Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4362
Views
0
Helpful
4
Replies

SNMPv3 config on c2960G

Go to solution
Eric Hansen
Level 1
Level 1

‎10-01-2012 10:11 AM

I am trying to configure SNMPv3 on a 2960G(12.2.(55)) and I hope I am just missing something somewhere....

snmp-server view v3view interfaces included

snmp-server view v3view internet included

snmp-server view v3view chassis included

snmp-server view v3view system included

snmp-server group v3group v3 priv read v3viewwrite v3view notify v3view

snmp-s user v3user v3group v3 auth md5 v3secret priv aes 128 v3secret

Interestingly enough when I 'sh conf | i snmp' the user command isnt there, however it shows it under 'sh snmp user'.  Using Solarwinds Eng Toolset to attempt to just pull interfaces and it keeps kicking back with creds failing.

any help is appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ngoldwat
Level 4
Level 4
In response to Eric Hansen

‎10-03-2012 08:43 AM

OK, so have you verified that your NMS is using the correct credentials?  Do you have an ACL defined?

Here are some basic instructions.  Order of operations matter.

To enable SNMP v3 on Cisco IOS devices, follow these steps:

  • Create a View

snmp-server view iso included

  • Set the Security Model (if there is no ACL then please ignore access access-list )

snmp-server group v3 auth read write access access-list

  • Create a user and authentication protocol to be used

snmp-server user v3 auth md5

  • create a context for every vlan that you have the end host

snmp-server group netset v3 auth context

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ngoldwat
Level 4
Level 4

‎10-01-2012 10:53 AM

Hi,

SNMPv3 users do not appear in the running configuration.

Please post the output of:

# show run | i snmp

# show snmp user

# show snmp group

# show snmp view

Thanks

0 Helpful

Go to solution
Eric Hansen
Level 1
Level 1
In response to ngoldwat

‎10-01-2012 11:16 AM

Will do.

sh run | i snmp

snmp-server group v3group v3 priv read v3view write v3view notify v3view

snmp-server view v3view internet included

snmp-server view v3view system included

snmp-server view v3view interfaces included

snmp-server view v3view chassis included

snmp-server location Network Team

sh snmp user

User name: v3user

Engine ID: 800000090300001AE3491E01

storage-type: nonvolatile        active

Authentication Protocol: MD5

Privacy Protocol: AES128

Group-name: v3group

sh snmp group

groupname: v3group                          security model:v3 priv

readview : v3view                           writeview: v3view                         

notifyview: v3view                         

row status: active

sh snmp view

v3view internet - included nonvolatile active

v3view system - included nonvolatile active

v3view interfaces - included nonvolatile active

v3view chassis - included nonvolatile active

v1default iso - included permanent active

v1default internet - included permanent active

v1default snmpUsmMIB - excluded permanent active

v1default snmpVacmMIB - excluded permanent active

v1default snmpCommunityMIB - excluded permanent active

v1default ciscoMgmt.252 - excluded permanent active

*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F iso - included volatile active

*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F iso.2.840.10036 - included volatile active

e-

0 Helpful

Go to solution
ngoldwat
Level 4
Level 4
In response to Eric Hansen

‎10-03-2012 08:43 AM

OK, so have you verified that your NMS is using the correct credentials?  Do you have an ACL defined?

Here are some basic instructions.  Order of operations matter.

To enable SNMP v3 on Cisco IOS devices, follow these steps:

  • Create a View

snmp-server view iso included

  • Set the Security Model (if there is no ACL then please ignore access access-list )

snmp-server group v3 auth read write access access-list

  • Create a user and authentication protocol to be used

snmp-server user v3 auth md5

  • create a context for every vlan that you have the end host

snmp-server group netset v3 auth context

0 Helpful

Go to solution
Eric Hansen
Level 1
Level 1
In response to ngoldwat

‎10-04-2012 09:20 AM

Found the problem, the 'priv' command in the 'snmp-server group' command needed to be auth, why priv is an option or why it doesnt work with priv... no idea.

0 Helpful
Customers Also Viewed These Support Documents