Reply

Cisco SNMP v3 Deployment

Expert
Posts: 17
3352     0

Good day,

We are currently busy deploying SNMP v3 to all our Cisco kit and we are having a few issues with NetMri.

I have tried the recommended settings in this post https://community.infoblox.com/forum/network-automation/tech-tip-allowing-authorization-accessing-vl... but we still have issues with SNMP collection on the Forwarding tables. Below is the current config on a lab switch.

#show snmp context
vlan-1
vlan-10
vlan-208
vlan-300
vlan-301
vlan-302
vlan-303
vlan-304
vlan-305
vlan-306
vlan-310
vlan-311
vlan-312
vlan-900
vlan-1002
vlan-1003
vlan-1004
vlan-1005

 

#sh run | inc snmp

snmp-server group netmrigroup v3 auth read netmri
snmp-server group netmrigroup v3 auth context vlan- match prefix
snmp-server group netmrigroup v3 auth context vlan-1 match prefix
snmp-server group netmrigroup v3 auth context vlan-10 match prefix
snmp-server group netmrigroup v3 auth context vlan-200 match prefix
snmp-server group netmrigroup v3 auth context vlan-208 match prefix
snmp-server group netmrigroup v3 auth context vlan-210 match prefix
snmp-server group netmrigroup v3 auth context vlan-300 match prefix
snmp-server group netmrigroup v3 auth context vlan-301 match prefix
snmp-server group netmrigroup v3 auth context vlan-302 match prefix
snmp-server group netmrigroup v3 auth context vlan-303 match prefix
snmp-server group netmrigroup v3 auth context vlan-304 match prefix
snmp-server group netmrigroup v3 auth context vlan-305 match prefix
snmp-server group netmrigroup v3 auth context vlan-306 match prefix
snmp-server group netmrigroup v3 auth context vlan-310 match prefix
snmp-server group netmrigroup v3 auth context vlan-311 match prefix
snmp-server group netmrigroup v3 auth context vlan-312 match prefix
snmp-server group netmrigroup v3 auth context vlan-900 match prefix
snmp-server group netmrigroup v3 auth context vlan-1002 match prefix
snmp-server group netmrigroup v3 auth context vlan-1003 match prefix
snmp-server group netmrigroup v3 auth context vlan-1004 match prefix
snmp-server group netmrigroup v3 auth context vlan-1005 match prefix
snmp-server view MyView iso included

 

2015-02-11 09:53:04 Discovery Status:
2015-02-11 09:53:04 ------------------------------------------------------------
2015-02-11 09:53:04 DeviceID = 8
2015-02-11 09:53:04     Last Action = Device Groups: Successfully assigned to device groups @ 2015-02-11 09:50:10
2015-02-11 09:53:04     Exists = Exists: Device exists / Source: CDP @ 2014-08-26 12:36:11
2015-02-11 09:53:04     FingerPrint Status = OK @ 2015-02-11 08:46:29
2015-02-11 09:53:04     FingerPrint Message = Fingerprint: Successfully fingerprinted / Ports open: 1 / OS: Unknown
2015-02-11 09:53:04     Reachable Status = OK @ 2015-02-11 09:48:43
2015-02-11 09:53:04     Reachable Message = Reachable: Successfully reached / Source: SNMP
2015-02-11 09:53:04     SNMP Credential Status = OK @ 2015-02-11 09:48:43
2015-02-11 09:53:04     SNMP Credential Message = SNMP Credentials: Successfully authenticated / Version: SNMPv3
2015-02-11 09:53:04     SNMP Collection Status = Error @ 2015-02-11 09:48:43
2015-02-11 09:53:04     SNMP Collection Message = SNMP Collection: Failed to collect data / Table: Forwarding
2015-02-11 09:53:04     CLI Credential Status = OK @ 2015-02-11 08:48:34
2015-02-11 09:53:04     CLI Credential Message = CLI Credentials: Successfully authenticated / SSH
2015-02-11 09:53:04     Config Collection Status = OK @ 2015-02-11 08:48:34
2015-02-11 09:53:04     Config Collection Message = Config Collection: Successfully collected configs
2015-02-11 09:53:04     Device Group Status = OK @ 2015-02-11 09:50:10
2015-02-11 09:53:04     Device Group Message = Device Groups: Successfully assigned to device groups

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 52    WS-C3560V2-48PS    15.0(2)SE2            C3560-IPBASEK9-M

 

 

Is there something that we might have miss configred in SNMP? 

Any help is appreciated.

 

Regards,

Jason

 

You don't need the specific

Adviser
Posts: 67
3353     0

You don't need the specific vlan lines.  'match prefix' means 'match anything starting with vlan-'

This should be all you need:

snmp-server group netmrigroup v3 priv read netmri
snmp-server group netmrigroup v3 auth context vlan- match prefix

snmp-server view netmri iso included

 

 

Thanks Daniel

Adviser
Posts: 470
3353     0

Thanks Daniel 

Follow me on LinkedIn: https://www.linkedin.com/in/sifbaksh
Twitter: https://twitter.com/sifbaksh

https://sifbaksh.com

Thanks Daniel,

Expert
Posts: 17
3353     0

Thanks Daniel,

 

I will give that a try, Another issue was on the type of switch i was using, I currently have a 2950 in my lab and it does not support the match prefix statement, when I tested on a newer model it seemed to work fine, I manually added in all the vlans but will try with just the vlan- statement.

Jason.

 

Showing results for 
Search instead for 
Did you mean: 

Recommended for You