SNMP V3 on Cisco WS-C3560G-48PS Switch

Antony.xavier · ‎01-20-2022

Hi There,

I am unable to configure SNMPv3 Privacy / Encryption in cisco WS-C3560G-48PS Switch, could you please share the CLI commands to execute this command OR does this switch module support SNMPV3 Privacy/Encryption method?

Logs:

=====

SW02(config)#snmp-server user Abd ABC v3 AUTH SHA 12345 ?
access specify an access-list associated with this group
<cr>

Regards,

Antony Xavier.

balaji.bandi · ‎01-20-2022

what is the version of code running, what License device has it :

check the below SNMP version and limitations and configuration :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swsnmp.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Antony.xavier · ‎01-26-2022

Software version: 12.2(35)SE5

Model: WS-C3560G-48PS

SW Image: C3560-IPBASE-M

balaji.bandi · ‎01-26-2022

Check the command syntax :

Step 3

snmp-server user username groupname {remote host [udp-port port]} {v1 [access access-list] | v2c [access access-list] | v3 [encrypted] [access access-list] [auth {md5 | sha} auth-password]}

Configure an SNMP user to be associated with the remote host created in Step 2.

Note

You cannot configure a remote user for an address without first configuring the engine ID for the remote host. Otherwise, you receive an error message, and the command is not executed.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎01-20-2022

Hello,

what if you use md5 instead of sha ?

SW02(config)#snmp-server user Abd ABC v3 auth md5 12345 ?

Antony.xavier · ‎01-26-2022

Hi Georg,

No luck with Md5

SW02(config)#$ user Abd ABC v3 auth md5 12345 ?
access specify an access-list associated with this group
<cr>

hemmerling · ‎01-26-2022

Does this work?

ip access-list standard SNMP_ACCESS_ACL
 permit any
!
snmp-server view ISO-ALL iso included
!
snmp-server group MY-RO-GROUP v3 priv read ISO-ALL access SNMP_ACCESS_ACL
snmp-server group MY-RW-GROUP v3 priv read ISO-ALL write ISO-ALL notify ISO-ALL access SNMP_ACCESS_ACL
!
snmp-server user MY-USER1 MY-RO-GROUP v3 auth sha blablablabla priv aes 128 blablablabla
snmp-server user MY-USER2 MY-RW-GROUP v3 auth sha blablablabla priv aes 128 blablablabla

If not, I'd make sure that there is a k9 somewhere in the ios filename.

Some of those older switches with very little space couldn't fit all the crypto-stuff in the ios.
If t hat's the case, try this instead.

ip access-list standard SNMP_ACCESS_ACL
 permit any
!
snmp-server view ISO-ALL iso included
!
snmp-server group MY-RO-GROUP v3 auth read ISO-ALL access SNMP_ACCESS_ACL
snmp-server group MY-RW-GROUP v3 auth read ISO-ALL write ISO-ALL notify ISO-ALL access SNMP_ACCESS_ACL
!
snmp-server user MY-USER1 MY-RO-GROUP v3 auth sha blablablabla
snmp-server user MY-USER2 MY-RW-GROUP v3 auth sha blablablabla

Let us know how it goes.