08-23-2023 07:51 AM
Good day everyone !
I'm Linux Engineer for a large organization.
I have some good knowledge of Cisco, also SNMP, DB, programming...
I'm building an Open Source solution (Running on SuSE Linux Enterprise Server - SLES) to have an inventory / CMDB of all our equipment : Servers, Workstations, Network equipment, FW, etc.
It includes Hardware info, Software, Certificates, CVE, and many more...
On Servers and Workstations, I use an agent and everything's working perfectly !
Now I'm trying since some time (!) to inventory our Cisco network equipment using SNMP V3 (SHA and AES). I'm testing this with a Cisco 4000 Series. (The problem is that I have no read nor write access to the router(s) : they are managed by our Comms team).
I can ping the router, I can reach it on port 161 (and 162) (using netcat), I have the right SHA/AES credentials... : all seems good. But, systematically, when I try to snmpwalk / snmpget the router, I receive a "TimeOut - no response from routers'IP¨
Going a bit further if I tcpdump the network traffic, I can see my Server contacting the router, but the router always answers with an "Unknown EngineID".
The router's configuration should be correct: I set up a spare/test router and using a MIB Browser, I can snmpwalk / snmpget without any problem.
So, I gave step-by-step configuration instructions to the Comms Team in order to have exactly the same working configuration.
EngineID is set - I think correctly, all must be good in theory (again, I have no read access to the router).
Though, tcpdump / wireshark shows I must have 30M answers from the router with "unknown EngineID¨.
Do I need to specify the remote EngineID of my Linux Server on the router ?
(I don't need to do that with a MIB Browser : it just works instantaneously).
Would anyone amongst you, Cisco experts, have an idea how to solve this ?
Many thanks in advance !!
Damien
08-23-2023 08:10 AM
As Long as the SNMP setup done correctly at device, you should get responce all paramenters correct.
TimeOut - no response from routers'IP - this show me either router not allowed your IP or not configured correctly
Ask network team when you do SNMPwalk what logs they see on the device.
08-27-2023 05:48 PM
I have not found that an SNMPv3 GET mandates the EngineID as part of the request. At least that is what I have found with most Cisco products when I run a Linux-based Net-SNMP snmpwalk command. The EngineID is based on a formula that should be standardized and it generated by the system on which the SNMP agent is running.
I might be wrong, but in our world, specifying the EngineID does not give us any more granularity or accuracy than simply pointing the NMS tool to the device's IP address - since we don't run more than one SNMP agent on a Cisco device. So what's the point of the EngineID?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide