Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6848
Views
0
Helpful
2
Replies

SNMP v3 Help

metuckness
Level 1
Level 1

‎04-01-2015 10:37 AM

I hope this is in the correct forum, but I was in need of assistance about setting up SNMP v3 on a Cisco 3750X switch stack and allowing access to Paessler PRTG to monitor the switch stack. I thought I had setup the SNMP server on the 3750X correct, but I cannot get the Paessler SNMP tester app to connect.

 

Here is the configuration I have for the Cisco 3750X switch stack, I will list the SNMP results of the switch below. I am just trying to learn this, so if I have missed a step or I need additional configuration to allow PRTG to query the switch please let me know. As it stands right now it looks like it is not able to connect, but I know the ports 161 & 162 are not being blocked.

 

PRTG SNMP Tester Tool:

http://www.paessler.com/tools/snmptester

SNMP portion of 3750X Config:

snmp-server group ROGROUP v3 priv read MYVIEWRO
snmp-server group RWGROUP v3 priv read MYVIEWRO write MYVIEWRW
snmp-server view MTVIEWRO mib-2 included
snmp-server view MYVIEWRW mib-2 included

 

Here are examples of the statements I ran to setup the SNMP-SERVER (if I recall them correctly):

SW1(config)#snmp-server view MYVIEWRO mib-2 included

SW1(config)#snmp-server view MYVIEWRW mib-2 included

Then:

SW1(config)#snmp-server group ROGROUP v3 priv aes 123 read MYVIEWRO

SW1(config)#snmp-server user USER1 ROGROUP v3 auth sha USER1PASS priv aes 128 CANTSEEME

Then:

SW1(config)#snmp-server group RWGROUP v3 priv aes read MYVIEWRO write MYVIEWRW

SW1(config)#snmp-server user USER2 ROGROUP v3 auth sha USER2PASS priv aes 128 CANTSEEME

 

SNMP results from Switch:

LCCA-3750X#sh snmp group
groupname: ROGROUP                          security model:v3 priv
readview : MYVIEWRO                         writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: RWGROUP                          security model:v3 priv
readview : MYVIEWRO                         writeview: MYVIEWRW                 
notifyview: <no notifyview specified>
row status: active


__________________________________

LCCA-3750X#sh snmp user

User name: SNMPUSERRO
Engine ID: 8000000903004C4E35920401
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: ROGROUP

User name: SNMPUSERRW
Engine ID: 8000000903004C4E35920401
storage-type: nonvolatile        active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: RWGROUP


_____________________________________

LCCA-3750X#sh snmp
Chassis: FDO1704R2JD
142 SNMP packets input
    0 Bad SNMP version errors
    78 Unknown community name
    0 Illegal operation for community name supplied
    0 Encoding errors
    20 Number of requested variables
    0 Number of altered variables
    20 Get-request PDUs
    0 Get-next PDUs
    0 Set-request PDUs
    0 Input queue packet drops (Maximum queue size 1000)
52 SNMP packets output
    0 Too big errors (Maximum packet size 1500)
    0 No such name errors
    0 Bad values errors
    0 General errors
    0 Response PDUs
    0 Trap PDUs
SNMP global trap: disabled

SNMP logging: disabled
SNMP agent enabled

 

Here are results of the tester tool, running it from the server that runs PRTG:

----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:05:39 PM (10 ms) : Device:
3/31/2015 3:05:39 PM (14 ms) : SNMP V3
3/31/2015 3:05:39 PM (19 ms) : Uptime
3/31/2015 3:05:43 PM (4075 ms) : -------
3/31/2015 3:05:43 PM (4079 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
3/31/2015 3:05:47 PM (8138 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
3/31/2015 3:05:47 PM (8139 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:07:14 PM (10 ms) : Device: 192.168.116.253
3/31/2015 3:07:14 PM (15 ms) : SNMP V3
3/31/2015 3:07:14 PM (19 ms) : Uptime
3/31/2015 3:07:14 PM (127 ms) : -------
3/31/2015 3:07:14 PM (133 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = No such object (SNMP error # 222) ( 0 seconds )
3/31/2015 3:07:14 PM (239 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No such object (SNMP error # 222) ( 0 seconds )
3/31/2015 3:07:14 PM (247 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:07:32 PM (15 ms) : Device: 192.168.116.253
3/31/2015 3:07:32 PM (21 ms) : SNMP V3
3/31/2015 3:07:32 PM (26 ms) : Walk
3/31/2015 3:07:32 PM (72 ms) : Error: -2007

