02-25-2015 02:05 PM
I have just started migrated devices to SNMPv3 and was using the v1default view, but it appears my NMS doesn't have permission to mib
1.3.6.1.2.1.17.4.3 with this view. Maybe cac_view does? I need a view that can see everything. Should I switch to cac_view or try to create something new? |
02-25-2015 05:30 PM
Jessica,
Configuring SNMPv3 on Cisco device is pretty simple and is MUCH preferred over v1 or v2. SNMPv3 has three big benefits:
authentication — we can be assured that the message originated from a valid source
integrity — we can be assured that a packet has not been modified in transit
encryption — no more plain-text SNMP data flying around our network
In v1 or v2 all you have to do to get the device able to get polled is configure SNMP COMMUNITY STRING.
In SNMP v3 due to increased security the steps flow is like this :
1. Create a SNMP View ---> 2. Create a GROUP for that View --> 3. Create USERS under GROUP
1. snmp-server view view-name oid-tree {included | excluded}
2. snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]
3. snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]
EXAMPLE:
> Router(config)# snmp-server view target1 internet included
> Router(config)# snmp-server group mygroup v3 auth write target1
> Router(config)#snmp-server user myuser mygroup v3 encrypted auth md5 myuser
This is simplest configuration you need on a device to make it running. Than you can try to poll you device using snmp v3 username and password according to the tool to see it is wokring correctly.
For more refrence you can check following links:
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842
http://evilrouters.net/2010/03/03/configuring-snmpv3-on-catalyst-switches/
02-26-2015 05:06 AM
I originally did this basically like "snmp-server group mygroup v3 auth write v1default", but it didn't work. My Solarwinds NMS was missing some data so they asked me to run a tool. With SNMPv2, the permissions on one particular MIB tree came back ok, but with SNMPv3, they didn't. According to the show snmp view v1default should include iso and internet.
02-26-2015 08:49 AM
Looks like the command in here with the context and other variables is what is going to work for me. https://supportforums.cisco.com/discussion/11109561/snmpv3-context-configuration-older-switches
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide