cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Smart Net Total Care Community!

Our community includes Cisco experts to answer your questions about the Smart Net Total Care (SNTC) portal and CSP-Collector.
Click the navigation links below to access materials for using our service and supported collectors.

187
Views
0
Helpful
8
Replies
Highlighted
Beginner

CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

Hi

I have installed CSPC 2.8.1 for a customer and they are experiencing an isssue where the CSPC is configured to use 'Priv Auth' but the devices are reporting the connection attempt is being made using "No Auth"

 

The Auth algorithm is using SHA and the privacy password is using AES-128.

The devices have been discovered using IP address and the SNMP security level on the switch is set to "Priv".

 

Can anbody assist in what would cause a device to report an SNMP connection attempt being made using 'no auth' when the collector is set to use 'Priv Auth'?

 

I have asked the customer to confirm the switch IOS versions and am awaiting a response. Any help in the mean time would be appreciated.

 

 

 

8 REPLIES
Cisco Employee

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

Philip,

 

Can you please share logs or screenshots of the switches reporting the SNMP connection attempts as "No Auth"? Can you also please share screenshot of the SNMPv3 credential configuration in the collector.

 

Thanks,

Brandon

 

 

Beginner

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

Hi Brandon. Please see the switch debug below:

Switch debug:

Dec 27 2018 15:03:46.097 gmt: SNMP: Packet received via UDP from X.X.X.X on TenGigabitEthernet1/1/3

Dec 27 2018 15:03:46.098 gmt:

Incoming SNMP packet

Dec 27 2018 15:03:46.098 gmt: v3 packet security model: v3       security level: noauth

Dec 27 2018 15:03:46.098 gmt: username:

Dec 27 2018 15:03:46.098 gmt: snmpEngineID: 80000009030000425A434F00

Dec 27 2018 15:03:46.098 gmt: snmpEngineBoots: 0        snmpEngineTime: 0

Dec 27 2018 15:03:46.098 gmt: SNMP: Report, reqid 0, errstat 0, erridx 0

usmStats.4.0 = 258

 

The switches experiencing issues are:

WS-3850-12S (IOS Version 03.06.06E)

2960X (IOS Version 15.2(2)E6)

 

Thanks

CSPC Device credentials.jpg

Cisco Employee

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

From the collector CLI can you attempt an snmpwalk to see if it is successful

 

snmpwalk -v3 -l authPriv -u <USERNAME> -a sha -A <AUTHPASSWORD> -x aes -X <PRIVPASSWORD> <IPADDRESS> system

 

Thank you,

Beginner

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

On Further investigation we believe it may be due to the use of special characters in the SNMPv3 password. Can anybody confirm if there are any issues with the use of special characters for SNMPv3?

Cisco Employee

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

Philip -- I have lab devices running v3 with special characters in the password and have no issue managing them with CSPC. If you are getting a failure doing the snmpwalk you can try escaping the characters. 

Beginner

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

When using a special character in the password we get the following message from snmpwalk.

 "

No log handling enabled - turning on stderr logging

Error: passphrase chosen is below the length requirements of the USM (min=8).

snmpwalk:  (The supplied password length is too short.)

Error generating a key (Ku) from the supplied authentication pass phrase."

 

It seem as though snmpwalk doesn’t recognise the special character

 

 

On a test device if we change the password so that it contains no special character the snmpwalk runs without any issues.

To save us from changing the snmp password is there anything that can be done?

Cisco Employee

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

Try escaping the " character with a backslash before it.

 

snmpwalk -v3 -l authPriv -u brawall -a sha -A test\"test1 -x aes -X test\"test1 <IP ADDRESS>

 

Thanks,

Brandon

Beginner

Re: CSPC SNMPv3 discovery issue - devices reporting "no auth" connection attempt.

HI Brandon.

 

We have tried that and get the following error:

 

No log handling enabled - turning on stderr logging

snmpwalk: Authentication failure (incorrect password, community or key)

 

it’s not happy about the \ in the password.

 

Is it possible to get a Webex with someone to look at the issue?

 

Thanks

 

CreatePlease to create content
Right-rail
Navigation
Be sure to bookmark these support pages and use them in the future to find all the self-help information.
Helpful Links