cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3631
Views
5
Helpful
3
Replies

What is snmpv3 view cac_view?

JESSICA Walsh
Level 1
Level 1

I have just started migrated devices to SNMPv3 and was using the v1default view, but it appears my NMS doesn't have permission to mib

1.3.6.1.2.1.17.4.3 with this view. Maybe cac_view does? I need a view that can see everything. Should I switch to cac_view or try to create something new?
3 Replies 3

Vinod Arya
Cisco Employee
Cisco Employee

Jessica,

Configuring SNMPv3 on Cisco device is pretty simple and is MUCH preferred over v1 or v2. SNMPv3 has three big benefits:

authentication — we can be assured that the message originated from a valid source

integrity — we can be assured that a packet has not been modified in transit

encryption — no more plain-text SNMP data flying around our network

In v1 or v2 all you have to do to get the device able to get polled is configure SNMP COMMUNITY STRING.

 

In SNMP v3 due to increased security the steps flow is like this :

1. Create a SNMP View ---> 2. Create a GROUP for that View --> 3. Create USERS under GROUP

1. snmp-server view view-name oid-tree {included | excluded}

2. snmp-server group [groupname {v1 | v2c | v3{auth | noauth | priv}}] [read readview] [write writeview] [notify notifyview] [access access-list]

3. snmp-server user username [groupname remote ip-address [udp-port port] {v1 | v2c | v3 [encrypted] [auth {md5 | sha} auth-password [priv des56 priv password]] [access access-list]

 

EXAMPLE:

> Router(config)# snmp-server view target1 internet included

> Router(config)# snmp-server group mygroup v3 auth write target1

> Router(config)#snmp-server user myuser mygroup v3 encrypted auth md5 myuser

This is simplest configuration you need on a device to make it running. Than you can try to poll you device using snmp v3 username and password according to the tool to see it is wokring correctly.

For more refrence you can check following links:

http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842

http://evilrouters.net/2010/03/03/configuring-snmpv3-on-catalyst-switches/

http://blogs.manageengine.com/netflowanalyzer/2011/05/31/configuring-snmp-v3-on-cisco-router-and-manageengine-netflow-analyzer/

 
So in short, you can create any SNMP VIEW with your own defined name and allow it to view everything. TO allow everything, just configure it to include ISO:
 
example:
snmp-server view VIEW_NAME iso included
 
-Thanks
Vinod 
**Encourage Contributors. RATE Them**
-Thanks Vinod **Rating Encourages contributors, and its really free. **

I originally did this basically like "snmp-server group mygroup v3 auth write v1default", but it didn't work. My Solarwinds NMS was missing some data so they asked me to run a tool. With SNMPv2, the permissions on one particular MIB tree came back ok, but with SNMPv3, they didn't. According to the show snmp view v1default should include iso and internet.

 

 

Looks like the command in here with the context and other variables is what is going to work for me. https://supportforums.cisco.com/discussion/11109561/snmpv3-context-configuration-older-switches

Review Cisco Networking for a $25 gift card