04-19-2022 02:15 AM
Hello everyone,
I am currently working on C9200 IOS-XE switches. I have to set up the SNMP service for supervision. I configured the service but there is no connection with the server that should receive the notifications. At first I thought the problem was related to the server but when I use the snmpwalk utility from the administration machine, I have the code Unknown user name.
Below is the configuration and results of the Show commands:
Site2_SW#sho snmp
Chassis: JAE24390QVT
100268 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
104841 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
4573 Trap PDUs
Packets currently in SNMP process input queue: 0
SNMP global trap: enabled
SNMP logging: enabled
Logging to 10.42.3.2.162, 0/10, 4573 sent, 0 dropped.
SNMP Manager-role output packets
0 Get-request PDUs
0 Get-next PDUs
0 Get-bulk PDUs
0 Set-request PDUs
4581 Inform-request PDUs
4581 Timeouts
0 Drops
SNMP Manager-role input packets
0 Inform request PDUs
0 Trap PDUs
0 Response PDUs
0 Responses with errors
SNMP informs: enabled
Informs in flight 0/25 (current/max)
Logging to 10.42.3.2.162
4581 sent, 0 in-flight, 0 retries, 4581 failed, 0 dropped
************
Site2_SW#sho run | sect snmp
snmp-server engineID local 800000090300549FC68ED912
snmp-server engineID remote 10.42.3.2 1711111112
snmp-server group groupe_SITE2 v3 priv
snmp-server view Allmibs iso included
snmp-server view Allmibs private included
snmp-server view Allmibs mib-2 included
snmp-server view Allmibs ciscoMgmt.635 included
snmp-server trap-source Vlan30
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps flowmon
snmp-server enable traps entity-perf throughput-notif
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps eigrp
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps port-security
snmp-server enable traps license
snmp-server enable traps smart-license
snmp-server enable traps cpu threshold
snmp-server enable traps memory bufferpeak
snmp-server enable traps stackwise
snmp-server enable traps udld link-fail-rpt
snmp-server enable traps udld status-change
snmp-server enable traps fru-ctrl
snmp-server enable traps flash insertion removal lowspace
snmp-server enable traps energywise
snmp-server enable traps power-ethernet police
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps event-manager
snmp-server enable traps bfd
snmp-server enable traps dhcp
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps ipmulticast
snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps errdisable
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server enable traps transceiver all
snmp-server enable traps rf
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.42.3.2 informs version 3 priv user_site2
snmp-server host 10.42.3.2 3 entity-state syslog
snmp-server host 10.42.3.2 version 3 priv user_site2
snmp-server inform retries 0
snmp ifmib ifindex persist
***************
Site2_SW#sho snmp user
User name: user_site2
Engine ID: 1711111112
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: groupe_Site2
Site2_SW#
***********
Site2_SW#sho snmp eng
SITE2_SW#sho snmp engineID
Local SNMP engineID: 800000090300549FC68ED912
Remote Engine ID IP-addr Port
1711111112 remote 10.42.3.2 162
Site2_SW#
This is the configuration implemented on switch:
snmp-server engineID local 800000090300549FC68ED912
snmp-server engineID remote 10.42.3.2 1711111112
snmp-server group groupe_Site2 v3 priv
snmp-server enable traps
snmp-server user user_site2 groupe_Site2 remote 10.42.3.2 v3 auth sha S1te@_6_ROS priv aes 128 S1te@_6_CSK
snmp-server group groupe_Site2 v3 priv read Allmibs
snmp-server group groupe_ Site2 v3 priv
snmp-server view Allmibs iso included
snmp-server view Allmibs private included
snmp-server view Allmibs mib-2 included
snmp-server view Allmibs ciscoMgmt.635 included
snmp-server trap-source Vlan30
snmp-server host 10.42.3.2 3 entity-state syslog
snmp-server host 10.42.3.2 version 3 priv user_site2
snmp-server host 10.42.3.2 informs version 3 priv user_site2
snmp-server inform retries 0
snmp ifmib ifindex persist
snmp-server trap-source Vlan30
Can you please tell me if there is a particular parameter to activate on the 9000 series for it to work?
Thanks in advance !
04-19-2022 03:56 AM
Did you use this suyntax? Dont know if you delete information for security reasons.
snmp-server group <snmp group name> v3 auth
snmp-server user <snmp user name> <snmp group name> v3 auth md5 <auth password> priv des <priv password>
Your error message is quite clear. Your NMS can´t login in using that username
04-19-2022 06:07 AM
Thanks for yout reply, I used this syntax:
snmp-server group groupe_site2 v3 priv
snmp-server user user_site2 groupe_site2 remote 10.42.3.2 v3 auth sha password_sha priv aes 128 password_aes
Do you see the a problem in this configuration?
04-19-2022 06:22 AM
Well, I dont.
Using Cisco Prime I had to use cisco AES 256 but this is about encryption. Your message is related to user.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: