Setting up SNMPv3 for PRTG

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Doesn't Need an Answer
I'm trying to setup SNMPv3 on an x450e-24p for remote monitoring.  I've been able to get snmpv2 working but I'd like to encrypt this traffic as it does not go though a VPN to my PRTG server.  I've tried falling the guides on the GTAC but so far I've had no luck.  Below is my config.  I've already deleted the SNMPv2 config.

ExtremeXOS

Copyright (C) 1996-2015 Extreme Networks. All rights reserved.

This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.

==============================================================================


Press the <tab> or '?' key at any time for completions.

Remember to save your configuration changes.



X450e-24p.1 # show config

#

# Module devmgr configuration.

#

configure snmp sysLocation "Brian_Butts'_Home_Network"

configure snmp sysContact "Brian_Butts"

configure sys-recovery-level switch reset


#

# Module vlan configuration.

#

configure vlan default delete ports all

configure vr VR-Default delete ports 1-26

configure vr VR-Default add ports 1-26

configure vlan default delete ports 1-26

create vlan "FW"

configure vlan FW tag 20

create vlan "public"

create vlan "Server"

configure vlan Server tag 10

create vlan "Things"

configure vlan Things tag 30

create vlan "WifiPr"

configure vlan WifiPr tag 40

enable sharing 21 grouping 21-23 algorithm address-based L2 lacp

configure vlan FW add ports 17 untagged  

configure vlan public add ports 3-4 untagged  

configure vlan Server add ports 21 tagged  

configure vlan Things add ports 9-16, 18 untagged  

configure vlan WifiPr add ports 1-2, 5 untagged  

configure vlan Things ipaddress 10.1.30.1 255.255.255.0

enable ipforwarding vlan Things

configure vlan WifiPr ipaddress 10.1.40.1 255.255.255.0

enable ipforwarding vlan WifiPr

configure vlan Server ipaddress 10.1.10.1 255.255.255.0

enable ipforwarding vlan Server

configure vlan FW ipaddress 10.1.20.1 255.255.255.0

enable ipforwarding vlan FW


#

# Module fdb configuration.

#


#

# Module rtmgr configuration.

#

configure iproute add default 10.1.20.10


#

# Module mcmgr configuration.

#

configure igmp snooping vlan "Things" ports 9 add static router

configure igmp snooping vlan "Things" ports 10 add static router

configure igmp snooping vlan "Things" ports 11 add static router

configure igmp snooping vlan "Things" ports 12 add static router

configure igmp snooping vlan "Things" ports 13 add static router

configure igmp snooping vlan "Things" ports 14 add static router

configure igmp snooping vlan "Things" ports 15 add static router

configure igmp snooping vlan "Things" ports 16 add static router

enable mvr vr VR-Default

configure mvr add vlan Things

configure mvr vlan Things mvr-address mvr_address_range

configure mvr vlan Things static group none

configure mvr add vlan WifiPr

configure mvr vlan WifiPr mvr-address mvr_address_range_wifipr

configure mvr vlan WifiPr static group none


#

# Module aaa configuration.

#

configure account admin encrypted "jWz.MJ$qhCnFcbimMlx99QNp.e.L." 

create account admin bbutts encrypted "PCaRMJ$t2sN5JH1X63jmTtIivRX50" 


#

# Module acl configuration.

#





#

# Module bfd configuration.

#


#

# Module cfgmgr configuration.

#


#

# Module dosprotect configuration.

#


#

# Module dot1ag configuration.

#


#

# Module eaps configuration.

#


#

# Module edp configuration.

#


#

# Module elrp configuration.

#


#

# Module ems configuration.

#


#

# Module epm configuration.

#

enable cpu-monitoring interval 20 


#

# Module erps configuration.

#


#

# Module esrp configuration.

#


#

# Module ethoam configuration.

#


#

# Module etmon configuration.

#


#

# Module hal configuration.

#


#

# Module idMgr configuration.

#

create ldap domain "Service-BNS.com" default

configure ldap domain "Service-BNS.com" base-dn none


#

# Module ipSecurity configuration.

#


#

# Module ipfix configuration.

#


#

# Module lacp configuration.

#


#

# Module lldp configuration.

#


#

# Module mrp configuration.

#


#

# Module msdp configuration.

#


#

# Module netLogin configuration.

#


#

# Module netTools configuration.

#

configure dns-client add name-server 8.8.8.8 vr VR-Default

configure dns-client add name-server 23.119.196.81 vr VR-Default

configure dns-client add name-server 10.1.10.5 vr VR-Default

configure bootprelay add 10.1.10.5 vr VR-Default

enable bootprelay vlan Default

enable bootprelay vlan FW

enable bootprelay vlan public

enable bootprelay vlan Server

enable bootprelay vlan Things

enable bootprelay vlan WifiPr


#

# Module poe configuration.

#

disable inline-power ports 5


#

# Module rip configuration.

#

enable rip

configure rip add vlan Server

configure rip add vlan Things

configure rip add vlan WifiPr


#

# Module ripng configuration.

#


#

# Module snmpMaster configuration.

#

configure snmpv3 add user monitor authentication md5 auth-encrypted hex 65:8e:0d:5b:19:4c:1d:62:7b:e5:49:c0:07:be:8d:8f privacy aes 128 privacy-encrypted hex 53:01:82:fb:bb:49:44:e2:c5:1a:2b:d0:51:73:99:1d 

configure snmpv3 add group admin user monitor sec-model usm 

configure snmpv3 add access admin sec-model usm sec-level priv read-view defaultUserView notify-view defaultNotifyView 

configure snmpv3 add community Service-BNS encrypted name Service-BNS user v1v2c_rw 

configure snmpv3 add target-addr inform param infparam ipaddress 50.204.100.145 transport-port 162 from 10.1.20.1 tag-list defaultInform 

configure snmpv3 add target-addr snmpv3target param snmpv3params ipaddress 50.204.100.145 transport-port 162 tag-list Service-BNS 

configure snmpv3 add target-addr v1v2cNotifyTAddr1 param v1v2cNotifyParam1 ipaddress 50.204.100.145 transport-port 162 tag-list defaultNotify 

configure snmpv3 add target-params infparam user monitor mp-model snmpv3 sec-model usm sec-level priv 

configure snmpv3 add target-params v1v2cNotifyParam1 user v1v2cNotifyUser1 mp-model snmpv2c sec-model snmpv2c sec-level noauth 

configure snmpv3 add notify defaultInform tag defaultInform type inform 


#

# Module stp configuration.

#

configure mstp region 00049628240a

configure stpd s0 delete vlan default ports all

disable stpd s0 auto-bind vlan default

enable stpd s0 auto-bind vlan Default


#

# Module telnetd configuration.

#


#

# Module tftpd configuration.

#


#

# Module thttpd configuration.

#

enable web http

enable web https


#

# Module vmt configuration.

#


#

# Module vsm configuration.

#

Photo of Brian Butts

Brian Butts

  • 160 Points 100 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Brian Butts

Brian Butts

  • 160 Points 100 badge 2x thumb
I will add that 50.204.100.145 is the public IP (PRTG server) the traps need to go to.  10.1.20.1 gets nat'd by my firewall to a public IP set directly for the switch.  ICMP and SNMP are the only allowed services and the rules are working.  I verified that by my successful config of SNMPv2.
Photo of Drew C.

Drew C., Community Manager

  • 40,250 Points 20k badge 2x thumb
Hi Brian,
I'm going through some of the unanswered threads and found that we missed this one.  Do you still need assistance with this?