIB is viewable? If this is the case I can remove views/context from my investigation as to why my MIB walk won't complete.

 

Here's a 'sh snmp group' for a group I didn't specify a view for and you can see the view is autopopulated for v1default, is this the default view that gives visibility to the whole MIB? 

 

Router#sh snmp group
groupname: NVG security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active access-list: 1

 

And here is the sh snmp group for my 'MyReadWriteGroup'

 

groupname: MyReadWriteGroup security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : ALL writeview: ALL
notifyview: <no notifyview specified>
row status: active access-list: 1

 

As far as I can tell both groups should have members that can view the whole of the MIB. 

 

Any ideas on this I can't find clear documentation on this! Thanks for reading!

 

 

 

2 people had this problem
Labels:
1 Reply 1

UT_games
Level 1
Level 1

‎06-23-2020 11:03 AM

I don't have an answer for you other then I'm having the same problem, there isn't any good documentation on SNMPv3 configuration with users, groups, and views and best practices for configuring that. (that I can find) Kind of frustrating.

@Yermander wrote:

I am trying to perform a MIB walk on a device I have recently configured SNMPv3 on. I have configured my v3 view as follows...

 

snmp-server view ALL iso included

snmp-server group MyReadWriteGroup v3 priv read ALL write ALL access 1

snmp-server user Myv3User MyReadWriteGroup v3 auth sha PASSWORD priv aes 128 PASSWORD access 1

 

As far as I know this all looks good to me and I have created a view that will allow any user in the group I've configured called 'MyReadWriteGroup' to view everything in the MIB table below the OID which is everything.

 

However when I try a MIB walk my MIB walking tool, it keeps dying during the walk. The applications vendor support are trying to tell me this has something to do with SNMPV3 contexts (contexts are views right?), they are trying to telll me my config is only allowing a certain amount of the MIB to be viewable but as you can see above I have configured the view for my user to be from iso down so he should have a view of everything? 

 

Am I correct in saying this? 

 

Also the other approach I was thinking was not to create a view at all as I have read that if no view is configured then the whole MIB is viewable? If this is the case I can remove views/context from my investigation as to why my MIB walk won't complete.

 

Here's a 'sh snmp group' for a group I didn't specify a view for and you can see the view is autopopulated for v1default, is this the default view that gives visibility to the whole MIB? 

 

Router#sh snmp group
groupname: NVG security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active access-list: 1

 

And here is the sh snmp group for my 'MyReadWriteGroup'

 

groupname: MyReadWriteGroup security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : ALL writeview: ALL
notifyview: <no notifyview specified>
row status: active access-list: 1

 

As far as I can tell both groups should have members that can view the whole of the MIB. 

 

Any ideas on this I can't find clear documentation on this! Thanks for reading!

 

 

 

I don't have an answer for you other then I'm having the same issue. There isn't any good information on best practices to configuring users, group, and specifically views (that I can find). Kind of frustrating.

0 Helpful
Customers Also Viewed These Support Documents