SnmpV3 Configuration issues...
Jason
The server is a Windows 2003 server with SP1 with IIS 6.0 installed,
using MRTG version 2.14.3 with ActivePerl 5.8.8.817... Thanks in
advance...
---------------------------------------------------------------------------------------
I am using a Cisco 3725 router with ISO v 12.2(13)T1, my SNMP
configuration are the following;
snmp-server group Admin v3 priv read DoSLab notify
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF
snmp-server community Public
snmp-server chassis-id RouterA
snmp-server enable traps snmp authentication linkdown linkup coldstart
warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps bgp
snmp-server enable traps pim neighbor-change rp-mapping-change
invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps dlsw
snmp-server enable traps pppoe
snmp-server enable traps atm subif
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps ipmobile
snmp-server enable traps vtp
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice poor-qov
snmp-server enable traps dnis
snmp-server enable traps xgcp
snmp-server host 10.10.1.8 version 3 priv John_Doe
---------------------------------------------------------------------------------------
RouterA#show snmp user
User name: John_Doe
Engine ID: 800000030600000GFDC03G90
storage-type: nonvolatile active
---------------------------------------------------------------------------------------
RouterA#show snmp group
groupname: ILMI security model:v1
readview :*ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: ILMI security model:v2c
readview :*ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: Admin security model:v3 priv
readview : Public writeview: <no writeview
specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF
row status: active
groupname: Public security model:v1
readview :v1default writeview: <no writeview
specified>
notifyview: <no notifyview specified>
row status: active
groupname: Public security model:v2c
readview :v1default writeview: <no writeview
specified>
notifyview: <no notifyview specified>
groupname: Public security model:v2c
readview :v1default writeview: <no writeview
specified>
notifyview: <no notifyview specified>
row status: active
---------------------------------------------------------------------------------------
Used this command to generate the MRTG.CFG file;
C:\MRTG\mrtg-2.14.3\bin>perl cfgmaker --subdirs=HOSTNAME__SNMPNAME
--no-down Pub...@10.10.1.100 --snmp-options=:::::3
--authkey="0x6c0131b6a3004ebn93edcf0b1e4gb1221101jk456"
--authprotocol="sha" --privprotocol="des" --username=" John_Doe "
--privkey="0x6c0131b7a7006efb13vvbf0dfe4tr001" --zero-speed=100000000
--global "WorkDir:D:\Inetpub\wwwroot\mrtg" --output "mrtg.cfg"
---------------------------------------------------------------------------------------
Ran this command to check the MRTG.CFG file, and received no errors;
C:\MRTG\mrtg-2.14.3\bin>perl mrtg mrtg.cfg
---------------------------------------------------------------------------------------
Added the following lines to the MRTG.CFG file
Target[10.10.1.100_1]: 1:Pub...@10.10.1.100:::::3
SnmpOptions[10.10.1.100_1]: authkey
=>'0x6c0131b6a3004ebn93edcf0b1e4gb1221101jk456',authprotocol
=>'sha',privprotocol =>'des',username =>'John_Doe',privkey
=>'0x6c0131b7a7006efb13vvbf0dfe4tr001'
---------------------------------------------------------------------------------------
Then re-ran the following command to check the MRTG.CFG file and
received the following errors;
C:\MRTG\mrtg-2.14.3\bin>perl mrtg mrtg.cfg
SNMPopen Unknown SNMP Option Key 'authprotocol' at mrtg line 2034
SNMPopen Unknown SNMP Option Key 'authkey' at mrtg line 2034
SNMPopen Unknown SNMP Option Key 'privprotocol' at mrtg line 2034
SNMPopen Unknown SNMP Option Key 'privkey' at mrtg line 2034
SNMPopen Unknown SNMP Option Key 'username' at mrtg line 2034
SNMP Error:
Received SNMP response with error code
error status: noSuchName
index 1 (OID: 1.3.6.1.2.1.31.1.1.1.6.1)
SNMPv1_Session (remote host: "10.10.1.100" [10.10.1.100].161)
community: "Public"
request ID: 1075221487
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
at C:/MRTG/mrtg-2.14.3/bin\..\lib\mrtg2/SNMP_util.pm line 490
SNMPGET Problem for ifHCInOctets.1 ifHCOutOctets.1 sysUptime sysName on
Pub...@10.10.1.100:::::3:v4only at mrtg line 2034
Thursday, 29 June 2006 at 9:35: ERROR: Target[10.10.1.100_1][_IN_] '
$target->[0]{$mode} ' did not eval into defined data
Thursday, 29 June 2006 at 9:35: ERROR: Target[10.10.1.100_1][_OUT_] '
$target->[0]{$mode} ' did not eval into defined data
Daniel J McDonald
Jason <caldwel...@gmail.com> wrote:
>Can someone help me with my configuration of MRTG and using SNMPv3...
>The server is a Windows 2003 server with SP1 with IIS 6.0 installed,
>using MRTG version 2.14.3 with ActivePerl 5.8.8.817... Thanks in
>advance...
snmp v3 support requires the Net::SNMP module as well. I did not test it on the
Windows platform as I don't have access to any.
I haven't touched perl on Windows since about '99, on NT 4.0, so I couldn't tell you
how to download that particular module.
I see one other thing that is of concern:
>groupname: Admin security model:v3 priv
>readview : Public writeview: <no writeview
>specified>
>notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF
>row status: active
You have a readview named "Public", but you didn't list any snmp view statements.
e.g:
snmp-server group enes v3 priv read v3priv
snmp-server view v3priv iso included
snmp-server view v3priv internet included
snmp-server view v3priv internet.6.3.15 included
snmp-server view v3priv internet.6.3.16 included
do a "show snmp view" to see what views you have defined.
--
Daniel J McDonald CCIE # 2495, CNX
Visit my website: http://www.austinnetworkdesign.com
Jason
be having the same issues, so here is a little more information about
my setup.. I hope this helps out... Thanks, again..
SNMP commands ran
-------------------------------
snmp-server engineID remote 10.10.1.8 123456789100000000000000
snmp-server user John_Doe remotegp v3 auth sha Public123 priv des56
Public123
snmp-server group remotegp v3 priv read Public123 notify Public123
snmp-server host 10.10.1.8 version 3 priv John_Doe
snmp-server host 10.10.1.8 version 3 auth John_Doe
snmp-server enable informs
Cisco SNMP configs from the router
----------------------------------------------------
!
snmp-server engineID remote 10.10.1.8 123456789100000000000000
snmp-server group remotegp v3 auth read notify
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF
snmp-server group remotegp v3 priv read Public123 notify
*tv.FFFFFFFF.FFFFFFFF.F
FFFFFFF
snmp-server enable traps tty
snmp-server host 10.10.1.8 version 3 auth John_Doe
!
RouterA#show snmp user
----------------------------------
User name: John_Doe
Engine ID: 800000090300000BFDC93B90
storage-type: nonvolatile active
RouterA#show snmp group
------------------------------------
groupname: ILMI security model:v1
readview :*ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: ILMI security model:v2c
readview :*ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active
groupname: remotegp security model:v3 auth
readview :<no readview specified> writeview: <no writeview
specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF
row status: active
groupname: remotegp security model:v3 priv
readview :Public123 writeview: <no writeview
specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFF
row status: active
RouterA#show snmp view
-----------------------------------
*ilmi system - included permanent active
*ilmi atmForumUni - included permanent active
v1default iso.2.840.10036 - included volatile active
v1default internet - included volatile active
v1default internet.6.3.15 - excluded volatile active
v1default internet.6.3.16 - excluded volatile active
v1default internet.6.3.18 - excluded volatile active
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF iso.2.840.10036 - included volatile
active
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF internet - included volatile active
RouterA#show snmp
---------------------------
Chassis: JMX0709L4DW
28 SNMP packets input
0 Bad SNMP version errors
10 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
18 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP logging: enabled
Logging to 10.10.1.8.162, 0/10, 0 sent, 0 dropped.
Ran SNMPGET from the command line
---------------------------------------------------------
snmpget -v 3 -a SHA -A Public123 -e 123456789100000000000000 -E
123456789100000000000000 -x DES -X Public123 -u John_Doe 10.10.1.8
1.3.6.1.2.1.1.3.0
RouterA#debug snmp packets
--------------------------------------------
SNMP packet debugging is on
*Mar 1 00:29:16.703: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:16.703: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 19
*Mar 1 00:29:16.703: SNMP: Packet sent via UDP to 10.10.1.8
*Mar 1 00:29:17.715: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:17.715: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 20
*Mar 1 00:29:17.715: SNMP: Packet sent via UDP to 10.10.1.8
*Mar 1 00:29:18.723: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:18.723: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 21
*Mar 1 00:29:18.727: SNMP: Packet sent via UDP to 10.10.1.8
*Mar 1 00:29:19.735: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:19.735: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 22
*Mar 1 00:29:19.735: SNMP: Packet sent via UDP to 10.10.1.8
*Mar 1 00:29:20.743: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:20.743: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 23
*Mar 1 00:29:20.747: SNMP: Packet sent via UDP to 10.10.1.8
*Mar 1 00:29:21.755: SNMP: Packet received via UDP from 10.10.1.8 on
FastEthernet1/1
*Mar 1 00:29:21.755: SNMP: Report, reqid 2100754125, errstat 0, erridx
0
internet.6.3.15.1.1.4.0 = 24
*Mar 1 00:29:21.755: SNMP: Packet sent via UDP to 10.10.1.8
Daniel J McDonald
Jason <caldwel...@gmail.com> wrote:
>SNMP commands ran
>-------------------------------
>snmp-server engineID remote 10.10.1.8 123456789100000000000000
>snmp-server user John_Doe remotegp v3 auth sha Public123 priv des56
>Public123
>snmp-server group remotegp v3 priv read Public123 notify Public123
the "read" value here is a view name, not a community string or
password. You haven't defined view
Public123 anywhere, so you can't read anything.
if you leave the read view blank, it defaults to v1default, which is
probably adequate for what you want.
>RouterA#show snmp view
>-----------------------------------
>*ilmi system - included permanent active
>*ilmi atmForumUni - included permanent active
>v1default iso.2.840.10036 - included volatile active
>v1default internet - included volatile active
>v1default internet.6.3.15 - excluded volatile active
>v1default internet.6.3.16 - excluded volatile active
>v1default internet.6.3.18 - excluded volatile active
>*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF iso.2.840.10036 - included volatile
>active
>*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF internet - included volatile active
Jason
provide the "read" value in the snmpget command, can you provide me
with a example or is this a command on the router that needs to be
applied... Thanks, agian..
Jason
setting from the router and started with the basics
Snmp-server user john remotegp v3
Snmp-server group remotegp v3 noauth
And Im able to pull system time using snmp v3
It works using this snmpget command
snmpget -v 3 -u john 10.10.1.8 1.3.6.1.2.1.1.3.0
But when I try to apply the auth or the priv commands I get an access
denial from the router
Snmp-server group remotegp v3 auth
Snmp-server group remotegp v3 priv
Snmp-server user john remotegp v3 auth sha test12345 priv des56
test12345
It fails using this snmpget command
snmpget -v 3 -a SHA -A test12345 -x DES -X test12345 -u john 10.10.1.8
1.3.6.1.2.1.1.3.0
What am I missing... Thanks, Jason
Jason
having issues with trying to get snmp v3 to work with some sort of
authentication... I used this configuration example right out of one of
Cisco's PDF's
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t3/snmp3.pdf
---- configs
snmp-server engineid remote 16.20.11.14 00000063000100a1ac151003
snmp-server group remotegroup v3 auth
snmp-server user remoteAuthUser remoteAuthGroup remote 16.20.11.14 v3
auth md5 password1
I used this snmpget command:
----
C:\mrtg-2.14.5\bin>snmpget -v 3 -a MD5 -A password1 -E
00000063000100a1ac151003 -u remoteAuthUser 16.20.11.14
1.3.6.1.2.1.1.3.0
snmpget: Unknown user name
C:\mrtg-2.14.5\bin>
And all I get back saying "Unknown user name"
My Cisco IOS v 12.2(13)T1, and my snmp manager server is a Windows 2003
server with SP1 with IIS 6.0 installed, using MRTG version 2.14.5 with
ActivePerl 5.8.8.817 and Net-Snmp v 5.3.0.1-1.win32
xir...@gmail.com
MRTG to work properly. Here's what I did and where I'm at:
!This creates and enables the group MRTG with the authpriv
authentication type
snmp-server group MRTG v3 priv
!This creates the MRTG user and assigns it to the MRTG group using MD5
authentication and
snmp-server user MRTG MRTG v3 auth md5 <yourpassword> priv des
<yourprivencryption>
This is all you require to enable SNMPv3 on the Cisco IOS with
authpriv. I can run the following and get data back:
snmpget -v3 -a md5 -u MRTG -x des -A <yourpassword> -X
<yourprivencryption> -l authpriv <routerip> 1.3.6.1.2.1.1.3.0
I get data back from this. This is the system uptime OID. You can
also use snmpwalk with the same syntax. I am just having problems
getting MRTGs cfgmaker to work with SNMPv3. I have tried setting
--snmp-options=:::::3 --username=MRTG which tells me I need to specify
a username when using SNMPv3 (duh.. --username is giving you that).
If you have any success getting MRTG to work, please let me know. Hope
this helps.
