3 Replies Latest reply on Aug 10, 2018 10:53 AM by bourlis

    SNMP V3 ISSUE

    zabs

      i have configure below configure on my network devices but unfortunately nodes added test fail but after sometimes same nodes have added on same configuration. i dont understand what the issue. may be solar wind application create some problem or anything else.

       

      snmp-server group X v3 auth

      snmp-server trap-source <interface>

      snmp-server enable traps snmp linkdown linkup coldstart warmstart

      snmp-server host <remote server ip address> version 3 auth X  snmp

      snmp-server user X  X v3 auth md5 <password> priv des <password>

        • Re: SNMP V3 ISSUE
          cahunt

          When I build this out, I usually follow a a sequence of setting up the source interfaces if needed, creating the group, then building the user within the group and lastly setting the host. That does not always make a difference, but for some devices in my past; it made all the difference.

           

          Check your setup with show snmp group & show snmp user - ,make sure the group is setup how you want and that the user is in the group.

           

          The only thing I hang up on here is your Server Host Line;

           

          snmp-server host <SW Server IP> version 3 priv <SNMPUserName>

           

          If the user is not aligning to the group, blow it out and rebuild.

          - you should only need to X the User, Group and Host; Traps Enable and source interfaces and views can be left alone for this process.

           

          -CharlesH

          Loop1 Systems: SolarWinds Training and Professional Services

          • Re: SNMP V3 ISSUE
            Vinay BY

            what do you mean by after some time ? Whats the time gap or time difference in your scenario.

            • Re: SNMP V3 ISSUE
              bourlis

              Zabs, This is basically the same thing cahunt said, but with a little bit more detail.  We put use access-lists to limit the systems that can communicate to our networking equipment and my example reflects that.  Simply drop off the access-list information if it's not relevant. Also my example shows SHA/AES 128, simply swap those for your environment.  This configuration will grant Solarwinds Read/Write access so when you load them into Solarwinds be sure to enter the credentials twice, once in the SNMPv3 cred section and again in the Read/Write cred section

               

                   access-list 20 remark Solarwinds

                   access-list 20 permit 172.92.163.0 0.0.0.255

                   access-list 20 deny   any log

                   !

                   snmp-server view <VIEWNAME> iso included

                   snmp-server group <GROUPNAME> V3 priv write <VIEWNAME> access 20

                   snmp-server user <USERNAME> <GROUPNAME> v3 auth SHA <PASSWORD> priv AES 128 <PASSCODE> access 20

                   snmp-server host <IP ADDRESS> version 3 auth <USERNAME>

                   snmp-server group <GROUPNAME> v3 auth context vlan- match prefix access 20

                   snmp-server group <GROUPNAME> v3 priv context vlan- match prefix access 20

                   snmp-server trap-source <MANAGED INTERFACE LOOPBACK OR VLAN>

               

              Cahut mentioned testing, this shows what to look for. If you have problems loading a device into SW always do a "sh snmp user" and a "sh snmp group" for troubleshooting it'll show you if something is missing and it will same you lots of stress.

               

                   #sh snmp user

               

                   User name: <USERNAME>                                                                      

                   Engine ID: xxxxxxxxxxxxxxxxxxxxxxxx                                                    

                   storage-type: nonvolatile        active access-list: 20                                 

                   Authentication Protocol: SHA                                                            

                   Privacy Protocol: AES128                                                                

                   Group-name: <GROUPNAME>

                  

                   #sh snmp group

               

                   groupname: <GROUPNAME>                       security model:v3 auth                                        

                   contextname: <no context specified>            storage-type: nonvolatile  

                   readview : v1default                                       writeview: <no writeview specified>

                   notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F

                   row status: active                                                                                                                                                                                                             

               

                   groupname: <GROUPNAME>                       security model:v3 priv

                   contextname: <no context specified>            storage-type: nonvolatile

                   readview : v1default                                       writeview: <VIEWNAME>

                   notifyview: <no notifyview specified> 

                   row status: active      access-list: 20                                                                                                                                                                                                                                    

               

                   groupname: <GROUPNAME>                     security model:v3 auth

                   contextname: vlan-                                       storage-type: nonvolatile

                   readview : v1default                                     writeview: <no writeview specified>

                   notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F

                   row status: active      access-list: 20                                                                                                                                                                                                                                  

               

                   groupname: <GROUPNAME>                      security model:v3 priv

                   contextname: vlan-                                        storage-type: nonvolatile

                   readview : v1default                                      writeview: <VIEWNAME>

                   notifyview: <no notifyview specified>   

                   row status: active      access-list: 20