Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19872
Views
10
Helpful
1
Replies

SNMPV3 not working

amirdeadline2
Level 1
Level 1

‎09-26-2016 01:02 PM

hi I'm trying to config and run SNMPv3 for first time I but it doesn't work. now I have an router on my lab and a server with multiple snmp manager apps and server can router my router directly so I wont have any security issue during this test. my configuration for snmp V3 is:

Router(config)#snmp-server group testgroup v3 priv

Router(config)#snmp-server user testuser testgroup v3 auth md5 amir priv des test123

after I creat this user it shows me message below:

*Sep 26 19:46:33.004: Configuring snmpv3 USM user, persisting snmpEngineBoots. Please Wait...

now I'm using MIB Walker apps and try to see anything on snmp and in other hand I turned on snmp debug detail and debug snmp packets. when I run snmp walker it shows this and then walk failes:

 

process_mgmt_req_int: UDP packet being de-queued

*Sep 26 19:50:43.504: SNMP: Packet received via UDP from 192.168.1.2 on GigabitEthernet0/1SrParseV3SnmpMessage: No matching Engine ID.
SrParseV3SnmpMessage: Failed.
SrDoSnmp: authentication failure, Unknown Engine ID

*Sep 26 19:50:43.504: SNMP: Report, reqid 29548, errstat 0, erridx 0
internet.6.3.15.1.1.4.0 = 3
*Sep 26 19:50:43.508: SNMP: Packet sent via UDP to 192.168.1.2
process_mgmt_req_int: UDP packet being de-queued

*Sep 26 19:50:43.624: SNMP: Packet received via UDP from 192.168.1.2 on GigabitEthernet0/1SrParseV3SnmpMessage: Failed.

*Sep 26 19:50:43.624: SNMP: Get-next request, reqid 29549, errstat 0, erridx 0
mgmt = NULL TYPE/VALUESrDoSnmp: received get-next pdu
make_error_pdu: Authorization Error.

*Sep 26 19:50:43.628: SNMP: Response, reqid 29549, errstat 16, erridx 0
mgmt = NULL TYPE/VALUE
*Sep 26 19:50:43.632: SNMP: Packet sent via UDP to 192.168.1.2

so please help.

Labels:
0 Helpful
1 Reply 1

luijimen
Cisco Employee
Cisco Employee

‎09-26-2016 03:04 PM

Hi there.

There are 3 values in the SNMPv3 header that must match for the communication to take place:

snmpEngineID, snmpEngineTime, snmpEngineBoots.

The error received indicates a problem with the EngineID value:

"authentication failure, Unknown Engine ID"

Have you specified an EngineID value for the device in your SNMP configuration data on the monitoring tool? If so, try to remove it and just specify the user and auth/priv passwords.

Otherwise, try running "show snmp user" and look for the entry related to user "testuser" and copy the EngineID value shown in there.

If it still does not work, enable "debug snmp headers" and "debug snmp packets" and get the output from your next query.

Luis

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card