cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1196
Views
0
Helpful
3
Replies
arielechano
Beginner

SNMPv3 user without group setting showing

Hello,

Why is it that when SNMPv3 user "TestV3-User" was added to my SNMPv3 implementation on my 6506 switch, the group/MD5/Emcryption settings are missing for this user (See "sh snmp user" output)???

router#sh snmp user

User name: TestV3-User

Engine ID: 80000009030000249706EFC0

storage-type: nonvolatile        active access-list: test

router#sh snmp group

groupname: ILMI                         security model:v1

readview :*ilmi                         writeview: *ilmi

notifyview: <no notifyview specified>

row status: active

groupname: ILMI                         security model:v2c

readview :*ilmi                         writeview: *ilmi

notifyview: <no notifyview specified>

row status: active

groupname:TestV3                     security model:v3 priv

readview :v1default                     writeview: <no writeview specified>

notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF

row status: active      access-list: test

Commands entered:

snmp-server group TestV3 v3 priv read v1default access test

snmp-server user TestV3-User TestV3 v3 auth sha <pw> priv des56 <pw> access test

snmp-server host 10.7.7.250 traps version 3 priv TestV3-User

Sh version output: (also - what IOS version at 12.2 for 6500 support AES encryption???)

"sup-bootdisk:/s72033-ipservicesk9_wan-mz.122-18.SXF17a.bin"

cisco WS-C6506-E (R7000) processor (revision 1.1) with 458720K/65536K bytes of memory.

Processor board ID SAL1252E3C6

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from s/w reset

SuperLAT software (copyright 1990 by Meridian Technology Corp).

X.25 software, Version 3.0.0.

Bridging software.

TN3270 Emulation software.

3 Virtual Ethernet/IEEE 802.3 interfaces

90 Gigabit Ethernet/IEEE 802.3 interfaces

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

Thanks in advance.

3 REPLIES 3
Vinod Arya
Cisco Employee

It works for me perfectly on my 65k. I used your configuration only :

snmp-server group TestV3 v3 priv read v1default access test

snmp-server user TestV3-User TestV3 v3 auth sha test123 priv des test123 access test

Show Output are following  :

6500#show snmp group

groupname: TestV3                           security model:v3 priv

readview : v1default                        writeview:

notifyview:

row status: active      access-list: test

# show snmp user

User name: TestV3-User

Engine ID: 80000009030000190640E1B8

storage-type: nonvolatile        active access-list: test

Authentication Protocol: SHA

Privacy Protocol: DES

Group-name: TestV3

# Show version

Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Versio

n 12.2(33)SXJ3, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Mon 16-Apr-12 16:12 by prod_rel_team

ROM: System Bootstrap, Version 12.2(14r)S9, RELEASE SOFTWARE (fc1)

NMS-WL-6500 uptime is 4 days, 9 hours, 24 minutes

Uptime for this control processor is 4 days, 9 hours, 25 minutes

Time since NMS-WL-6500 switched to active is 4 days, 9 hours, 24 minutes

System returned to ROM by  power cycle (SP by power on)

System restarted at 08:36:19 IST Wed Sep 5 2012

System image file is "disk1:s72033-adventerprisek9_wan-mz.122-33.SXJ3.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco WS-C6509-E (R7000) processor (revision 1.5) with 458720K/65536K bytes of m

emory.

Processor board ID SMC1429004N

SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache

Last reset from power-on

10 Virtual Ethernet interfaces

73 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

1917K bytes of non-volatile configuration memory.

8192K bytes of packet buffer memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x2102

To see whta pric/auth a IOS version support using ? is best to see option. I guess if it doesnt gave any error it is supported.

Probably may want to remove the complete command using NO option and configue it back.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **

Thank you so much for the response. I think I will have to upgrade to 12.2(33) image which also supports 3des/AES encryption.

That will be good to be on a newer release. Please close the thread if the upgrade fixed the issue.

-Thanks

-Thanks Vinod **Rating Encourages contributors, and its really free. **