SNMP Reason: authorizationError (access denied to that object)

duwijakarta · Post by **duwijakarta** » Mon Jun 17, 2024 10:31 pm

Rno wrote: ↑Tue Jun 11, 2024 1:42 am No you can keep your settings, my config is an example, and a format that is working.

hello sir,
is this Error in packet, Reason: authorizationError (access denied to that object) something to do with ssh access to the device?
do I need to make the username on snmpv3 match the username to access ssh to the device?
because, until now it still hasn't worked, is there really a problem with the device software?
thanks

macan · Post by **macan** » Tue Jun 18, 2024 1:54 am

it has nothing to do with ssh. You need only correct snmp v3 settings

Rno · Post by **Rno** » Tue Jun 18, 2024 2:04 am

Snmp user ena ssh user are 2 different user. You can have the same, but for security reason take 2 different.

The problem with the authorization is probably due to this part:
snmp-server view ViewDefault iso included

That give the user the base of the OID where it can parse the device.

Did you try to reproduce my config with your user settings ? (I mean username and encryption level)

duwijakarta · Post by **duwijakarta** » Tue Jun 18, 2024 2:19 am

Rno wrote: ↑Tue Jun 18, 2024 2:04 am Snmp user ena ssh user are 2 different user. You can have the same, but for security reason take 2 different.

The problem with the authorization is probably due to this part:
snmp-server view ViewDefault iso included

That give the user the base of the OID where it can parse the device.

Did you try to reproduce my config with your user settings ? (I mean username and encryption level)

not all, I haven't added snmp-server view ViewDefault iso included, should I try adding that command?

duwijakarta · Post by **duwijakarta** » Tue Jun 18, 2024 2:30 am

Rno wrote: ↑Tue Jun 18, 2024 2:04 am Snmp user ena ssh user are 2 different user. You can have the same, but for security reason take 2 different.

The problem with the authorization is probably due to this part:
snmp-server view ViewDefault iso included

That give the user the base of the OID where it can parse the device.

Did you try to reproduce my config with your user settings ? (I mean username and encryption level)

my config

switch#
!
snmp-server group SnmpSwitch v3 priv
snmp-server community switchsnmp RO
snmp-server trap-source Vlanxxx
snmp-server source-interface informs Vlanxxx
snmp-server host xx.xx.xx.xx version 3 priv switchsnmp udp-port 161
snmp-server manager
!

User name: switchsnmp
Engine ID: xxxxxxxxxxxxxxxxx
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: SnmpSwitch

groupname: switchsnmp security model:v1
contextname: <no context specified> storage-type: permanent
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: switchsnmp security model:v2c
contextname: <no context specified> storage-type: permanent
readview : v1default writeview: <no writeview specified>
notifyview: <no notifyview specified>
row status: active

groupname: SnmpSwitch security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : <no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active

Is there anything that needs to be fixed in the config?

Rno · Post by **Rno** » Tue Jun 18, 2024 3:59 am

Can you post this: show snmp view

And in your SNMP group config:
groupname: SnmpSwitch security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : <no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active

The readview and writeview are not configured

Thats whas the reason I said you need this line:
snmp-server view ViewDefault iso included

So your group config should look like that:
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault

duwijakarta · Post by **duwijakarta** » Tue Jun 18, 2024 9:03 pm

Rno wrote: ↑Tue Jun 18, 2024 3:59 am Can you post this: show snmp view

And in your SNMP group config:
groupname: SnmpSwitch security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : <no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active

The readview and writeview are not configured

Thats whas the reason I said you need this line:
snmp-server view ViewDefault iso included

So your group config should look like that:
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault

okay, thanks for the suggestion, so I only need to add these 2 commands, okay?
snmp-server group SnmpSwitch v3 priv read ViewDefault write ViewDefault
snmp-server view ViewDefault iso included

or I can just add like this?
snmp-server group SnmpSwitch v3 priv read ViewDefault
snmp-server view ViewDefault iso included

Rno · Post by **Rno** » Wed Jun 19, 2024 12:26 pm

Yes the second one should be just fine.

duwijakarta · Post by **duwijakarta** » Wed Jun 19, 2024 10:23 pm

Rno wrote: ↑Wed Jun 19, 2024 12:26 pm Yes the second one should be just fine.

Thank you for the advice, snmpv3 has now worked

Cacti

SNMP Reason: authorizationError (access denied to that object)

Re: snmpwalk: Unknown user name

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Re: SNMP Reason: authorizationError (access denied to that object)

Who is online