Re: Shutdown port with CiscoView - cisco prime LMS4.2

Andres Zambrano · ‎02-20-2014

Buenos dias.

No puedo realizar ninguna actividad con los puertos a traves del cisco view. me sale un error.

Message

Cannot access the required SNMP object due to restricted SNMP view setting.

Ya configuré en el sw cisco la version snmp3.

-----------------------------------

Good morning.

I can not perform any activity through the ports cisco view. I get an error.

Message

Can not access the required SNMP object due to restricted SNMP view setting.

Since I configured the cisco sw version snmp3.

Vinod Arya · ‎02-20-2014

To do this you need to have correct RW snmp credenctial configured on the device and should not haveany SNMP View which is clocking access to IF MIB which is needed to change the port status.

Please makje sure both are configured.

1. SNMP RO/RW properly on LMS.

2. No SNMP View on Device.

Share show run | inc snmp output from device. Also device platform and version.

-Thanks
Vinod
**Rating Encourages contributors, and its really free. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Andres Zambrano · ‎02-21-2014

Hola.

te envio el resultado de.

show run | inc snmp

El equipo es un switch 2960-48TC-L

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)

Vinod Arya · ‎02-21-2014

If you are using SNMP v3 credentials to manage device on LMS, the config seems incorrect. It is missing SNMP v3 view configurations.

The order of snmp v3 config with minimum configuration is :

snmp-server view ... xxxx

snmp-server group ..... xxxx

snmp-server user .... xxx

Please run a credential verification job against the device for snmp v2 and v3 and share result. You can run job from :

Inventory > Job Browsers: Device Credential Verification

-Thanks
Vinod
**Spread happiness. Encourage contributors. RATE them. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Andres Zambrano · ‎02-21-2014

Run the report. I am attaching what he gave me as a result.

Please clarify my ignorance.

in snmp-server view I should put that on my switch I have configured only.

snmp-server group Bgciscoprime v3 auth read c1sc0pr1me write c1sc0pr1m3 (está bien el grupo snmp?)

El usuario para snmp es Bg123456 y la clave es c1sc0pr1m3 como lo configuro en snmp-server user y snmp-server view.

THANK YOU A LOT

AFROJ AHMAD · ‎02-21-2014

SNMP config should be something like this :

snmp-server view myview iso included

snmp-server group cisconms v3 auth read myview write myview

snmp-server user cisco cisconms v3 auth md5 cisco123 priv 3des 123cisco

Thanks-
Afroz
[Do rate the useful post]

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

Vinod Arya · ‎02-21-2014

So the screenshot says, snmp v3 configuration is incorrect. As per the snmp-server group configuration, you have shared :

snmp-server group Bgciscoprime v3 auth read c1sc0pr1me write c1sc0pr1m3

Please configure this on your device :

snmp-server view c1sc0pr1me iso included

snmp-server view c1sc0pr1m3 iso included

Than try to change the port status via ciscoview.

-Thanks
Vinod
**Rating Encourages contributors, and its really free. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Vinod Arya · ‎02-21-2014

Por favor, no le importaba mi español. Sólo estoy tratando de hacer esto más fácil para usted.

Así que la pantalla dice, configuración SNMP v3 es incorrecta. De acuerdo con la configuración del grupo de SNMP-servidor, que ha compartido:

snmp-server group Bgciscoprime v3 auth read c1sc0pr1me write c1sc0pr1m3

Por favor, configure este en su dispositivo:

snmp-server view c1sc0pr1me iso included

snmp-server view c1sc0pr1m3 iso included

De tratar de cambiar el estado del puerto a través de CiscoView.

-Gracias

Vinod

** Nota Alienta a los contribuyentes, y es realmente libre. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Andres Zambrano · ‎02-21-2014

Hello, thank you very much .. me and it worked.

They helped me a lot, greeting from ECUADOR

.

I send the attached configuration

El mensaje fue editado por: Andres Zambrano

Vinod Arya · ‎02-21-2014

Gracias por la actualización. Su placer saber que funcionaba.

Quiero saber si el problema se ha resuelto ahora.

Que tengas un buen día.

-Gracias

Vinod

** Felicidad Spread. Anime Colaboradores. Tasa de ellos. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Andres Zambrano · ‎02-21-2014

Si, mi problema se ha resuelto.

I have a question

I can limit the help desk to perform this operation and block everything?

regards

Vinod Arya · ‎02-21-2014

Your question as a double aspect and sides:

1. Can you retrict access to help-desk users from device side?

2. Can this be retricted from LMS point of view.

Answers:

Possible from both the ways :

1. From device side, you need to configure SNMP view for the only MIB you want access to help-desk and associate it to the community string (snmp v2) or password (snmp v3) they'll use.

For example, as per your last configuration :

snmp-server view Bg123456 iso included

Coinfigure it with only MIB required for this operations:

snmp-server view Bg123456 <mib_name> included

Example :

snmp-server view Bg123456 iso excluded

snmp-server view Bg123456 ifMib included

**ifMIB is needed to do the interface operations, like port shut or no shut etc.

2. From LMS point of view you can configure the user profiles and give them custom authorizations. It is known as user role. A role is a collection of privileges that dictate the type of system access you have. The Manage User Roles workflow allows you to add, edit, copy and delete user-defined roles in LMS.

For more details check here :

http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/getting_started/lms42_getstart_guide/usrsecmgt.html#wp1072515

-Thanks

Vinod

**Rating is another way to say Thank you. If it helped. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Vinod Arya · ‎02-21-2014

Su pregunta como un doble lado :

1 . ¿Puedes retrict acceso a Help-Desk usuarios de un lado del dispositivo?

2 . ¿Puede esto ser retricted desde el punto de vista LMS .

Respuestas :

Posible tanto de las formas :

1 . Desde el lado del dispositivo, es necesario configurar la vista de SNMP para el único MIB quieres acceder a help-desk y asociarlo a la cadena de comunidad (v2 snmp ) o contraseña ( SNMP v3 ) que vamos a usar .

Por ejemplo , según su última configuración :

snmp-server view Bg123456 iso included

Coinfigure con sólo MIB requeridos para estas operaciones :

snmp-server view Bg123456 <mib_name> included

Ejemplo :

snmp-server view Bg123456 iso excluded

snmp-server view Bg123456 ifMib included

** ifMIB se necesita para hacer las operaciones de la interfaz , como el cierre del puerto o no cerrada , etc

2 . Desde el punto de vista LMS puede configurar los perfiles de usuario y darles las autorizaciones personalizadas . Se le conoce como función de usuario. Un rol es un conjunto de privilegios que determinan el tipo de acceso al sistema que usted tiene. El flujo de trabajo Administrar funciones de usuario le permite agregar , editar, copiar y eliminar funciones definidas por el usuario en el LMS .

Para más información consultar aquí :

http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/user/guide/getting_started/lms42_getstart_guide/usrsecmgt.html#wp1072515

-Gracias

Vinod

** El Rating es otra manera de decir gracias. Si ayudó. **

-Thanks Vinod **Rating Encourages contributors, and its really free. **

AFROJ AHMAD · ‎02-20-2014

Hi Andres,

In the device config , give BOTH READ and WRITE VIEW acccess to the GROUP.

for e.g

snmp-server group CWGroup v3 auth read myview write myview

Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****