Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2139
Views
0
Helpful
3
Replies

Catalyst 9200 - SNMP ISSUE

MadyS
Spotlight
Spotlight

‎04-19-2022 02:15 AM

Hello everyone,

 

I am currently working on C9200 IOS-XE switches. I have to set up the SNMP service for supervision. I configured the service but there is no connection with the server that should receive the notifications. At first I thought the problem was related to the server but when I use the snmpwalk utility from the administration machine, I have the code Unknown user name.

Below is the configuration and results of the Show commands:

 

Site2_SW#sho snmp

Chassis: JAE24390QVT

100268 SNMP packets input

    0 Bad SNMP version errors

    0 Unknown community name

    0 Illegal operation for community name supplied

    0 Encoding errors

    0 Number of requested variables

    0 Number of altered variables

    0 Get-request PDUs

    0 Get-next PDUs

    0 Set-request PDUs

    0 Input queue packet drops (Maximum queue size 1000)

104841 SNMP packets output

    0 Too big errors (Maximum packet size 1500)

    0 No such name errors

    0 Bad values errors

    0 General errors

    0 Response PDUs

    4573 Trap PDUs

Packets currently in SNMP process input queue: 0

SNMP global trap: enabled

 

SNMP logging: enabled

    Logging to 10.42.3.2.162, 0/10, 4573 sent, 0 dropped.

 

SNMP Manager-role output packets

    0 Get-request PDUs

    0 Get-next PDUs

    0 Get-bulk PDUs

    0 Set-request PDUs

    4581 Inform-request PDUs

    4581 Timeouts

    0 Drops

SNMP Manager-role input packets

    0 Inform request PDUs

    0 Trap PDUs

    0 Response PDUs

    0 Responses with errors

 

SNMP informs: enabled

    Informs in flight 0/25 (current/max)

    Logging to 10.42.3.2.162

        4581 sent, 0 in-flight, 0 retries, 4581 failed, 0 dropped

       

        ************

       

Site2_SW#sho run | sect snmp

snmp-server engineID local 800000090300549FC68ED912

snmp-server engineID remote 10.42.3.2 1711111112

snmp-server group groupe_SITE2 v3 priv

snmp-server view Allmibs iso included

snmp-server view Allmibs private included

snmp-server view Allmibs mib-2 included

snmp-server view Allmibs ciscoMgmt.635 included

snmp-server trap-source Vlan30

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps flowmon

snmp-server enable traps entity-perf throughput-notif

snmp-server enable traps call-home message-send-fail server-fail

snmp-server enable traps tty

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change nssa-trans-change

snmp-server enable traps ospf cisco-specific state-change shamlink interface

snmp-server enable traps ospf cisco-specific state-change shamlink neighbor

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps eigrp

snmp-server enable traps ike policy add

snmp-server enable traps ike policy delete

snmp-server enable traps ike tunnel start

snmp-server enable traps ike tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

snmp-server enable traps auth-framework sec-violation

snmp-server enable traps rep

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps port-security

snmp-server enable traps license

snmp-server enable traps smart-license

snmp-server enable traps cpu threshold

snmp-server enable traps memory bufferpeak

snmp-server enable traps stackwise

snmp-server enable traps udld link-fail-rpt

snmp-server enable traps udld status-change

snmp-server enable traps fru-ctrl

snmp-server enable traps flash insertion removal lowspace

snmp-server enable traps energywise

snmp-server enable traps power-ethernet police

snmp-server enable traps entity

snmp-server enable traps envmon

snmp-server enable traps event-manager

snmp-server enable traps bfd

snmp-server enable traps dhcp

snmp-server enable traps ospfv3 state-change

snmp-server enable traps ospfv3 errors

snmp-server enable traps ipmulticast

snmp-server enable traps pimstdmib neighbor-loss invalid-register invalid-join-prune rp-mapping-change interface-election

snmp-server enable traps msdp

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message

snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency

snmp-server enable traps config-copy

snmp-server enable traps config

snmp-server enable traps config-ctid

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency

snmp-server enable traps syslog

snmp-server enable traps vlan-membership

snmp-server enable traps errdisable

snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down

snmp-server enable traps transceiver all

snmp-server enable traps rf

snmp-server enable traps bulkstat collection transfer

snmp-server enable traps mac-notification change move threshold

snmp-server host 10.42.3.2 informs version 3 priv user_site2

snmp-server host 10.42.3.2 3  entity-state syslog

snmp-server host 10.42.3.2 version 3 priv user_site2

snmp-server inform retries 0

snmp ifmib ifindex persist

 

***************

Site2_SW#sho snmp user

 

User name: user_site2

Engine ID: 1711111112

storage-type: nonvolatile     active

Authentication Protocol: SHA

Privacy Protocol: AES128

Group-name: groupe_Site2

 

Site2_SW#

 

***********

Site2_SW#sho snmp eng

SITE2_SW#sho snmp engineID

Local SNMP engineID: 800000090300549FC68ED912

Remote Engine ID          IP-addr    Port

1711111112        remote      10.42.3.2   162

Site2_SW#

 

 

This is the configuration implemented on switch:

 

snmp-server engineID local 800000090300549FC68ED912

snmp-server engineID remote 10.42.3.2 1711111112

snmp-server group groupe_Site2 v3 priv

snmp-server enable traps

snmp-server user user_site2 groupe_Site2 remote 10.42.3.2 v3 auth sha S1te@_6_ROS priv aes 128 S1te@_6_CSK

snmp-server group groupe_Site2 v3 priv read Allmibs

snmp-server group groupe_ Site2 v3 priv

snmp-server view Allmibs iso included

snmp-server view Allmibs private included

snmp-server view Allmibs mib-2 included

snmp-server view Allmibs ciscoMgmt.635 included

snmp-server trap-source Vlan30

snmp-server host 10.42.3.2 3  entity-state syslog

snmp-server host 10.42.3.2 version 3 priv user_site2

snmp-server host 10.42.3.2 informs version 3 priv user_site2

snmp-server inform retries 0

snmp ifmib ifindex persist

snmp-server trap-source Vlan30

 

Can you please tell me if there is a particular parameter to activate on the 9000 series for it to work?

 

Thanks in advance !

0 Helpful
3 Replies 3

Flavio Miranda
VIP
VIP

‎04-19-2022 03:56 AM

Did you use this suyntax? Dont know if you delete information for security reasons.

 

snmp-server group <snmp group name> v3 auth

snmp-server user <snmp user name> <snmp group name> v3 auth md5 <auth password> priv des <priv password>

 

Your error message is quite clear. Your NMS can´t login in using that username

0 Helpful

MadyS
Spotlight
Spotlight
In response to Flavio Miranda

‎04-19-2022 06:07 AM

Thanks for yout reply, I used this syntax:

snmp-server group groupe_site2 v3 priv
snmp-server user user_site2 groupe_site2 remote 10.42.3.2 v3 auth sha password_sha priv aes 128 password_aes

 

Do you see the a problem in this configuration?

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to MadyS

‎04-19-2022 06:22 AM

Well,  I dont.

 Using Cisco Prime I had to use cisco AES 256 but this is about encryption. Your message is related to user. 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card