Re: Setting up SNMP v3 on a Cisco 9200

daveh@innovat.com · ‎12-01-2023

I am setting up SNMP v3 on a 9200 below are the commands I am using. When testing I am not getting a response from the switch. When I run an nmap it doesnt show port 161 open.

snmp-server group Test_GROUP v3 priv
snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword

I am sure I am missing something.

Thanks,Dave

MHM Cisco World · ‎12-01-2023

MHM

balaji.bandi · ‎12-01-2023

If you have any ACL or anything blocking - what else you see when you do NMAP ?

You can check #show snmp (see snmp enabled)

#show udp details -show you teh details

check the correct syntax as example below :

This example shows how to associate a user with a remote host and to send auth (authNoPriv) authentication-level informs when the user enters global configuration mode:

Device(config)# snmp-server engineID remote 192.180.1.27 00000063000100a1c0b4011b
Device(config)# snmp-server group authgroup v3 auth
Device(config)# snmp-server user authuser authgroup remote 192.180.1.27 v3 auth md5 mypassword
Device(config)# snmp-server user authuser authgroup v3 auth md5 mypassword
Device(config)# snmp-server host 192.180.1.27 informs version 3 auth authuser config
Device(config)# snmp-server enable traps
Device(config)# snmp-server inform retries 0

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

daveh@innovat.com · ‎12-05-2023

My nmap only shows port 22 open

PORT STATE SERVICE VERSION
22/tcp open ssh Cisco SSH 1.25 (protocol 1.99)

SN Snmp

119 SNMP packets input
0 Bad SNMP version errors
45 Unknown community name
0 Illegal operation for community name supplied
16 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
89 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
31 Trap PDUs
SNMP global trap: enabled

SNMP logging: enabled
Logging to xxx.xxx.xxx, 0/10, 26 sent, 5 dropped.

SNMP Manager-role output packets
0 Get-request PDUs
0 Get-next PDUs
0 Get-bulk PDUs
0 Set-request PDUs
0 Inform-request PDUs
0 Timeouts
0 Drops
SNMP Manager-role input packets
0 Inform request PDUs
0 Trap PDUs
0 Response PDUs
0 Responses with errors

SNMP informs: disabled
SNMP agent enabled

Sh UDP detail

Proto Remote Port Local Port In Out Stat TTY OutputIF
17 xxx.xxx.xxx.xxx 55818 xxx.xxx.xxx.xxx 161 0 0 10001001 0
Queues: output 0
input 0 (drops 0, max 200, highwater
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- xxx.xxx.xxx.xxx 162 0 0 10001011 0
Queues: output 0
input 0 (drops 0, max 200, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 --listen-- xxx.xxx.xxx.xxx 63890 0 0 10001011 0
Queues: output 0
input 0 (drops 0, max 200, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 161 0 0 10020001 0
Queues: output 0
input 0 (drops 0, max 200, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 162 0 0 10020011 0
Queues: output 0
input 0 (drops 0, max 200, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17(v6) --listen-- --any-- 55296 0 0 10020001 0
Queues: output 0
input 0 (drops 0, max 200, highwater 0)
Proto Remote Port Local Port In Out Stat TTY OutputIF
17 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx 55893 0 0 10000000 2
Queues: output 0
input 0 (drops 0, max 0, highwater 0)

Here is the code I used to turn on snmp v3 to connect to PRTG and ops manager.

snmp-server group Test_GROUP v3 priv
snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword

Thanks,Dave

MHM Cisco World · ‎12-05-2023

snmp-server group Test_GROUP v3 priv
snmp-server user Test_USER Test_GROUP v3 auth sha Mypassword priv des Mypassword

Change the auth from sha to md5

Change priv from des to other

Add engine ID

The server use two ports 161 and 162 so open ports in acl of outside interface.

MHM