11-21-2012 11:32 AM
Hi all,
We have a requirement for SNMPv3. I have implemented it on a test switch, and added a device credential set for it. This switch, which was previously discoverable (and it's traps viewable) via SNMPv2 is no longer visible to LMS. I'm had thought my configs were correct, but perhaps not, so I'm not sure if I am missing something in LMS. Any thoughts appreciated!
Here are the configs on the switch:
snmp-server view LMS iso included
snmp-server view LMS at excluded
snmp-server view LMS snmpUsmMIB excluded
snmp-server view LMS snmpVacmMIB excluded
snmp-server view LMS snmpCommunityMIB excluded
snmp-server group LMS v3 priv read v3read write v3write notify LMS
snmp-user LMS LMS v3 auth md5 authPW priv aes 128 privPW
snmp-server host x.x.x.x traps version 3 priv LMS
Thanks for any assistance!
Solved! Go to Solution.
11-21-2012 12:06 PM
Seems the SNMP v3 config is not correct.
Please see my comments inline (in bold blue) as per your config, in what i think is incorrect:
snmp-server view LMS iso included --> correct
snmp-server view LMS ####at excluded --> dont know if #'s are by mistake
snmp-server view NMS snmpUsmMIB excluded --> Not sure if NMS is typo or you made a new view after LMS.
snmp-server view LMS snmpVacmMIB excluded --> correct
snmp-server view LMS snmpCommunityMIB excluded --> correct
snmp-server group LMS v3 priv read v3read write v3write notify LMS `--> Incorrerect, as after read and write you should have a SNMP View which is configured with "snmp-server view" command, which is either LMS or NMS in your case. There is no v3read or v3write configured.
snmp-user LMS LMS v3 auth md5 authPW priv aes 128 privPW -->Not sure if "snmp-user" is again a typo, else everything is correct.
snmp-server host x.x.x.x traps version 3 priv NMS --> There is no user as 'NMS'. after priv it should be either "SNMPv1/v2c community string or SNMPv3 user name". I dont see any username as NMS, as per config it should be LMS.
-Thanks
11-21-2012 12:06 PM
Seems the SNMP v3 config is not correct.
Please see my comments inline (in bold blue) as per your config, in what i think is incorrect:
snmp-server view LMS iso included --> correct
snmp-server view LMS ####at excluded --> dont know if #'s are by mistake
snmp-server view NMS snmpUsmMIB excluded --> Not sure if NMS is typo or you made a new view after LMS.
snmp-server view LMS snmpVacmMIB excluded --> correct
snmp-server view LMS snmpCommunityMIB excluded --> correct
snmp-server group LMS v3 priv read v3read write v3write notify LMS `--> Incorrerect, as after read and write you should have a SNMP View which is configured with "snmp-server view" command, which is either LMS or NMS in your case. There is no v3read or v3write configured.
snmp-user LMS LMS v3 auth md5 authPW priv aes 128 privPW -->Not sure if "snmp-user" is again a typo, else everything is correct.
snmp-server host x.x.x.x traps version 3 priv NMS --> There is no user as 'NMS'. after priv it should be either "SNMPv1/v2c community string or SNMPv3 user name". I dont see any username as NMS, as per config it should be LMS.
-Thanks
11-23-2012 06:10 AM
Hi Vinod,
Thank you, the group config was the problem! LMS is able to discover the test device via SNMPv3 now. Much appreciated!
And yes, the LMS/NMS was a typo above, sorry about that.
Many thanks,
Jen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide