Re: Cisco 4500 Switch - SNMPV3

MoSalah · ‎04-26-2020

Hi

I have recently configured SNMPV3 with Cisco 4500

# snmp-server view myview iso included
# snmp-server group ciscogroup v3 auth read myview write myview
# snmp-server user cisco ciscogroup v3 auth sha usercsico
# snmp-server host 10.x.x.x traps version 3 auth cisco
# snmp-server host 10.x.x.x traps version 3 auth cisco

-SNMP Manager can not see any packets from my node even snmpwalk authentication is succeeded , when show snmp logging , there is packets out of the switch but with wrong time ! , NTP Server is configured and show clock indicated the correct time .

- is there any modification should I do to the configuration ? or the time of the logging is not related ?

Mark Elsen · ‎04-26-2020

- Have a fallback to snmp v2c for testing the snmp manager software in combination with your device. If that works have a look into the current software version running on the 4500. Snmp v3 is sometimes buggy on cisco switches. Depending on urgency and feasibility and compare the problem with more recent release(s) , if available.

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

MoSalah · ‎04-26-2020

Thanks marce for your concern
I have a fallback already to v2c and it worked !

is there any chance or additional configuration to perform SNMPV3 as it is mandatory ?

Thanks

Mark Elsen · ‎04-27-2020

(also pay attention to the software versioning matter as I explained earlier).

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

MoSalah · ‎04-27-2020

Version : IOS XE 3.10.3
Do you have comments on it ?

Mark Elsen · ‎04-27-2020

- Advise is to check Release Notes of subsequent versions , check for instance Resolved Caveats and look for improvements or corrections concerning snmp (you can use for instance use Find in Browser).

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Reza Sharifi · ‎04-26-2020

Hi,

Not sure what management application you use, but here is the config needed for SW application.

https://thwack.solarwinds.com/t5/Engineer-s-Toolset-Documents/How-to-properly-configure-SNMPv3-in-CISCO/ta-p/516733

HTH

paul driver · ‎04-27-2020

Hello

@MoSalah wrote:

Hi

I have recently configured SNMPV3 with Cisco 4500

# snmp-server view myview iso included
# snmp-server group ciscogroup v3 auth read myview write myview
# snmp-server user cisco ciscogroup v3 auth sha usercsico

- is there any modification should I do to the configuration ? or the time of the logging is not related ?

Try to specify athe nms host in a ACL for the user and group to use authentication, Also s that auth password correct and not a typo?

ip access-list standard snmp_acl
remark NMS server
permit ip 1.1.1.1

snmp-server group ciscogroup v3 auth read myview write myview access snmp_acl

snmp-server user cisco ciscogroup v3 auth sha usercsico usercsio

@MoSalah wrote:
Thanks marce for your concern
I have a fallback already to v2c and it worked

Makes me think ,Does the nms host support SHA authentication?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul