Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3352
Views
5
Helpful
5
Replies

CMX, WLCs and SNMP RW

Go to solution
JASON BOYERS
Level 5
Level 5

‎01-27-2017 06:49 AM - edited ‎07-05-2021 06:27 AM

I have a customer who asked why we need to use SNMP RW strings for connecting CMX and WLCs.  I know that it won't work if you just use RO strings.  The CMX server will be in a DMZ, while the WLCs are internal.  Their concern is a DMZ device having write access to an internal device.  Can someone shed light on why SNMP RW is required?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dsladden
Cisco Employee
Cisco Employee

‎01-31-2017 12:11 PM

A Write string is required to tell the WLC to "trust" CMX is valid. 

The single thing that CMX is writting into the config of the WLC is the command

config authlist add <parameters>

Is this command is added manually, a RW SNMP key is not required.

This troubleshooting guide may help

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/CMX/CMX_Troubleshooting.pdf

>config auth-list add sha256-lbs-ssc   MAC ADDRESS and KEY HASH are derived from Step 2

View solution in original post

5 Replies 5

Go to solution
dsladden
Cisco Employee
Cisco Employee

‎01-31-2017 12:11 PM

A Write string is required to tell the WLC to "trust" CMX is valid. 

The single thing that CMX is writting into the config of the WLC is the command

config authlist add <parameters>

Is this command is added manually, a RW SNMP key is not required.

This troubleshooting guide may help

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/CMX/CMX_Troubleshooting.pdf

>config auth-list add sha256-lbs-ssc   MAC ADDRESS and KEY HASH are derived from Step 2

Go to solution
JASON BOYERS
Level 5
Level 5
In response to dsladden

‎01-31-2017 12:17 PM

Thanks.  It would be good to see that specifically in the config as two options - one using a SNMP RO string and manually configuring the WLC with that info, and another using an SNMP RW string.

0 Helpful

Go to solution
fritzebner
Level 1
Level 1
In response to dsladden

‎08-24-2018 09:25 AM

what command can be used to add the controller if the keys are already set up on the WLC?

when i try to add the controller it still asks me for a write community string and it still fails if i dont put anything in that query

0 Helpful

Go to solution
fritzebner
Level 1
Level 1
In response to dsladden

‎08-24-2018 11:49 AM

If i want to import a controller into CMX, what command would i have to do on the WLC to export the controller FILE?

can't seem to find that reference.

0 Helpful

Go to solution
fritzebner
Level 1
Level 1
In response to dsladden

‎08-27-2018 07:37 AM

I have validated that our WLC has the key hash for the mac address of our CMX.

 

but i can't get them to provide any credentials for adding the controller, either through snmp community write string or importing from PI (root credentials).

 

it seems i have 2 options:

Is there a way i can change the IP address of an existing controller in CMX ? (a config file or something)

Can i have someone export something from the WLC that I can import into cmx using cmxctl config controllers import (FILE)?

 

TIA

Fritz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card