Re: Catalyst 9200 - SNMP ISSUE

MadyS · ‎04-19-2022

Hello everyone,

I am currently working on C9200 IOS-XE switches. I have to set up the SNMP service for supervision. I configured the service but there is no connection with the server that should receive the notifications. At first I thought the problem was related to the server but when I use the snmpwalk utility from the administration machine, I have the code Unknown user name.

Below is the configuration and results of the Show commands:

Site2_SW#sho snmp

Chassis: JAE24390QVT

100268 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

104841 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

4573 Trap PDUs

Packets currently in SNMP process input queue: 0

SNMP global trap: enabled

SNMP logging: enabled

Logging to 10.42.3.2.162, 0/10, 4573 sent, 0 dropped.

SNMP Manager-role output packets

0 Get-request PDUs

0 Get-next PDUs

0 Get-bulk PDUs

0 Set-request PDUs

4581 Inform-request PDUs

4581 Timeouts

0 Drops

SNMP Manager-role input packets

0 Inform request PDUs

0 Trap PDUs

0 Response PDUs

0 Responses with errors

SNMP informs: enabled

Informs in flight 0/25 (current/max)

Logging to 10.42.3.2.162

4581 sent, 0 in-flight, 0 retries, 4581 failed, 0 dropped

************

Site2_SW#sho run | sect snmp

snmp-server engineID local 800000090300549FC68ED912

snmp-server engineID remote 10.42.3.2 1711111112

snmp-server group groupe_SITE2 v3 priv

snmp-server view Allmibs iso included

snmp-server view Allmibs private included

snmp-server view Allmibs mib-2 included

snmp-server view Allmibs ciscoMgmt.635 included

snmp-server trap-source Vlan30

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps flowmon

snmp-server enable traps entity-perf throughput-notif

snmp-server enable traps call-home message-send-fail server-fail

snmp-server enable traps tty

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps eigrp

snmp-server enable traps ike policy add

snmp-server enable traps ike policy delete

snmp-server enable traps ike tunnel start

snmp-server enable traps ike tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps auth-framework sec-violation

snmp-server enable traps rep

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps port-security

snmp-server enable traps license

snmp-server enable traps smart-license

snmp-server enable traps cpu threshold

snmp-server enable traps memory bufferpeak

snmp-server enable traps stackwise

snmp-server enable traps udld link-fail-rpt

snmp-server enable traps udld status-change

snmp-server enable traps fru-ctrl

snmp-server enable traps flash insertion removal lowspace

snmp-server enable traps energywise

snmp-server enable traps power-ethernet police

snmp-server enable traps entity

snmp-server enable traps envmon

snmp-server enable traps event-manager

snmp-server enable traps bfd

snmp-server enable traps dhcp

snmp-server enable traps ospfv3 state-change

snmp-server enable traps ospfv3 errors

snmp-server enable traps ipmulticast

snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election

snmp-server enable traps msdp

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps vlan-membership

snmp-server enable traps errdisable

snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down

snmp-server enable traps transceiver all

snmp-server enable traps rf

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps mac-notification change move threshold

snmp-server host 10.42.3.2 informs version 3 priv user_site2

snmp-server host 10.42.3.2 3 entity-state syslog

snmp-server host 10.42.3.2 version 3 priv user_site2

snmp-server inform retries 0

snmp ifmib ifindex persist

***************

Site2_SW#sho snmp user

User name: user_site2

Engine ID: 1711111112

storage-type: nonvolatile active

Authentication Protocol: SHA

Privacy Protocol: AES128

Group-name: groupe_Site2

Site2_SW#

***********

Site2_SW#sho snmp eng

SITE2_SW#sho snmp engineID

Local SNMP engineID: 800000090300549FC68ED912

Remote Engine ID IP-addr Port

1711111112 remote 10.42.3.2 162

Site2_SW#

This is the configuration implemented on switch:

snmp-server engineID local 800000090300549FC68ED912

snmp-server engineID remote 10.42.3.2 1711111112

snmp-server group groupe_Site2 v3 priv

snmp-server enable traps

snmp-server user user_site2 groupe_Site2 remote 10.42.3.2 v3 auth sha S1te@_6_ROS priv aes 128 S1te@_6_CSK

snmp-server group groupe_Site2 v3 priv read Allmibs

snmp-server group groupe_ Site2 v3 priv

snmp-server view Allmibs iso included

snmp-server view Allmibs private included

snmp-server view Allmibs mib-2 included

snmp-server view Allmibs ciscoMgmt.635 included

snmp-server trap-source Vlan30

snmp-server host 10.42.3.2 3 entity-state syslog

snmp-server host 10.42.3.2 version 3 priv user_site2

snmp-server host 10.42.3.2 informs version 3 priv user_site2

snmp-server inform retries 0

snmp ifmib ifindex persist

snmp-server trap-source Vlan30

Can you please tell me if there is a particular parameter to activate on the 9000 series for it to work?

Thanks in advance !

Flavio Miranda · ‎04-19-2022

Did you use this suyntax? Dont know if you delete information for security reasons.

snmp-server group <snmp group name> v3 auth

snmp-server user <snmp user name> <snmp group name> v3 auth md5 <auth password> priv des <priv password>

Your error message is quite clear. Your NMS can´t login in using that username

MadyS · ‎04-19-2022

Thanks for yout reply, I used this syntax:

snmp-server group groupe_site2 v3 priv
snmp-server user user_site2 groupe_site2 remote 10.42.3.2 v3 auth sha password_sha priv aes 128 password_aes

Do you see the a problem in this configuration?

Flavio Miranda · ‎04-19-2022

Well, I dont.

Using Cisco Prime I had to use cisco AES 256 but this is about encryption. Your message is related to user.