MacTrack + SNMPv3 and Security contexts

Support questions about the MAC Track plugin

Moderators: Developers, Moderators

ceyounger
Posts: 44
Joined: Fri Feb 10, 2006 2:59 pm
Location: Orange County, CA
Contact:

MacTrack + SNMPv3 and Security contexts

Post by ceyounger »

Has anyone gotten around SNMPv3 security context issues?

SNMPv3 config on router/switch:

Code: Select all

snmp-server group viewers v3 auth read viewConfig
snmp-server view viewConfig internet included
snmp-server view viewConfig mib-2 included
snmp-server view viewConfig system included
snmp-server view viewConfig cisco included
snmp-server view viewConfig snmpMIB included
snmp-server view viewConfig ciscoConfig included
snmp-server view viewConfig ciscoMgmt included
snmp-server view viewConfig ciscoImageMIB included
Output from mactrack_scanner:

Code: Select all

php mactrack_scanner.php -id=1 -d
DEBUG: HOST: XXXX is alive, processing has begun.
DEBUG: Scanning function is 'get_IOS_dot1dTpFdbEntry_ports'
DEBUG: There are 13 VLANS.
DEBUG: ifIndexes data collection complete
DEBUG: ifIndexes data collection complete. '122' rows found!
DEBUG: ifTypes data collection complete. '122' rows found!
DEBUG: ifNames data collection complete. '122' rows found!
DEBUG: ifAlias data collection complete. '122' rows found!
DEBUG: ipAddrTable scanning for link ports data collection complete. '11' rows found!
DEBUG: ifSpeed data collection complete. '122' rows found!
DEBUG: ifHighSpeed data collection complete. '122' rows found!
DEBUG: ifDuplex data collection complete. '104' rows found!
DEBUG: ifDescr data collection complete. '122' rows found!
DEBUG: ifMtu data collection complete. '118' rows found!
DEBUG: ifPhysAddress data collection complete. '122' rows found!
DEBUG: ifAdminStatus data collection complete. '122' rows found!
DEBUG: ifOperStatus data collection complete. '122' rows found!
DEBUG: ifLastChange data collection complete. '122' rows found!
DEBUG: ifInOctets data collection complete. '118' rows found!
DEBUG: ifOutOctets data collection complete. '118' rows found!
DEBUG: ifHCInOctets data collection complete. '115' rows found!
DEBUG: ifHCOutOctets data collection complete. '115' rows found!
DEBUG: ifInNUcastPkts data collection complete. '118' rows found!
DEBUG: ifOutNUcastPkts data collection complete. '118' rows found!
DEBUG: ifInUcastPkts data collection complete. '118' rows found!
DEBUG: ifOutUcastPkts data collection complete. '118' rows found!
DEBUG: ifInDiscards data collection complete. '118' rows found!
DEBUG: ifInErrors data collection complete. '118' rows found!
DEBUG: ifInUnknownProtos data collection complete. '118' rows found!
DEBUG: ifOutDiscards data collection complete. '118' rows found!
DEBUG: ifOutErrors data collection complete. '118' rows found!
DEBUG: ifInterfaces assembly complete: 50752
DEBUG: Adding IfInterfaces Records
DEBUG: Cisco Voice VLAN collection complete
DEBUG: Voice VLANs exist on this device
DEBUG: ifInterfaces assembly complete.
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 1/default is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 10/VLAN0010 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 20/VLAN0020 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 30/VLAN0030 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 40/VLAN0040 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 60/VLAN0060 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 70/iSCSI is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 80/Heartbeat is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 100/Heartbeat-Temp is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 300/VLAN0300 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 400/VLAN0400 is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 500/MGMT-Network is complete. ACTIVE PORTS: 0

INFO: HOST: XXXX, TYPE: Cisco IOS Software, C3750 Software (C375, No active end devices on this device.
DEBUG: Scanning function is 'get_standard_arp_table'
DEBUG: atifIndexes data collection complete
DEBUG: atPhysAddress data collection complete
DEBUG: atNetAddress data collection complete
DEBUG: atPhysAddress MAC Address Conversion Completed
DEBUG: atEntries assembly complete.
DEBUG: HOST: XXXX, IP address information collection complete
It seems that since SNMPv3 requires a context change (ie: vlan-60, vlan-70, etc.) to scan in VLANs MacTrack cannot scan for active ports and MACs with the default context vlan-1. SNMPv2 switches work just fine--in fact, this same switch polls without error with version 2.

I thought that using SNMP options I could populate multiple SNMPv3 contexts--but I cannot add any entries to SNMP options other than sets.
giokob
Posts: 13
Joined: Thu Sep 30, 2010 1:22 am

Re: MacTrack + SNMPv3 and Security contexts

Post by giokob »

for my cacti+mactrack polling works for snmp v2 but not for snmp v3.

cacti Version 0.8.7g
macktrack v2.9

Code: Select all

php -q /opt/cacti/plugins/mactrack/mactrack_scanner.php -d -id=1
DEBUG: HOST: 192.168.168.139 is alive, processing has begun.
DEBUG: Scanning function is 'get_IOS_dot1dTpFdbEntry_ports'
DEBUG: There are 12 VLANS.
DEBUG: ifIndexes data collection complete
DEBUG: ifIndexes data collection complete. '40' rows found!
DEBUG: ifTypes data collection complete. '40' rows found!
DEBUG: ifNames data collection complete. '40' rows found!
DEBUG: ifAlias data collection complete. '40' rows found!
DEBUG: ipAddrTable scanning for link ports data collection complete. '13' rows found!
DEBUG: ifSpeed data collection complete. '40' rows found!
DEBUG: ifHighSpeed data collection complete. '40' rows found!
DEBUG: ifDuplex data collection complete. '28' rows found!
DEBUG: ifDescr data collection complete. '40' rows found!
DEBUG: ifMtu data collection complete. '40' rows found!
DEBUG: ifPhysAddress data collection complete. '40' rows found!
DEBUG: ifAdminStatus data collection complete. '40' rows found!
DEBUG: ifOperStatus data collection complete. '40' rows found!
DEBUG: ifLastChange data collection complete. '40' rows found!
DEBUG: ifInOctets data collection complete. '40' rows found!
DEBUG: ifOutOctets data collection complete. '40' rows found!
DEBUG: ifHCInOctets data collection complete. '39' rows found!
DEBUG: ifHCOutOctets data collection complete. '39' rows found!
DEBUG: ifInNUcastPkts data collection complete. '40' rows found!
DEBUG: ifOutNUcastPkts data collection complete. '40' rows found!
DEBUG: ifInUcastPkts data collection complete. '40' rows found!
DEBUG: ifOutUcastPkts data collection complete. '40' rows found!
DEBUG: ifInDiscards data collection complete. '40' rows found!
DEBUG: ifInErrors data collection complete. '40' rows found!
DEBUG: ifInUnknownProtos data collection complete. '40' rows found!
DEBUG: ifOutDiscards data collection complete. '40' rows found!
DEBUG: ifOutErrors data collection complete. '40' rows found!
DEBUG: ifInterfaces assembly complete: 20227
DEBUG: Adding IfInterfaces Records
DEBUG: Cisco Voice VLAN collection complete
DEBUG: Voice VLANs exist on this device
DEBUG: ifInterfaces assembly complete.
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 1/default is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 2/ITLAN is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 3/HQLAN is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 5/HOTLINE is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 6/Registracia is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 8/SERVERLAN is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 55/Generatorebi is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 77/ASA_droebiti is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 90/AIRONET is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 91/TB_AIR is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 192.168.168.139:161.
DEBUG: VLAN Analysis for VLAN: 100/FOR_ASA is complete. ACTIVE PORTS: 0

INFO: HOST: 192.168.168.139, TYPE: Cisco IOS Software, C3560 Software (C356, No active end devices on this device.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

This is very interesting. I just closed a bug and the user confirmed it was working. Are you sure your on 2.9?

EDIT: This can not be the latest version of mactrack_cisco.php

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
ceyounger
Posts: 44
Joined: Fri Feb 10, 2006 2:59 pm
Location: Orange County, CA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by ceyounger »

TheWitness wrote:This is very interesting. I just closed a bug and the user confirmed it was working. Are you sure your on 2.9?

EDIT: This can not be the latest version of mactrack_cisco.php

TheWitness
I installed MacTrack from SVN--that is current, right?
ceyounger
Posts: 44
Joined: Fri Feb 10, 2006 2:59 pm
Location: Orange County, CA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by ceyounger »

TheWitness wrote:This is very interesting. I just closed a bug and the user confirmed it was working. Are you sure your on 2.9?

EDIT: This can not be the latest version of mactrack_cisco.php

TheWitness
So I unTARed 2.9-1 and now I get this when I mactrack_scanner -id=1 -d

Code: Select all

PHP Notice:  Undefined variable: snmp_readstring in /usr/local/cacti-0.8.7g/plugins/mactrack/lib/mactrack_cisco.php on line 356
I don't get the authorizationErrors...but it is not grabbing MACs from the SNMPv3 device.
giokob
Posts: 13
Joined: Thu Sep 30, 2010 1:22 am

Re: MacTrack + SNMPv3 and Security contexts

Post by giokob »

i tested for svn trunk version and for mactrack-v2.9-1.tgz


for svn i got :

Code: Select all

DEBUG: HOST: 10.10.10.7 is alive, processing has begun.
DEBUG: Scanning function is 'get_IOS_dot1dTpFdbEntry_ports'
DEBUG: There are 6 VLANS.
DEBUG: ifIndexes data collection complete
DEBUG: ifIndexes data collection complete. '29' rows found!
DEBUG: ifTypes data collection complete. '29' rows found!
DEBUG: ifNames data collection complete. '29' rows found!
DEBUG: ifAlias data collection complete. '29' rows found!
DEBUG: ipAddrTable scanning for link ports data collection complete. '1' rows found!
DEBUG: ifSpeed data collection complete. '29' rows found!
DEBUG: ifHighSpeed data collection complete. '29' rows found!
DEBUG: ifDuplex data collection complete. '26' rows found!
DEBUG: ifDescr data collection complete. '29' rows found!
DEBUG: ifMtu data collection complete. '29' rows found!
DEBUG: ifPhysAddress data collection complete. '29' rows found!
DEBUG: ifAdminStatus data collection complete. '29' rows found!
DEBUG: ifOperStatus data collection complete. '29' rows found!
DEBUG: ifLastChange data collection complete. '29' rows found!
DEBUG: ifInOctets data collection complete. '29' rows found!
DEBUG: ifOutOctets data collection complete. '29' rows found!
DEBUG: ifHCInOctets data collection complete. '28' rows found!
DEBUG: ifHCOutOctets data collection complete. '28' rows found!
DEBUG: ifInNUcastPkts data collection complete. '29' rows found!
DEBUG: ifOutNUcastPkts data collection complete. '29' rows found!
DEBUG: ifInUcastPkts data collection complete. '29' rows found!
DEBUG: ifOutUcastPkts data collection complete. '29' rows found!
DEBUG: ifInDiscards data collection complete. '29' rows found!
DEBUG: ifInErrors data collection complete. '29' rows found!
DEBUG: ifInUnknownProtos data collection complete. '29' rows found!
DEBUG: ifOutDiscards data collection complete. '29' rows found!
DEBUG: ifOutErrors data collection complete. '29' rows found!
DEBUG: ifInterfaces assembly complete: 13061
DEBUG: Adding IfInterfaces Records
DEBUG: Cisco Voice VLAN collection complete
DEBUG: Voice VLANs exist on this device
DEBUG: ifInterfaces assembly complete.
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 1/default is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 2/ITLAN is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 3/HQLAN is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 90/AIRONET is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
DEBUG: VLAN Analysis for VLAN: 91/TB_AIR is complete. ACTIVE PORTS: 0

INFO: HOST: 10.10.10.7, TYPE: Cisco IOS Software, C2960 Software (C296, No active end devices on this device.


and for 2.9-1

Code: Select all

DEBUG: HOST: 10.10.10.7 is alive, processing has begun.
DEBUG: Scanning function is 'get_IOS_dot1dTpFdbEntry_ports'
DEBUG: There are 6 VLANS.
DEBUG: ifIndexes data collection complete
DEBUG: ifIndexes data collection complete. '29' rows found!
DEBUG: ifTypes data collection complete. '29' rows found!
DEBUG: ifNames data collection complete. '29' rows found!
DEBUG: ifAlias data collection complete. '29' rows found!
DEBUG: ipAddrTable scanning for link ports data collection complete. '1' rows found!
DEBUG: ifSpeed data collection complete. '29' rows found!
DEBUG: ifHighSpeed data collection complete. '29' rows found!
DEBUG: ifDuplex data collection complete. '26' rows found!
DEBUG: ifDescr data collection complete. '29' rows found!
DEBUG: ifMtu data collection complete. '29' rows found!
DEBUG: ifPhysAddress data collection complete. '29' rows found!
DEBUG: ifAdminStatus data collection complete. '29' rows found!
DEBUG: ifOperStatus data collection complete. '29' rows found!
DEBUG: ifLastChange data collection complete. '29' rows found!
DEBUG: ifInOctets data collection complete. '29' rows found!
DEBUG: ifOutOctets data collection complete. '29' rows found!
DEBUG: ifHCInOctets data collection complete. '28' rows found!
DEBUG: ifHCOutOctets data collection complete. '28' rows found!
DEBUG: ifInNUcastPkts data collection complete. '29' rows found!
DEBUG: ifOutNUcastPkts data collection complete. '29' rows found!
DEBUG: ifInUcastPkts data collection complete. '29' rows found!
DEBUG: ifOutUcastPkts data collection complete. '29' rows found!
DEBUG: ifInDiscards data collection complete. '29' rows found!
DEBUG: ifInErrors data collection complete. '29' rows found!
DEBUG: ifInUnknownProtos data collection complete. '29' rows found!
DEBUG: ifOutDiscards data collection complete. '29' rows found!
DEBUG: ifOutErrors data collection complete. '29' rows found!
DEBUG: ifInterfaces assembly complete: 13061
DEBUG: Adding IfInterfaces Records
DEBUG: Cisco Voice VLAN collection complete
DEBUG: Voice VLANs exist on this device
DEBUG: ifInterfaces assembly complete.
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 10.10.10.7:161.
DEBUG: VLAN Analysis for VLAN: 1/default is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 10.10.10.7:161.
DEBUG: VLAN Analysis for VLAN: 2/ITLAN is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 10.10.10.7:161.
DEBUG: VLAN Analysis for VLAN: 3/HQLAN is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 10.10.10.7:161.
DEBUG: VLAN Analysis for VLAN: 90/AIRONET is complete. ACTIVE PORTS: 0
PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
Timeout: No Response from 10.10.10.7:161.
DEBUG: VLAN Analysis for VLAN: 91/TB_AIR is complete. ACTIVE PORTS: 0

INFO: HOST: 10.10.10.7, TYPE: Cisco IOS Software, C2960 Software (C296, No active end devices on this device.


in both case snmp v2 works
ceyounger
Posts: 44
Joined: Fri Feb 10, 2006 2:59 pm
Location: Orange County, CA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by ceyounger »

But what about SNMPv3?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

I thought it was in 2.9-1. So, its fixed in SVN then...
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
giokob
Posts: 13
Joined: Thu Sep 30, 2010 1:22 am

Re: MacTrack + SNMPv3 and Security contexts

Post by giokob »

this morning i reinstalled mactrack plugin from svn trunk version. i get the same problem , is there any way to fix it? what do i miss?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

This error?

Code: Select all

PHP Notice:  Undefined variable: snmp_readstring in /opt/cacti/plugins/mactrack/lib/mactrack_cisco.php on line 356
TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

This message is clear, please provide me the obfuscated snmpbulkwalk command that works.

Code: Select all

DEBUG: VLAN Analysis for VLAN: 1/default is complete. ACTIVE PORTS: 0
Error in packet
Reason: authorizationError (access denied to that object)
TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
toe_cutter
Cacti User
Posts: 168
Joined: Fri Sep 12, 2008 2:41 am
Location: Sweden

Re: MacTrack + SNMPv3 and Security contexts

Post by toe_cutter »

TheWitness wrote:This is very interesting. I just closed a bug and the user confirmed it was working. Are you sure your on 2.9?

EDIT: This can not be the latest version of mactrack_cisco.php

TheWitness
I can still say its working, using rev 1312 from svn trunk.
Thread starter needs this v3 group config:

Code: Select all

snmp-server group viewers v3 auth match prefix read viewConfig
Maybe we need to match the context prefix ("vlan-") because mactrack is actually using contexts? Never thought about that...

We are using c3560-ipbasek9-mz.122-53.SE2.bin.

Edit: On our older ios switches there is no "match prefix" to use, mactrack doesnt work on these.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

toe_cutter wrote:
TheWitness wrote:This is very interesting. I just closed a bug and the user confirmed it was working. Are you sure your on 2.9?

EDIT: This can not be the latest version of mactrack_cisco.php

TheWitness
I can still say its working, using rev 1312 from svn trunk.
Thread starter needs this v3 group config:

Code: Select all

snmp-server group viewers v3 auth match prefix read viewConfig
Maybe we need to match the context prefix ("vlan-") because mactrack is actually using contexts? Never thought about that...

We are using c3560-ipbasek9-mz.122-53.SE2.bin.

Edit: On our older ios switches there is no "match prefix" to use, mactrack doesnt work on these.
Cisco, by abusing the standard, then causes problems with folks who need to use contexts. I'm sure it'll break again soon... With regard to your old IOS switches, what do you mean by 'match prefix'?

TheWitness
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
toe_cutter
Cacti User
Posts: 168
Joined: Fri Sep 12, 2008 2:41 am
Location: Sweden

Re: MacTrack + SNMPv3 and Security contexts

Post by toe_cutter »

TheWitness wrote:Cisco, by abusing the standard, then causes problems with folks who need to use contexts. I'm sure it'll break again soon... With regard to your old IOS switches, what do you mean by 'match prefix'?

TheWitness
That argument is not available to configure even.
For instance, with the older c3560-ipbase-mz.122-44.SE1.bin:

Code: Select all

<hostname>(config)#snmp-server group aef v3 priv ?
  access   specify an access-list associated with this group
  context  specify a context to associate these views for the group
  notify   specify a notify view for the group
  read     specify a read view for the group
  write    specify a write view for the group
  <cr>
And with c3560-ipbasek9-mz.122-53.SE2.bin

Code: Select all

<hostname>(config)#snmp-server group aef v3 priv ?
  access   specify an access-list associated with this group
  context  specify a context to associate these views for the group
  match    context name match criteria
  notify   specify a notify view for the group
  read     specify a read view for the group
  write    specify a write view for the group
  <cr>
I cant actually find a command reference about the "match prefix" command from Cisco, but its there and really works, without it, mactrack fails (for me) :)
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: MacTrack + SNMPv3 and Security contexts

Post by TheWitness »

I see.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests