cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1992
Views
1
Helpful
7
Replies

SNMPv3 with Zabbix - Authentication Issues

gmjxo
Level 1
Level 1

Hello,

Thank you for reading.

Zabbix, version 6.4, will be collecting traps from my 9300 cisco catalyst switch on version 16.6.1.

I am having an authentication issues with SNMPv3 utilizing AES 128,192, and 256. However, I am able to authenticate utilizing DES for my encryption.

The commands I am using for AES is:

snmp-server group aesgroup v3 priv read READERS

snmp-server user aesuser aesgroup v3 auth sha authpass priv aes 256 cryptpass

snmp-server host 10.10.1.1 version 3 priv aesuser

 

The commands I am using for DES is:

snmp-server group desgroup v3 priv read READERS

snmp-server user desuser desgroup v3 auth sha authpass priv des cryptpass

snmp-server host 10.10.1.1 version 3 priv desuser

 

DES authenticates with Zabbix.

Some assistance will be great.

 

7 Replies 7

Hello!

I really wouldn't recommend using des, but still... 

Your configuration seems as it should. What is the output of show snmp user?

BR

****Kindly rate all useful posts*****

Today,

the host and switch decided to connect utilizing AES 128. However, I am not getting any data on the host. I did a wireshark capture, and I see the get request from the host, and I decrypted the data, and the following SNMP packets are Malformed.

My current SNMP configuration is:

snmp-server group aesgroup v3 priv read v1default

snmp-server user aesuser aesgroup v3 auth sha authpass priv aes 128 cryptpass

snmp-server host 10.10.1.1 version 3 priv aesuser

 

show snmp user displays username, engineID,storagetype: nonvolatile active, authentication protocol, privacy protocol,and groupname.

 

Hello,

I don't know what environment you are running Zabbix in, but the thread below might be useful:

https://www.zabbix.com/forum/zabbix-help/443645-snmpv3-unsupported-authentication-protocol

I appreciate the response. The issue has to be with the switch and the version. I also tested the 9300 switch version 16.6.1 with Paessler, and I was getting an engineID error. I added some engineID configurations, and it did not work. Yesterday, I tested my SNMPv3 configurations on a 9200 switch version 17.0.2 if I remember correctly, and the switch did connect. Possibly the switch version on the 9300 may be bugged....I could not find any documentation on it.

Hello,

I did a bug search, and possibly the bug below applies (you are using aes 128 and not 192/256, but you still might want to give this a try). The workaround would be to use (I am not 100% sure about the syntax, the goal is to use 'sha256' for authentication instead of 'sha':

snmp-server user aesuser aesgroup v3 auth sha256 authpass priv aes 128 cryptpass

 

SNMPv3 polling may fail using privacy algorithms AES192/AES256
CSCwe73933  
Symptom: SNMP v3 polling does not work. Conditions: The SNMP v3 authentication algorithm is set to SHA and encryption is set to AES 192 or AES 256. Workaround: Use SHA 256 as an authentication algorithm. Further Problem Description: none

I don't have any sha options than "SHA", but I will give that a try. In my wireshark capture, I did see the Authentication complete. It was the privacy protocol that was "Malformed". I will give this a try though.

JayeshR
Level 1
Level 1

We have 2 networks that we monitor, Currently Solarwinds is running with SHA and aes128 on SNMP V3 with no issues. On the other network,

I am trying to run Zabbix and apparently SNMP v3 does not work correctly on the templates provided. You have a adjust the, 'Security Name' 'Authentication passphrase' 'Enter Privacy passphrase' in the .xml file  

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: