cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1589
Views
5
Helpful
5
Replies
Highlighted
Contributor

CMX, WLCs and SNMP RW

I have a customer who asked why we need to use SNMP RW strings for connecting CMX and WLCs.  I know that it won't work if you just use RO strings.  The CMX server will be in a DMZ, while the WLCs are internal.  Their concern is a DMZ device having write access to an internal device.  Can someone shed light on why SNMP RW is required?

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: CMX, WLCs and SNMP RW

A Write string is required to tell the WLC to "trust" CMX is valid. 

The single thing that CMX is writting into the config of the WLC is the command

config authlist add <parameters>

Is this command is added manually, a RW SNMP key is not required.

This troubleshooting guide may help

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/CMX/CMX_Troubleshooting.pdf

>config auth-list add sha256-lbs-ssc   MAC ADDRESS and KEY HASH are derived from Step 2

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

Re: CMX, WLCs and SNMP RW

A Write string is required to tell the WLC to "trust" CMX is valid. 

The single thing that CMX is writting into the config of the WLC is the command

config authlist add <parameters>

Is this command is added manually, a RW SNMP key is not required.

This troubleshooting guide may help

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/CMX/CMX_Troubleshooting.pdf

>config auth-list add sha256-lbs-ssc   MAC ADDRESS and KEY HASH are derived from Step 2

View solution in original post

Highlighted
Contributor

Re: CMX, WLCs and SNMP RW

Thanks.  It would be good to see that specifically in the config as two options - one using a SNMP RO string and manually configuring the WLC with that info, and another using an SNMP RW string.

Highlighted
Beginner

Re: CMX, WLCs and SNMP RW

what command can be used to add the controller if the keys are already set up on the WLC?

when i try to add the controller it still asks me for a write community string and it still fails if i dont put anything in that query

Highlighted
Beginner

Re: CMX, WLCs and SNMP RW

If i want to import a controller into CMX, what command would i have to do on the WLC to export the controller FILE?

can't seem to find that reference.

Highlighted
Beginner

Re: CMX, WLCs and SNMP RW

I have validated that our WLC has the key hash for the mac address of our CMX.

 

but i can't get them to provide any credentials for adding the controller, either through snmp community write string or importing from PI (root credentials).

 

it seems i have 2 options:

Is there a way i can change the IP address of an existing controller in CMX ? (a config file or something)

Can i have someone export something from the WLC that I can import into cmx using cmxctl config controllers import (FILE)?

 

TIA

Fritz

Content for Community-Ad