Problem with SNMPv3

  • 0
  • 1
  • Question
  • Updated 2 months ago
  • Answered
Hi guys,


we are using the Extreme Management Center and SNMPV3 to manage our extreme switche.
It is working very fine but i did not undrstand this error message.

 sh snmpv3 counters

        snmpUnknownSecurityModels       : 0
        snmpInvalidMessages             : 0
        snmpUnknownPDUHandlers          : 0
        usmStatsUnsupportedSecLevels    : 0
        usmStatsNotInTimeWindows        : 0
        usmStatsUnknownUserNames        : 0
        usmStatsUnknownEngineIDs        : 265
        usmStatsWrongDigests            : 0
        usmStatsDecryptionErrors        : 0


This is my configuration of snmpv3 on my router.

configure snmpv3 add user "Netsight" engine-id 80:00:07:7c:00:04:96:a2:22:a1 authentication md5 auth-encrypted localized-key 23:24:73:2f:34:71:5a:6a:59:38:76:2f:54:4f:65:4c:74:50:66:6e:79:35:33:77:36:72:6b:6
9:48:61:68:35:7a:4a:67:43:78:36:4b:6d:56:38:49:4c:33:50:30:74:6b:42:30:30:67:3d privacy privacy-encrypted localized-key 23:24:33:7a:67:4c:6d:73:78:55:2b:76:52:65:62:68:55:30:52:48:36:59:2b:72:6c:68:51:65:4f:
57:58:51:52:39:52:62:4b:34:42:2f:6c:4e:6d:77:30:55:61:51:36:6a:70:2f:34:3d
configure snmpv3 add group "Netsight" user "Netsight" sec-model usm
configure snmpv3 add access "Netsight" sec-model usm sec-level priv read-view "Netsight" write-view "Netsight" notify-view "Netsight"
configure snmpv3 add mib-view "Netsight" subtree 1.0/80 type included
configure snmpv3 add target-addr "TVNetsight" param "TV1Netsight" ipaddress 172.31.150.150 transport-port 162 tag-list "TVInformTag"
configure snmpv3 add target-params "TV1Netsight" user "Netsight" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add notify "TVInformTag" tag "TVInformTag" type inform
enable snmp access
disable snmp access snmp-v1v2c
enable snmp access snmpv3

I have only 1 questions.
The Netsight engine-id ist the mac from the switch or from the management center?
When the engine id is a mac address, the the Mac address ist to long....

Who can help me...


Thomas
Photo of dr.watson

dr.watson

  • 342 Points 250 badge 2x thumb

Posted 2 months ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 10,186 Points 10k badge 2x thumb
Engine ID is unique identifier. It is not MAC address, but can be derived from MAC. Engine ID should be the same until reboot of the device/process.

each SNMPv3 component should have unique EngineID. You can configure it on switches what EngineID will be used.

if you use SNMPv3 traps then you need to configure the EngineID of the switch in the XMC.
If you use SNMPv3 inform then you need to know the EngineID of the XMC before you send the inform. many operating systems (including XOS) does check the EngineID of the management before sending the inform.

I guess the counter is showing how many times the EngineID was resolved before the Inform was sent.
Photo of dr.watson

dr.watson

  • 342 Points 250 badge 2x thumb
Thanks for your help, i could  check it on Monday,
Where i can find the snmp engine id of the xmc