Solved: snmp v3 with LMS

clark white · ‎12-17-2014

Dears

I have read many post but still confused for snmp v3 configuration, can anybody route me to the clear explanation example for snmpv3 on 2960 switches.

Below is the configuration on switches for CS 3.2 but I see a ?? in device & credential page of the Common service what I shld enter in privacy password

which snmp walk tool is best to test the snmp reachability to the switch

please correct the configs it they are wrong.

snmp-server group admin v3 auth write adminview write adminview
snmp-server user snmpuser admins v3 auth md5 cisco access 10

snmp-server view adminview internet included

Thanks

AFROJ AHMAD · ‎12-17-2014

Hi Clark,

attached is the text file with sample SNMPv3 config.

you can use NET-SNMP ,MIB browser or any other tool to test the credentials.

Your config also looks fine other than view , it should include ISO

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

AFROJ AHMAD · ‎12-18-2014

Nope,

SNMPV3 works with SNMP user and group only. No community string required

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

View solution in original post

AFROJ AHMAD · ‎12-17-2014

Hi Clark,

attached is the text file with sample SNMPv3 config.

you can use NET-SNMP ,MIB browser or any other tool to test the credentials.

Your config also looks fine other than view , it should include ISO

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

clark white · ‎12-17-2014

Dear Afroz,

we don't require the below traps commands for snmp v3

snmp-server host 172.X.X.X informs version 3 auth snmpuser config-copy

AFROJ AHMAD · ‎12-17-2014

Hi Clark,

snmp-server host command is user to send the TRAPS to the NMS server. If you don't want to send the TRAPS to NMS server then it is not required.

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

clark white · ‎12-17-2014

Dear Afroz,

very good document

in my common services 3.2 I see the device as ??? I think this device WS-C2960XR-24PD-I is not supported

to which version I can upgrade CS, and RME to support the above model.

LMS is installed in windows server I want to do a snmpwalk to test the verification and configs are proper how can I do that???

thanks

AFROJ AHMAD · ‎12-17-2014

Hi Clark,

LMS 3.2 is already end of support.

Upgrade to 4.x and hopefully they should work.

Supported device table for LMS 4.2::

http://www.cisco.com/c/en/us/td/docs/net_mgmt/ciscoworks_lan_management_solution/4-2/device_support/table/lms42sdt.html

You can download and Installed NET-SNMP tool on the service ,also the same thing you can to from LMS server from this directory

Open the command prompt go to below location:

NMSROOT/CSCOpx/objects/jt/bin

then test the SNMP WALK ::

NMSROOT\CSCopx\objects\jt\bin> snmpwalk -v3 -u testuser2 -l AuthPriv -a md5 -A cisco123 -x des -X cisco123 10.104.149.180 1.3.6.1.2.1.1.2

SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.283

Hope it will help

Thanks-

Afroz

****Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

clark white · ‎12-18-2014

Dear afroz,

I have extracted the below from your config please confirm the below configuration are OK.

access-list 90 permit 10.10.10.10

snmp-server community xyz@2014 RW 90

snmp-server view myview iso included
snmp-server group cisconms v3 auth read myview write myview access 90
snmp-server user snmpuser cisconms v3 auth md5 cisco priv 3des cisco

thanks

AFROJ AHMAD · ‎12-18-2014

Looks perfect :)

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

clark white · ‎12-18-2014

Dear Afroz,

little confusion,

for SNMP v3 do we still require a snmp string ??

AFROJ AHMAD · ‎12-18-2014

Nope,

SNMPV3 works with SNMP user and group only. No community string required

Thanks-

Afroz

***Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

clark white · ‎12-18-2014

thanks afroj,

+5 for you again,

I was having a doubt that's the reason I though I shld continue with this thread only.

so the required configs for snmpv3 on the cisco network devices are as below:

access-list 90 permit 10.10.10.10

snmp-server view myview iso included
snmp-server group cisconms v3 auth read myview write myview access 90
snmp-server user snmpuser cisconms v3 auth md5 cisco priv 3des cisco

Please confirm.

AFROJ AHMAD · ‎12-18-2014

correct :)

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****