Paessler Snmp Tester

[Ashlyn Robello]

Ihope this is in the correct forum, but I was in need of assistance about setting up SNMP v3 on a Cisco 3750X switch stack and allowing access to Paessler PRTG to monitor the switch stack. I thought I had setup the SNMP server on the 3750X correct, but I cannot get the Paessler SNMP tester app to connect.

Here is the configuration I have for the Cisco 3750X switch stack, I will list the SNMP results of the switch below. I am just trying to learn this, so if I have missed a step or I need additional configuration to allow PRTG to query the switch please let me know. As it stands right now it looks like it is not able to connect, but I know the ports 161 & 162 are not being blocked.

snmp-server group ROGROUP v3 priv read MYVIEWRO

snmp-server group RWGROUP v3 priv read MYVIEWRO write MYVIEWRW

snmp-server view MTVIEWRO mib-2 included

snmp-server view MYVIEWRW mib-2 included

ObjectID = 1.3.6.1.4.1.8072.3.2.10 is a reserved OID. This is a generic ID for linux. Reading though all the information for the last few hours on lansweeper I am seeing the following information. Device Scanner insert your custom OID to scan and see if it will scan them. Sadly if the device responds to 1.3.6.1.4.1.8072.3.2.10 then no matter what you put in your custom scan area are ignored. Synology you can download and install the OID's into Lansweeper. No problem. Added them to assets too. IF you run from an Ubuntu box the command "snmpwalk -v3 -l AuthNoPriv -a MD5 -u MyUserName -A MyPassword 10.20.30.40 1.3.6.1.4.1.6574.1" this will give you the information about your synology system etc.. change the ending 1 to a 2 like this 1.3.6.1.4.1.6574.2 and you will get with the snmpwalk your disk information. All this is ignored with Lansweepers scan tool. A suggestion was made in another post to download paessler snmp tester (PRTG), and again just like with the ubuntu box and snmpwalk I am able to get full outputs using the OID supplied by Synology.

Please fix your Device Tester & and Please fix Lansweeper so it will scan asset which have been assigned to a pool which OID's are imported to. It will show me that it scanned the 17 OID's I requested but no data. This is as far as I have gotten after many hours of troubleshooting. Again other scanning tools have no problems making the request but Lansweeper fails in this case.

1.3.6.1.4.1.8072.3.2.10 is a reserved OID for Linux systems, and you should get results for custom OIDs when scanning Linux devices. Could you share some screenshots of the results you get with the Lansweeper scan tool?

I cannot find the SNMPv3 MIBs. I have the SNMPv2 MIBs from the juniper MIBs site for the version of Junos being used. What I cannot find is WHERE to copy these MIBs onto the Juniper MX240.... Could anyone please let me know where we should load the MIBs too?

As I mentioned we are using a DOS implimentation of snmpwalk with all tested on paessler and neither work. We always seem to be getting either Security or authenticaiton problems..... but it is very simple MD5 - Usrname test and key is just testing123 ... not difficult...

Obviously, in our case "password" was required (and I believe this will be in every case..... but, this is the important part, when we then look at the config, there is no "authentication-password" there, even though that is what we configured. It has changed it to "authenticaiton-key", hence in the Juniper documentation it says "key".

I have a stm32f746 discovery board and I want to configure a snmp agent on it. I followed a simple example and wrote a code. In my code, I want to send a constant value in snmp protocol when i call its OID. I test my code using "Paessler SNMP Tester".when i reset the board, in the first time all things is ok and constant value receive using SNMP tester. but after that, my code is not work and even ping request answer timeout. "main.c" attached to post.

I have created snmpv3 and test it against a printer and keep getting "Authenticate failure". I have tested this snmpv3 account using Solarwinds, and download Paessler snmp tester tool and they both successful. I have used all of the encryption combination that I can think of and its still not working.

All of our APC UPS units are monitored via SCOM 2019 UR1 using SNMP v1/v2. Now the devices should be reconfigured for v3 to make them more secure. However, SCOM is not able to discover them. As mentioned, the credentials and setup have been confirmed using SNMP Tester from the very same machine as the discovery runs from.

After having worked with Microsoft engineers for many many month they now provided us with a new sm-snmp.dll that is able to discover and monitor APC SNMPv3 devices.

The problem was that they did not follow RFC 3414 on all requirements and missed to populate some fields and had wrong chraracters in another. So a successful discovery depends on how strict the target system is. Apparently, the APC devices are while Cisco switches are more relaxed.

The same issue ! I've been working around for 2 weeks before I run out into your answer . Thank you so much, now I get an answer ..but not a decision. 8( Also I strongly suspect that it won't being changed in UR5 either..

any other related events on your management servers? Please check on all servers, which are part of the network device monitoring resource pool.

Firewall is always a topic, but surely not in your case, so nice try with disabling it :)

I would also check in the SCOM conolse, under "Pending management" you should also be able to see some kind of reason for this? Can you please check it out?

The other thing to doiuble check are your run as accounts and the requirements regarding those:

thanks for your suggestions. I did read through them and can confirm that everything is configured as it should be. There are no additional messages in the event log. In Network Pending view I can see the to be monitored device as "No Response SNMP".

The network trace does not show any additional traffic apart from the four attempts as shown in the first screenshot I posted before. And this is the problem I'm having here as we do not see a response from the device. Using the SNMP Tester from the same management server we can see the communication going back and forth.

I have no idea why the APC unit would not send a response back to the discovery server. Even if some parameter is incorrect it should send some information back. Since the SNMP tester sits directly on the network port it would see all packets first before they hit SCOM.

very odd indeed. I am not quite sure how I would troubleshoot this. Usually such devices have a configuration option to which hosts they can send SNMP responses, but in your case this is also not a topic, because you mentioned that they have been monitored, using SNMPv1 or v2.

Is there an option to involve the vendor in a way? If they are not responding to SCOM, it can be some config related to SNMPv3 on the APC end.

We've been going back and forth between Microsoft support and APC support. Lots of network traces were generated, we even built a temporary SCOM environment on the same subnet as the APC device to rule out any network related issues.

It looks like the issue is in SCOM not following the SNMP v3 implementation to 100% per RFC 3414. During the discovery phase traffic is unencrypted and unauthorized. The msgAuthenticationParameters should be set to a zero-length value. In the network trace it can be seen that SCOM fills that parameter with 12 octects of zeroes. Technically, that is not a zero-length value. The APC device in turn does not accept this and therefore refuses to respond.

3a8082e126