----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:07:41 PM (10 ms) : Device: 192.168.116.253
3/31/2015 3:07:41 PM (14 ms) : SNMP V3
3/31/2015 3:07:41 PM (19 ms) : 64Bit Counter
3/31/2015 3:07:41 PM (128 ms) : -------
3/31/2015 3:07:41 PM (136 ms) : In: No such object (SNMP error # 222)
3/31/2015 3:07:41 PM (249 ms) : Out: No such object (SNMP error # 222)
3/31/2015 3:07:41 PM (255 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:30:56 PM (14 ms) : Device: 192.168.116.253
3/31/2015 3:30:56 PM (19 ms) : SNMP V3
3/31/2015 3:30:56 PM (24 ms) : Custom OID tty
3/31/2015 3:30:56 PM (130 ms) : -------
3/31/2015 3:30:56 PM (138 ms) : Value: Error converting OID (SNMP error # -2007)
3/31/2015 3:30:56 PM (143 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:45:32 PM (9 ms) : Device: 192.168.116.253
3/31/2015 3:45:32 PM (14 ms) : SNMP V3
3/31/2015 3:45:32 PM (20 ms) : Custom OID tty
3/31/2015 3:45:36 PM (4188 ms) : -------
3/31/2015 3:45:36 PM (4195 ms) : Value: Error converting OID (SNMP error # -2007)
3/31/2015 3:45:36 PM (4201 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:46:12 PM (9 ms) : Device: 192.168.116.253
3/31/2015 3:46:12 PM (14 ms) : SNMP V3
3/31/2015 3:46:12 PM (18 ms) : Custom OID tty
3/31/2015 3:46:16 PM (4130 ms) : -------
3/31/2015 3:46:16 PM (4137 ms) : Value: Error converting OID (SNMP error # -2007)
3/31/2015 3:46:16 PM (4143 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
3/31/2015 3:48:56 PM (10 ms) : Device: 192.168.116.253
3/31/2015 3:48:56 PM (15 ms) : SNMP V3
3/31/2015 3:48:56 PM (20 ms) : Uptime
3/31/2015 3:49:00 PM (4087 ms) : -------
3/31/2015 3:49:00 PM (4094 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
3/31/2015 3:49:04 PM (8164 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
3/31/2015 3:49:04 PM (8166 ms) : Done


----------------------- New Test -----------------------
Paessler SNMP Tester 5.1.3
4/1/2015 11:00:16 AM (12 ms) : Device: 192.168.116.253
4/1/2015 11:00:16 AM (17 ms) : SNMP V3
4/1/2015 11:00:16 AM (22 ms) : Uptime
4/1/2015 11:00:20 AM (4129 ms) : -------
4/1/2015 11:00:20 AM (4134 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
4/1/2015 11:00:24 AM (8191 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No response (check: firewalls, routing, snmp settings of device, IPs, SNMP version, community, passwords etc) (SNMP error # -2003) ( 0 seconds )
4/1/2015 11:00:24 AM (8194 ms) : Done

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Vinod Arya
Cisco Employee
Cisco Employee

‎04-02-2015 04:16 AM

The configuration on the device seems fine, I can suggest to try following :

> Try to configure View with iso inlcuded once to see if what you are polling is not restricted.

You current view config :

SW1(config)#snmp-server view MYVIEWRO mib-2 included

SW1(config)#snmp-server view MYVIEWRW mib-2 included

New Suggested config :

SW1(config)#snmp-server view MYVIEWRO iso included

SW1(config)#snmp-server view MYVIEWRW iso included

> Secondly, please try to configure EngineID on the PRTG to see if this is due to missing EngineID details.

> Try to configure SNMP v2c and verify if the device is not working properly with that.

> Try a packet capture to see if there is any response from device, but PRTG isn't able to interpret.

> Check with PRTG support team as well.

-Thanks

Vinod

**Encourage Contributors. RATE them**

 

 

-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful

Vinod Arya
Cisco Employee
Cisco Employee

‎04-02-2015 04:24 AM

Also, try to restart the SNMP Services once. Its simple :

To stop snmp daemon :

device(config)# no snmp-server

To warm start snmp engine:

device(config)#<any previous or new SNMP config>

example : device(config)#snmp-server group ROGROUP v3 priv aes 123 read MYVIEWRO

 

After this try to poll the device again, and other steps suggested above.

-Thanks

Vinod

**Encourage Contributors. RATE them**

 
-Thanks Vinod **Rating Encourages contributors, and its really free. **
0 Helpful
Customers Also Viewed These Support Documents