Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
991
Views
1
Helpful
10
Replies

SNMPv2/SNMPv3 is not working on my device

zyckmeriandevil
Level 1
Level 1

‎11-17-2023 02:02 PM

Hello Peeps,
Can you please help me if I missed anything?
We've tried configuring SNMP on our device but the monitoring tool was not able to do SNMP walk on it.

Configuration:
snmp-server group testmonitoring v3 priv access SNMP-ACL
snmp-server user testmonitoring testmonitoring v3 auth sha (PASSWORD) priv aes 128 (PASSWORD)

ip access-list standard SNMP-ACL
10 permit <ip of monitoring tool>
20 permit <ip of monitoring tool2>
30 deny any
exit

When sh snmp user, see result
User name: testmonitoring
Engine ID: 800000090300A03D6E11B480
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: testmonitoring

We've tried removing the access-list and just add the snmp config. Also tried re-adding/re-configuring but no avail.

Are we missing anything else? Same config is working on other device - just this one.

Device Model is C9300-24T running on IOS 16.12.4.

Thank you!

Labels:
0 Helpful
10 Replies 10

marce1000
VIP
VIP

‎11-17-2023 11:02 PM

 

      - What error do you get when using snmpv2 ?

M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

zyckmeriandevil
Level 1
Level 1
In response to marce1000

‎11-20-2023 08:22 AM

No error, it's just that the monitoring tool is not able to do snmpwalk on device.
SNMPv3 is already enabled and no error found.

0 Helpful

marce1000
VIP
VIP
In response to zyckmeriandevil

‎11-20-2023 08:51 AM

 

       >... it's just that the monitoring tool is not able to do snmpwalk on device.
  -                  How do you define that statement (and or elaborate)  ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

M02@rt37
VIP
VIP

‎11-18-2023 12:19 AM

Hello @zyckmeriandevil 

Please refer here: https://community.cisco.com/t5/networking-knowledge-base/configuration-template-for-snmpv3/ta-p/4666450

C9300 is use as example and also you have some debug/check to do. 

You have no Firewall between the monitoring tool and the C9300 ? If yes, snmp flow is authorized ?

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

zyckmeriandevil
Level 1
Level 1
In response to M02@rt37

‎11-20-2023 08:22 AM

Yes, we have other 9300 switches who are polling fine with the monitoring tool. but this one switch is not working with SNMPv2 and v3 . And snmp traffic is not blocked.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-18-2023 04:29 AM

IOS XE 16.12.4 Quite old suggest to upgrade to 17.9.3 or 4a 

there are some for the SNMP which create some CPU issue, so suggest to upgrade to latest suggested.

https://www.cisco.com/c/en/us/td/docs/routers/ncs4200/release/notes/ncs4201-02/16-12-1/b-rn-16-12-x-ncs4201-02/b-rn-16-12-x-ncs4201-02_chapter_010.html

i would suggest to remove all the config and start fresh using simple config and move to securing the SNMP access what you looking to do, I never had any issue cat 9300 switches they are straight forward simple config :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-6/configuration_guide/nmgmt/b_166_nmgmt_9300_cg/b_166_nmgmt_9300_cg_chapter_010.html

what SNMP Tool you using to get poll SNMP agains Cat 9300 device?

try debug :#debug snmp packets (see that query hitting the Kit ?)

Hope the device have routing in place to reach back to query device.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

zyckmeriandevil
Level 1
Level 1
In response to balaji.bandi

‎11-20-2023 08:23 AM

We have other 9300 switch with the same IOS image - the others , the monitoring tool were able to snmp walk, just this one switch. No access-list and we've tried reconfiguring and removing ACLs.

9300-switch#debug snmp packets
SNMP packet debugging is on

balaji.bandi
Hall of Fame
Hall of Fame
In response to zyckmeriandevil

‎11-20-2023 08:48 AM

show run  (removing confidential information) working and notworking one.

also show version working and not working one.

Other side i will remove the configuration and re- add as suggested above guides start with simple and move to complex config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

MHM Cisco World
VIP
VIP
In response to zyckmeriandevil

‎11-20-2023 08:55 AM

Other SW work? Here we need to stop

Check reachability by ping 

Check if there is any FW or acl deny traffic from this SW to snmp server.

0 Helpful

MHM Cisco World
VIP
VIP

‎11-18-2023 05:01 AM

Snmpv3

snmp-server host <ip of snmp server> v3 priv  testmonitoring

This command need' you only config group and user and user is name you need to add IP for this user name.

Add this and check.

MHM

0 Helpful
Customers Also Viewed These Support Documents