This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Network Topology Mapper SNMPv3 Test Credential Failed

I am evaluating NTM for my organization, using it for network devices, specifically Cisco.  When I attempt to implement a new scan, using SNMPv3 credentials, I get a failed test.  I have all information input into Edit SNMP Credential. I have verified it against the configuration of the device I am testing against. On a side note, we are currently using SW Orion and have no issues with SNMP with it.

The device where NTM is installed, its IP address is in a range allowed by an ACL on the Cisco devices.  No firewalls in the path are blocking the traffic.

There is something interesting on a Wireshark capture, from the NTM device to the network device, fields indicate that information is missing:
msgAuthenticationParameters:  <MISSING>
msgPrivacyParameters: <MISSING>

The values are stored and are not missing in the Edit SNMP Credential window.

Thanks!

Parents
  • I know this is 2 years later but I have the exact same issue as you.  Did you get it figured out?  I'm starting to think NTM relies on it's host machine for SNMPv3 and mine is Windows Server 2016 which doesn't have native SNMPv3 support.  I figure NTM could craft the SNMPv3 itself but maybe not?

Reply
  • I know this is 2 years later but I have the exact same issue as you.  Did you get it figured out?  I'm starting to think NTM relies on it's host machine for SNMPv3 and mine is Windows Server 2016 which doesn't have native SNMPv3 support.  I figure NTM could craft the SNMPv3 itself but maybe not?

Children
  • This condition is normal for the first SNMPv3 packet to initiate the conversation:

    There is something interesting on a Wireshark capture, from the NTM device to the network device, fields indicate that information is missing:
    msgAuthenticationParameters:  <MISSING>
    msgPrivacyParameters: <MISSING>

    The response from the device will provide as I recall an EngineID which the next request from the poller will include along with the username, authentication password, and privacy password. The first SNMPv3 packet will not have the credentials yet and this is normal setup of the poll.

    Now if you don't see any response from the device it may be something is blocking it along the way or dropping it. The original post indicated no firewalls but there is other reasons for it to be dropped like MTU size so just something to keep in mind. 

    Assuming the end device is receiving the SNMP poll there is another consideration is it replying. A span session or debug may inform us. I have seen devices not respond because they go into an SNMP service lockout when there is too many failed logins - Ruggedcom equipment in my case.

    If you see the packet with no credentials and than a response with an EngineID gets to Solarwinds and then Solarwinds tries to poll the device with no credentials but has the EngineID filled out this will be an issue why Solarwinds is not putting in the credentials you supplied but I would guess it will be one of the other issues I mentioned based on my experience.

  • The NTM sends the SNMP v3 from the host. I was successful with this on my Cisco devices:

    snmp-server group <SOME-SNMP-GROUP> v3 priv read <SOME-VIEW-NAME> access <SOME-NETWORKS>
    snmp-server user <SOME-SNMP-USER> <SOME-SNMP-GROUP> v3 auth sha <auth-password> priv aes 256 <priv-password>
    nnmp-server view <SOME-VIEW-NAME> iso included
    !
    ip access-list extended <SOME-NETWORKS>
    remark *** Add some networks ***
    permit ip 192.168.1.0 0.0.0.255 any