cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1198
Views
0
Helpful
0
Replies

3750 snmp v3 authPriv

I've been fiddling around with some snmp v3 lately on a few 3750 switches running 12.2(55)SE5 (it's a K9 image). First my configuration was like this:

!

ip access-list standard NETDISCO

remark NETDISCO TEST SERVER

permit host 1.1.1.1

!

snmp-server view v3View mib-2 included

snmp-server view v3View cisco included

!

snmp-server group v3GroupRead v3 auth read v3View access NETDISCO

!

snmp-server user v3UserRead v3GroupRead v3 auth sha <sha pass> priv aes 192 <aes pass> access NETDISCO

!

The configuration above works wtihout any problem but when I did a snmpwalk I had to use the -authnoPriv, I take this as it's not being encrypted only authenticated. This would be due to the configuration "snmp-server group <groupname> auth".

To use an authPriv during the snmpwalk I should use the "snmp-server group <groupname> priv" so I added that command and the snmp-server group looked like below.

!

snmp-server group v3GroupRead v3 auth read v3View access NETDISCO

snmp-server group v3GroupRead v3 priv read v3View access NETDISCO

!

With this configuration the snmpwalk still had to contain "authnoPriv" in order to work. I decided to remove the "snmp-server group <groupname> auth" command so the configuration looked like below:

!

snmp-server group v3GroupRead v3 priv read v3View access NETDISCO

!

Now the snmpwalk doesn't work with "authnoPriv" as I'm assuming it should be. Using "authPriv" in the snmpwalk didn't get an error right away (as it did before) instead the snmpwalk timed out. I ran a debug snmp packet and got the following output:

SWITCH1#debug snmp packets

SNMP packet debugging is on

006753: Apr 15 07:23:20.298 UTC: SNMP: Packet received via UDP from 1.1.1.1 on Vlan1

006754: Apr 15 07:23:20.298 UTC: SNMP: Report, reqid 1148736304, errstat 0, erridx 0 usmStats.4.0 = 309

006755: Apr 15 07:23:20.298 UTC: SNMP: Packet sent via UDP to 1.1.1.1

006756: Apr 15 07:23:20.306 UTC: SNMP: Packet received via UDP from 1.1.1.1 on Vlan1

006757: Apr 15 07:23:21.305 UTC: SNMP: Packet received via UDP from 1.1.1.1 on Vlan1

<output removed since it's just repeat the last output over and over again until the snmp-walk times out>

Is this buggy or am I missing something in order to do a snmpwalk with the "authPriv" parameter/flag set?

Everyone's tags (5)
CreatePlease to create content
Content for Community-Ad