05-27-2021 05:42 PM - edited 05-27-2021 05:50 PM
Is it possible to set thew precise SHA1 and AES settings/passwords on this device, or does it just accept what Solarwinds throws at it?
I have things set exactly like regular IOS on the ASR1001 & ISR3900 - but IOS-XE 9500 Gilbraltar 16.12.2 will not cooperate like the other two routers.
To follow up on the question, can I reach the snmp-server through the Mgmt-vrf or it has to be from the default-vrf?
Solved! Go to Solution.
05-28-2021 02:30 AM
here is my test config on Cat 9300 works as expected :
snmp-server group XXXXX v3 priv read read_view
snmp-server ifindex persist
snmp-server trap timeout 30
snmp-server user XXXX XXXXX v3 encrypted auth sha YYYYYYYYYYYYY priv aes 128 YYYYYYYYYYYY
snmp-server view read_view 1.3.6.1.* included
To follow up on the question, can I reach the snmp-server through the Mgmt-vrf or it has to be from the default-vrf?
you can use any interface as long as reachable.
05-27-2021 07:28 PM
To follow up on the question, can I reach the snmp-server through the Mgmt-vrf or it has to be from the default-vrf?
Mgmt-vrf should work just fine. something like this:
ip name-server vrf Mgmt-vrf x.x.x.x
ip domain name test.com
ip domain name vrf Mgmt-vrf test.com
HTH
05-27-2021 08:18 PM
Not sure I understand the answer. I have attached the run config minus the passwords. So I am able to connect the snmp-server, which is Solarwinds, using v1 and v2 snmp. But v3 snmp does not seem to work. I am wondering if the auth, priv need to have specific settings or an ID engine? I am using sha1 and AES128.
Thanks for taking a look.
05-28-2021 02:30 AM
here is my test config on Cat 9300 works as expected :
snmp-server group XXXXX v3 priv read read_view
snmp-server ifindex persist
snmp-server trap timeout 30
snmp-server user XXXX XXXXX v3 encrypted auth sha YYYYYYYYYYYYY priv aes 128 YYYYYYYYYYYY
snmp-server view read_view 1.3.6.1.* included
To follow up on the question, can I reach the snmp-server through the Mgmt-vrf or it has to be from the default-vrf?
you can use any interface as long as reachable.
05-28-2021 03:05 AM
Nice BB - I will give this a shot. I mean IOS-XE should be pretty much same on any hardware to some extent.
05-28-2021 04:35 PM
I don't know how it finally clicked in, but it did. Here is my output. Don't know why but the auth and priv user command is hidden.
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.12.144.1 name Mgmt_c9500-16x_stack
ip ssh version 2
!
!
!
!
!
snmp-server group admingrp v3 priv
snmp-server enable traps tty
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
login local
width 30
stopbits 1
line vty 0 4
privilege level
05-29-2021 12:47 AM
check with show run all
06-03-2021 06:47 PM
Wow, that is a lot going on there under "show run all". Concerned about the dual link detection not on the Port-channels. Should I put that under the Po config?
stackwise-virtual
domain 12
dual-active detection pagp
no dual-active detection pagp trust channel-group 10
no dual-active detection pagp trust channel-group 20
ptp mode forward
ptp globalprotocolenable
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide