Version 2

    PURPOSE: This is for Basic setup for Cisco IOS, ASA, and Nexus

     

    Reference:  SNMPv3

     

    Notes for the Guide:

    Username: TestSNMPv3User

    Password: P@$$w0rd

    View Name:  TestSNMPv3View

    Group Name: TestSNMPv3Group

     

        1. Create the View
          • Example Command: SNMP-Server view TestSNMPv3View Internet included
            1. If you see %Bad OID, then Internet does not exist, use ISO (if exists), or 1.3.6
              • Included MIB Family is included in the view
              • Excluded MIB Family is excluded from the view
        2. Create the Group
            • Example Command: SNMP-Server group TestSNMPv3Groupv3privReadTestSNMPv3ViewWriteTestSNMPv3View
                1. v1: Group using the v1 security model
                2. v2c: Group using the v2c security model
                3. v3: Group using the User security model (SNMPv3)
                4. Auth: Group using the authNoPriv Security Model
                5. Noauth: Group using the noAuthNoPriv Security Model
                6. Priv: Group using the authPriv Security Model
                7. Access: Specify an access-list associated with this group
                8. Context: Specify a context to associate these views for the group
                9. Notify: Specify a notify view for the Group – Send a syslog every time a view is touched
                10. Read: Specify a read view for the group
                11. Write: Specify a write view for the group
        3. Create the User (usually do not see the user in Show Run/Show Start configurations)
              1. Example Command: SNMP-Server user TestSNMPv3UserTestSNMPv3Groupv3Auth SHA P@$$w0rd priv AES P@$$w0rd
              1. Remote: Specify a remote SNMP entity to which the user belongs
              2. v1: Group using the v1 security model
              3. v2c: Group using the v2c security model
              4. v3: Group using the User security model (SNMPv3)
              5. Access: Specify an access-list associated with this group
              6. Auth: Authentication parameters for the user
              7. Encrypted: Specifying passwords as MD5 or SHA digests
              8. MD5: Use HMAC MD5 algorithm for authentication
              9. SHA: Use HMAC SHA1 algorithm for authentication
              10. 3DES: Use 168 bit 3DES algorithm for encryption
              11. AES: Use AES 128, 192, or 256 bit algorithm for encryption
              12. DES: Use 56 but DES algorithm for encryption
        4. Send to Destination Host (Required for ASA, optional for others)
          1. Command (ASA Only): SNMP-Server Host inside10.10.1.161 version 3 TestSNMPv3Group

    Note: 10.10.1.161 is the Solarwinds server. If the Server is not in the list, then you will not be able to add the Device

          1. inside   Name of interface Vlan1
          2. outside  Name of interface Vlan2

     

     

    Example of the configurations

     

    Cisco IOS

     

    SNMP-Server view TestSNMPv3View Internet included

    SNMP-Server group TestSNMPv3Group v3 priv Read TestSNMPv3View Write TestSNMPv3View

    SNMP-Server user TestSNMPv3User TestSNMPv3Group v3 auth SHA P@$$w0rd priv AES P@$$w0rd

    SNMP-Server group TestSNMPv3Group v3 priv context vlan match prefix

     

    Cisco ASA

     

    SNMP-Server group TestSNMPv3Group v3 priv

    SNMP-Server user TestSNMPv3User TestSNMPv3Group v3 auth SHA P@$$w0rd priv AES P@$$w0rd

    SNMP-Server Host inside 10.10.1.161 version 3 TestSNMPv3User


    Cisco Nexus

     

     

                                  snmp-server user TestSNMPv3User auth sha TestSNMPv3User priv aes-128 P@$$w0rd

     

    Adding the device in Orion: Note: Do not initially add Read/Write Credentials, select Test and if successful, it works.

     

    Troubleshooting Cisco

     

    IOS

        1. Important Commands to use to Remove existing configurations, please use ? for more options:
          1. No snmp-server group
          2. No snmp-server user
          3. No snmp-server host
        1. Views  - contained in groups
          1. Views define what MIBs are available on the Device

     

     

      • Also Note the Host and the Interface it is going out on
        1. Command: snmp-server host 10.10.1.6 version 3 auth TestSNMPv3User version 3
          1. The authentication must match the same as the SNMPv3 configuration
      • You can add the following on the same command line to generate Traps:
        1. Server 2008:
          1. C:\ProgramData\Solarwinds\Logs\Orion\TrapService.log
      • If you see the following Error please see This KB

    UDT Module:

    While everything works by default on SNMPv2, you will need to add new commands to the Cisco devices to expose per VLAN values for this MIB. According to Cisco, SNMPv2 and SNMPv3 work quite differently when polling the BRIDGE-MIB which contains these layer 2 values.

    To Allow all VLANs, for most Cisco Devices:

                                       SNMP-Server group TestSNMPv3Group v3 priv context vlan match prefix

    If the Above does not show all VLANs, your version of IOS needs to have each VLAN explicitly listed.

      1. Command: snmp-server group OurGroupName v3 priv context vlan-3
      2. Command: snmp-server group OurGroupName v3 priv context vlan-10
      3. Command: snmp-server group OurGroupName v3 priv context vlan-41