[HOWTO] Monitor Cisco switches via SNMP v3
Moderators: Developers, Moderators
[HOWTO] Monitor Cisco switches via SNMP v3
Simple Network Management Protocol Version 3 (SNMPv3) is an interoperable standards-based protocol for network management. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.
So,we should apply the snmpv3
For example,cisco 3550
First,login the switch,and show the version
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(22)EA1a, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 20-Aug-04 00:44 by yenanh
Image text-base: 0x00003000, data-base: 0x0083AF00
The version of IOS -- C3550-I5Q3L2-M decides we can use auth.
# configure terminal
#snmp-server group cactigroup v3 auth
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd
#end
#copy run start
Second,configuring the cacti for the cisco switch
So,we should apply the snmpv3
For example,cisco 3550
First,login the switch,and show the version
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(22)EA1a, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 20-Aug-04 00:44 by yenanh
Image text-base: 0x00003000, data-base: 0x0083AF00
The version of IOS -- C3550-I5Q3L2-M decides we can use auth.
# configure terminal
#snmp-server group cactigroup v3 auth
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd
#end
#copy run start
Second,configuring the cacti for the cisco switch
- Attachments
-
- 3550.GIF (18.68 KiB) Viewed 71675 times
For example,cisco 3750
First,login the switch,and show the version
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 16-Jul-07 03:24 by myl
Image text-base: 0x00003000, data-base: 0x01240000
The version of IOS -- C3750-IPSERVICESK9-M decides we can use priv
# configure terminal
#snmp-server group cactigroup v3 priv
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd1 priv des56 cactipasswd2
#end
#copy run start
Second,configuring the cacti for the cisco switch
First,login the switch,and show the version
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 16-Jul-07 03:24 by myl
Image text-base: 0x00003000, data-base: 0x01240000
The version of IOS -- C3750-IPSERVICESK9-M decides we can use priv
# configure terminal
#snmp-server group cactigroup v3 priv
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd1 priv des56 cactipasswd2
#end
#copy run start
Second,configuring the cacti for the cisco switch
- Attachments
-
- 3750.GIF (18.14 KiB) Viewed 71673 times
Does anyone know if something within Cacti needs to be configured, installed, or modified somehow to use AES instead of DES? I have this working using DES but a recent upgrade on our equipment is requiring us to use AES.
I have tried doing an SNMPwalk using AES, getting "Invalid privacy protocol specified after -x flag: AES
No log entry in the equipment I am trying to walk. Cacti isn't even trying to walk the equipment.
Issuing the same command on the same type of equipment (of type, not same exact equipment) that is still using DES-everything works great.
This equipment will be upgraded soon and will be using AES-like the rest of our equipment.
command:
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x DES -X pass equip
works
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip
Invalid privacy protocol specified after -x flag: AES
Centos OS
Version 8.7a
Net-SNMP 5.x
RRD Tool 1.2x
Settings Plugin
Thold Plugin
Thanks in advance.
I have tried doing an SNMPwalk using AES, getting "Invalid privacy protocol specified after -x flag: AES
No log entry in the equipment I am trying to walk. Cacti isn't even trying to walk the equipment.
Issuing the same command on the same type of equipment (of type, not same exact equipment) that is still using DES-everything works great.
This equipment will be upgraded soon and will be using AES-like the rest of our equipment.
command:
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x DES -X pass equip
works
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip
Invalid privacy protocol specified after -x flag: AES
Centos OS
Version 8.7a
Net-SNMP 5.x
RRD Tool 1.2x
Settings Plugin
Thold Plugin
Thanks in advance.
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
OK! I found something that helped. I found some documentation that the "witness" said only AES128 was supported. So, instead of
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip
I did
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES128 -X pass equip
It worked. I can SNMPwalk from the CLI but...Cacti isn't graphing anymore data for this host. The graph just seemed to end when I configured Cacti to use SNMPv3. It was using SNMPv2.
Any ideas or pointers would be awesome!
Please..help me out.
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip
I did
snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES128 -X pass equip
It worked. I can SNMPwalk from the CLI but...Cacti isn't graphing anymore data for this host. The graph just seemed to end when I configured Cacti to use SNMPv3. It was using SNMPv2.
Any ideas or pointers would be awesome!
Please..help me out.
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
I'm thinking I'm going to need to change a .conf file to be more specific when it choses it's AES version.
I'm using FIPS-197 (AES that supports 128,192, or 256). SNMP.conf?
I'm using FIPS-197 (AES that supports 128,192, or 256). SNMP.conf?
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
Ok...I know it's not SNMP.conf but is probably SNMP.php
I don't know anything about scripts or php...so I'm going to wait until I hear from someone because I'm pretty sure I'm looking in the right direction-but then again I don't know anything about scripts/php.
I don't know anything about scripts or php...so I'm going to wait until I hear from someone because I'm pretty sure I'm looking in the right direction-but then again I don't know anything about scripts/php.
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
Here is some other info..
net-snmp-utils-5.1.2-11.EL4.7
net-snmp-libs-5.1.2-11.EL4.7
net-snmp-5.1.2-11.EL4.7
php-snmp-4.3.9-3.22
net-snmp-devel-5.1.2-11.EL4.7
[root@server net-snmp]# snmpget --version
NET-SNMP version: 5.1.2
I read somewhere that 5.1.2 only supports DES. Using DES, I don't see any data in my graphs. I can snmpwalk via the CLI...
net-snmp-utils-5.1.2-11.EL4.7
net-snmp-libs-5.1.2-11.EL4.7
net-snmp-5.1.2-11.EL4.7
php-snmp-4.3.9-3.22
net-snmp-devel-5.1.2-11.EL4.7
[root@server net-snmp]# snmpget --version
NET-SNMP version: 5.1.2
I read somewhere that 5.1.2 only supports DES. Using DES, I don't see any data in my graphs. I can snmpwalk via the CLI...
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE
-
- Posts: 7
- Joined: Fri Jul 15, 2011 2:37 am
Re: [HOWTO] Monitor Cisco switches via SNMP v3
thank you for share
Who is online
Users browsing this forum: No registered users and 1 guest