Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
238
Views
0
Helpful
5
Replies

DNAC API - createSNMPv3Credential

dmcdonald
Level 1
Level 1

‎02-06-2025 01:22 PM

We are hoping to on-board a large number of systems into DNAC.  Currently we use unique SNMP credentials per device.  Rather than manually enter all of those credentials, I had hoped to pre-populate the credential table using post into /dna/intent/api/v1/global-credential/snmpv3, using the credentials from our existing credential stores.

However, when I try to create a credential, I get a status of 202.  When I look at the status of the task object that is retrieved, it returns a 423 status error code.  No credentials show up even after several hours.

Has anyone successfully used the createSNMPv3Credential method and do you have any tips or troubleshooting steps that might make this successful?

Alternatively, has anyone found a way for DNAC to reference cyberark for snmpv3 credentials?

 

Labels:
0 Helpful
5 Replies 5

bigevilbeard
VIP
VIP

‎02-07-2025 03:13 AM

By no means an expert here, looking at the docs, the payload should look like

{
  "snmpV3Credentials": [
    {
      "description": "SNMPv3 Credential for Device MOO",
      "username": "snmpuser",
      "authType": "SHA",
      "authPassword": "authpassword123",
      "privacyType": "AES128",
      "privacyPassword": "privacypassword123",
      "snmpMode": "AUTHPRIV",
      "comments": "Credential for network device MOO",
      "credentialType": "GLOBAL"
    }
  ]
}

Its odd you get the 403 (locked out) message. Can you share your code here, DNAC version etc? 

From what i read, Cat Centre (DNAC) does not natively integrate with CyberArk for retrieving SNMPv3 credentials, you would need to create a script/app that would retrieve your SNMPv3 credentials from CyberArk and then uses the Cat Centre API to create the credentials.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

Torbjørn
VIP
VIP

‎02-10-2025 02:24 AM

Can you post the Cat-C version and a request body you tried? I just tested this minimal request body on 2.3.7.7 with success: 

[
    {
        "snmpMode": "NOAUTHNOPRIV",
        "username": "userName"
    }
]

 There is no Cat-C <-> Cyberark integration unfortunately.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

dmcdonald
Level 1
Level 1

‎02-18-2025 08:56 AM

DNAC version 2.3.5.6-70143

I'm using an USM object that works with the pysnmp library, so I have to translate some of the values to a format that DNAC can understand.

new_cred = [ {
'authPassword': user_data.authKey,
'authType': credentials.auth_OID_to_DNAC(user_data.authProtocol),
'comments': 'imported ' + host,
'credentialType': 'GLOBAL',
'description': host,
'privacyPassword': user_data.privKey,
'privacyType': credentials.priv_OID_to_DNAC(user_data.privProtocol),
'snmpMode': 'AUTHPRIV',
'username': user_data.securityName,
}, ]

Here is the data I am sending, with sensitive information redacted:

(Pdb) new_cred
[{'authPassword': '<mumble>', 'authType': 'SHA', 'comments': 'imported for somehostname', 'credentialType': 'GLOBAL', 'description': 'somehostname.somedomain.net', 'privacyPassword': '<mumble>', 'privacyType': 'AES128', 'snmpMode': 'AUTHPRIV', 'username': 'public'}]

(Pdb) l
78 'privacyType': credentials.priv_OID_to_DNAC(user_data.privProtocol),
79 'snmpMode': 'AUTHPRIV',
80 'username': user_data.securityName,
81 }, ]
82 create_url = dnac_url + '/dna/intent/api/v1/global-credential/snmpv3'
83 B-> response = requests.post(create_url,headers=headers, json=new_cred,verify=True)
84 if response.status_code == 201:
85 return True
86 elif response.status_code == 202:
87 while True:
88 task_status = requests.get(dnac_url + response.json()['response']['url'], headers=headers, verify=True)
(Pdb)

 

The original passwords are a more reasonable length than the word "<mumble>":

(Pdb) len(new_cred[0]['authPassword'])
34
(Pdb) len(new_cred[0]['privacyPassword'])
32
(Pdb)

 

0 Helpful

Torbjørn
VIP
VIP
In response to dmcdonald

‎03-07-2025 01:32 AM

Hello @dmcdonald,

Sorry for the late response! I unfortunately missed your reply.

Your payload works if you replace all single quotes with double quotes. I tested with the following payload:

[
  {
    "authPassword": "mumblemumble",
    "authType": "SHA",
    "comments": "imported for somehostname",
    "credentialType": "GLOBAL",
    "description": "somehostname.somedomain.net",
    "privacyPassword": "mumblemumble",
    "privacyType": "AES128",
    "snmpMode": "AUTHPRIV",
    "username": "public"
  }
]

 

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

john-p
Level 1
Level 1

‎03-06-2025 11:09 AM

It sounds to me like you are trying to create a credential set in the network settings and then apply it to the device. The credentials in the network settings are more for using standard configurations at a site or globally. you do not need to save any of your device credentials in the global network settings. This just makes it easier for people who use a limited set of credentials to manage them via Catalyst center.

The solution you are looking for is probably to set the "Update Device Details" API call. A PUT to '/network-device'

The sample of the PUT body is below and as you can see, the SNMP settings are listed. You should be able to remove any of the optional settings that you are not updating. The IP of the device is the only required field. Many fields also have the option of using the string 'NO!$DATA!$' if they do not require an update. This should allow you to set set the SNMP credentials per-device.

{
"cliTransport": "string",
"computeDevice": "boolean",
"enablePassword": "string",
"extendedDiscoveryInfo": "string",
"httpPassword": "string",
"httpPort": "string",
"httpSecure": "boolean",
"httpUserName": "string",
"ipAddress": [
"string"
],
"merakiOrgId": [
"string"
],
"netconfPort": "string",
"password": "string",
"serialNumber": "string",
"snmpAuthPassphrase": "string",
"snmpAuthProtocol": "string",
"snmpMode": "string",
"snmpPrivPassphrase": "string",
"snmpPrivProtocol": "string",
"snmpROCommunity": "string",
"snmpRWCommunity": "string",
"snmpRetry": "integer",
"snmpTimeout": "integer",
"snmpUserName": "string",
"snmpVersion": "string",
"type": "string",
"updateMgmtIPaddressList": [
{
"existMgmtIpAddress": "string",
"newMgmtIpAddress": "string"
}
],
"userName": "string"
}

On a side note. If you want to integrate with something like cyber ark, I would recommend having cyber ark push the credential updates to a Flask server and then having the Flask server manage your Cat-C integration.

0 Helpful
Customers Also Viewed These Support Documents