11-17-2023 02:02 PM
Hello Peeps,
Can you please help me if I missed anything?
We've tried configuring SNMP on our device but the monitoring tool was not able to do SNMP walk on it.
Configuration:
snmp-server group testmonitoring v3 priv access SNMP-ACL
snmp-server user testmonitoring testmonitoring v3 auth sha (PASSWORD) priv aes 128 (PASSWORD)
ip access-list standard SNMP-ACL
10 permit <ip of monitoring tool>
20 permit <ip of monitoring tool2>
30 deny any
exit
When sh snmp user, see result
User name: testmonitoring
Engine ID: 800000090300A03D6E11B480
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: testmonitoring
We've tried removing the access-list and just add the snmp config. Also tried re-adding/re-configuring but no avail.
Are we missing anything else? Same config is working on other device - just this one.
Device Model is C9300-24T running on IOS 16.12.4.
Thank you!
11-17-2023 11:02 PM
- What error do you get when using snmpv2 ?
M.
11-20-2023 08:22 AM
No error, it's just that the monitoring tool is not able to do snmpwalk on device.
SNMPv3 is already enabled and no error found.
11-20-2023 08:51 AM
>... it's just that the monitoring tool is not able to do snmpwalk on device.
- How do you define that statement (and or elaborate) ?
M.
11-18-2023 12:19 AM
Hello @zyckmeriandevil
Please refer here: https://community.cisco.com/t5/networking-knowledge-base/configuration-template-for-snmpv3/ta-p/4666450
C9300 is use as example and also you have some debug/check to do.
You have no Firewall between the monitoring tool and the C9300 ? If yes, snmp flow is authorized ?
11-20-2023 08:22 AM
Yes, we have other 9300 switches who are polling fine with the monitoring tool. but this one switch is not working with SNMPv2 and v3 . And snmp traffic is not blocked.
11-18-2023 04:29 AM
IOS XE 16.12.4 Quite old suggest to upgrade to 17.9.3 or 4a
there are some for the SNMP which create some CPU issue, so suggest to upgrade to latest suggested.
i would suggest to remove all the config and start fresh using simple config and move to securing the SNMP access what you looking to do, I never had any issue cat 9300 switches they are straight forward simple config :
what SNMP Tool you using to get poll SNMP agains Cat 9300 device?
try debug :#debug snmp packets (see that query hitting the Kit ?)
Hope the device have routing in place to reach back to query device.
11-20-2023 08:23 AM
We have other 9300 switch with the same IOS image - the others , the monitoring tool were able to snmp walk, just this one switch. No access-list and we've tried reconfiguring and removing ACLs.
9300-switch#debug snmp packets
SNMP packet debugging is on
11-20-2023 08:48 AM
show run (removing confidential information) working and notworking one.
also show version working and not working one.
Other side i will remove the configuration and re- add as suggested above guides start with simple and move to complex config.
11-20-2023 08:55 AM
Other SW work? Here we need to stop
Check reachability by ping
Check if there is any FW or acl deny traffic from this SW to snmp server.
11-18-2023 05:01 AM
Snmpv3
snmp-server host <ip of snmp server> v3 priv testmonitoring
This command need' you only config group and user and user is name you need to add IP for this user name.
Add this and check.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide