Easy steps to configure SNMPv3 to work with 3rd party NMS

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
What are the easy steps to configure snmpv3 on XOS switch that will be discovered by 3rd party NMS via snmpv3.

in GTAC i can see some commands that is to connect the XOS device to Netsight.

is defining snmpv3 user and snmpv3 would be enough for the xos device to be seen and managed by 3rd party NMS.
Photo of Arjumand Qazi

Arjumand Qazi

  • 958 Points 500 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,486 Points 10k badge 2x thumb
Hi Arjumand,

Take a look at the following script for EXOS switches. It will walk you through SNMPv3 configuration.
https://github.com/extremenetworks/ExtremeScripting/tree/master/EXOS/Python/snmpassist
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb

configure snmpv3 add user SNMPUSERNAMEE authentication md5 SOMERANDOMSTRING privacy SOMERANDOMSTRING  

configure snmpv3 add group GROUPNAME user SNMPUSERNAME sec-model usm

configure snmpv3 add access GROUPNAMEnetman sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultNotifyView

(Edited)
Photo of Arjumand Qazi

Arjumand Qazi

  • 958 Points 500 badge 2x thumb
Thanks gentlemen
Photo of Arjumand Qazi

Arjumand Qazi

  • 958 Points 500 badge 2x thumb
Hi Jeremy,

while configuring user for snmpv3, md5 and privacy string should always be different ?
Photo of Jeremy

Jeremy, Embassador

  • 9,788 Points 5k badge 2x thumb
I think they can be different.  I use the same just for convenience.  Also, for security reasons, there isn't a big need for us.  Some places though, you might want to think about a more complex string that's unique. 
Photo of Arjumand Qazi

Arjumand Qazi

  • 958 Points 500 badge 2x thumb
hello,

tried snmpv3 config with Brocade's BNA. it didnt work
first tried with snmpv3 config
then with snmpv2
made an snmp user "xtreme"  password of this user and md5 is same.. <-- can this be a problem.

the snmpv3 configuration made was..
configure snmpv3 add user xtreme authentication md5 xtreme123 privacy des xtreme456
configure snmpv3 add group x-group user xtreme sec-model usm
configure snmpv3 add access x-group sec-model usm sec-level priv read-view defaultAdminView write-view defaultAdminView notify-view defaultAdminView

disable snmp access snmp-v1v2c
disable snmpv3 default-user
disable snmpv3 default-group

since this config did not work i had to remove the snmpv3 and now in the "sh config" i can see this

# Module snmpMaster configuration.
#
configure snmpv3 add community "v1v2cNotifyComm1" name "xtreme@123" user "v1v2cNotifyUser1"
configure snmpv3 add community "xtreme@123" name "xtreme@123" user "v1v2c_ro"
disable snmpv3 community "xtreme@123"
configure snmpv3 add target-addr "v1v2cNotifyTAddr1" param "v1v2cNotifyParam1" ipaddress 172.16.0.91 transport-port 162 tag-list "defaultNotify"
configure snmpv3 add target-params "v1v2cNotifyParam1" user "v1v2cNotifyUser1" mp-model snmpv2c sec-model snmpv2c sec-level noauth
enable snmp access
enable snmp access snmp-v1v2c
enable snmp access snmpv3

#
# Module stp configuration.

the above community defined "xtreme@123" was for snmpv2 and snmpv3 has taken over this.

we need to remove this all configuration and add snmpv3 only..
Photo of Ram

Ram, Employee

  • 1,450 Points 1k badge 2x thumb
I understand you have a opened a GTAC case for this issue. One of our GTAC engineer will get back to you shortly.
Photo of Arjumand Qazi

Arjumand Qazi

  • 958 Points 500 badge 2x thumb
Yes i did, i am hoping a quick resolution for this..