Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
1
Helpful
7
Replies

SNMPv3 does not work

valerio-cuoco
Level 1
Level 1

‎03-05-2024 06:38 AM

I am configuring SNMPv3 TRAP on SG550X but the traps are not sent to the notification recipient. 

I cannot see any packets from  the switch to the recipient.

SNMPv2 works fine.  can someone support me?

this is the configuration:

switch-1#show running-config
config-file-header
switch-1
v2.5.8.15 / RCBS3.1_930_871_084
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

....

....

snmp-server server
snmp-server engineID local 8000000903045fb9415bd4
snmp-server location Milan_LAB
snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server community public ro view Default
snmp-server host 10.x.x.x. version 3 priv snmpuser
snmp-server group ciscogroup v3 priv
snmp-server engineid remote 10.x.x.x  800001010afa059e
encrypted snmp-server user snmpuser ciscogroup v3 auth sha pRXIr4XSuFUV0z24lnrsQkGis2QLeKPPtZ30GgGhdA4= priv dcuv9ECA6QUT9ND76fZzKSMv6YUXeBGaRKLDHcsUT5I=

 

Labels:
0 Helpful
7 Replies 7

pieterh
VIP
VIP

‎03-06-2024 01:01 AM

>>> encrypted snmp-server user snmpuser ciscogroup v3 auth sha pRXIr4XSuFUV0z24lnrsQkGis2QLeKPPtZ30GgGhdA4= priv dcuv9ECA6QUT9ND76fZzKSMv6YUXeBGaRKLDHcsUT5I= <<<
-> this command looks wrong? some terminator missing here?
also I miss the snmp-server enable traps command in your output?

you may have modified the address in 
snmp-server host 10.x.x.x. version 3 priv snmpuser to hide the real address
but if you are keen on security then you also need to hide the hashes in 
snmp-server user snmpuser ciscogroup v3 auth sha*****  priv *****

last: did you add the snmp-server engineid remote 10.x.x.x  800001010afa059e
before adding the snm-user ?

SNMP Remote Engine ID (cisco.com)
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the command snmp-server engineID with the remote option. The remote agent's SNMP engine ID is needed when computing the authentication/privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.

Max Jobs
Level 1
Level 1

‎03-06-2024 01:08 AM

Hi Valerio, I'm agree with Pieterh...


It appears that your SNMPv3 TRAP configuration on the Cisco SG550X switch is missing a critical component: the actual SNMPv3 TRAP configuration. In the provided configuration snippet, only SNMPv3 informs are configured using the "snmp-server host" command, which sends SNMPv3 inform notifications to the specified recipient. However, SNMPv3 informs are confirmed messages, which require acknowledgment from the recipient.

To configure SNMPv3 TRAP notifications, you need to use the "snmp-server enable traps" command. Here's a basic example of how to configure SNMPv3 TRAP notifications on the Cisco SG550X switch:

snmp-server enable traps
snmp-server host 10.x.x.x version 3 priv snmpuser

This configuration tells the switch to send SNMPv3 TRAP notifications to the SNMPv3 user snmpuser at the IP address 10.x.x.x.

Make sure to replace 10.x.x.x with the actual IP address of your SNMPv3 notification recipient, and ensure that the SNMPv3 user and group are correctly configured with the appropriate authentication and privacy settings.

Additionally, ensure that any firewalls or ACLs are not blocking SNMP traffic between the switch and the notification recipient.

Once you have added the snmp-server enable traps command to your configuration and verified the SNMPv3 user settings, the switch should start sending SNMPv3 TRAP notifications to the specified recipient.

 

0 Helpful

valerio-cuoco
Level 1
Level 1
In response to Max Jobs

‎03-06-2024 01:40 AM

Hello 

thanks  for the feedback,

I have posted the output of show running config, do you expect to see " snmp-server enable traps" in such a output?

The configuration was made by graphical interface and trap setting was enabled. 

It is also used by SNMPv2  which is working,  right?

valeriocuoco_0-1709717498270.png

 

 

0 Helpful

pieterh
VIP
VIP
In response to valerio-cuoco

‎03-06-2024 03:29 AM

you posted only snippets of the configuration
yes I expected to see de command in the output , but may be omitted in the snippets

if you use the graphical interface after you enabled as above you need to configure some more
you can see different lines for informs and traps

pieterh_0-1709724483312.png

 

0 Helpful

valerio-cuoco
Level 1
Level 1
In response to pieterh

‎03-06-2024 03:43 AM

actually the command is missing in the printout...   no clue about the reason.

notification recipient is well configured; all the objects are configured.

 

0 Helpful

Max Jobs
Level 1
Level 1

‎03-06-2024 01:45 AM

Use this command to show debugs:

debug snmp packet
0 Helpful

valerio-cuoco
Level 1
Level 1
In response to Max Jobs

‎03-06-2024 02:05 AM

it does not work on this switch model

debug snmp packet

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card