Network Topology Mapper SNMPv3 Test Credential Failed

I am evaluating NTM for my organization, using it for network devices, specifically Cisco.  When I attempt to implement a new scan, using SNMPv3 credentials, I get a failed test.  I have all information input into Edit SNMP Credential. I have verified it against the configuration of the device I am testing against. On a side note, we are currently using SW Orion and have no issues with SNMP with it.

The device where NTM is installed, its IP address is in a range allowed by an ACL on the Cisco devices.  No firewalls in the path are blocking the traffic.

There is something interesting on a Wireshark capture, from the NTM device to the network device, fields indicate that information is missing:
msgAuthenticationParameters:  <MISSING>
msgPrivacyParameters: <MISSING>

The values are stored and are not missing in the Edit SNMP Credential window.

Thanks!

Parents
  • I know this is 2 years later but I have the exact same issue as you.  Did you get it figured out?  I'm starting to think NTM relies on it's host machine for SNMPv3 and mine is Windows Server 2016 which doesn't have native SNMPv3 support.  I figure NTM could craft the SNMPv3 itself but maybe not?

  • The NTM sends the SNMP v3 from the host. I was successful with this on my Cisco devices:

    snmp-server group <SOME-SNMP-GROUP> v3 priv read <SOME-VIEW-NAME> access <SOME-NETWORKS>
    snmp-server user <SOME-SNMP-USER> <SOME-SNMP-GROUP> v3 auth sha <auth-password> priv aes 256 <priv-password>
    nnmp-server view <SOME-VIEW-NAME> iso included
    !
    ip access-list extended <SOME-NETWORKS>
    remark *** Add some networks ***
    permit ip 192.168.1.0 0.0.0.255 any

Reply
  • The NTM sends the SNMP v3 from the host. I was successful with this on my Cisco devices:

    snmp-server group <SOME-SNMP-GROUP> v3 priv read <SOME-VIEW-NAME> access <SOME-NETWORKS>
    snmp-server user <SOME-SNMP-USER> <SOME-SNMP-GROUP> v3 auth sha <auth-password> priv aes 256 <priv-password>
    nnmp-server view <SOME-VIEW-NAME> iso included
    !
    ip access-list extended <SOME-NETWORKS>
    remark *** Add some networks ***
    permit ip 192.168.1.0 0.0.0.255 any

Children
No Data