This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Setting up SNMPv3 for PRTG
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Setting up SNMPv3 for PRTG
Setting up SNMPv3 for PRTG
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-23-2015 11:59 AM
I'm trying to setup SNMPv3 on an x450e-24p for remote monitoring. I've been able to get snmpv2 working but I'd like to encrypt this traffic as it does not go though a VPN to my PRTG server. I've tried falling the guides on the GTAC but so far I've had no luck. Below is my config. I've already deleted the SNMPv2 config.
ExtremeXOS Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the or '?' key at any time for completions.
Remember to save your configuration changes.
X450e-24p.1 # show config
#
# Module devmgr configuration.
#
configure snmp sysLocation "Brian_Butts'_Home_Network"
configure snmp sysContact "Brian_Butts"
configure sys-recovery-level switch reset
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-26
configure vr VR-Default add ports 1-26
configure vlan default delete ports 1-26
create vlan "FW"
configure vlan FW tag 20
create vlan "public"
create vlan "Server"
configure vlan Server tag 10
create vlan "Things"
configure vlan Things tag 30
create vlan "WifiPr"
configure vlan WifiPr tag 40
enable sharing 21 grouping 21-23 algorithm address-based L2 lacp
configure vlan FW add ports 17 untagged
configure vlan public add ports 3-4 untagged
configure vlan Server add ports 21 tagged
configure vlan Things add ports 9-16, 18 untagged
configure vlan WifiPr add ports 1-2, 5 untagged
configure vlan Things ipaddress 10.1.30.1 255.255.255.0
enable ipforwarding vlan Things
configure vlan WifiPr ipaddress 10.1.40.1 255.255.255.0
enable ipforwarding vlan WifiPr
configure vlan Server ipaddress 10.1.10.1 255.255.255.0
enable ipforwarding vlan Server
configure vlan FW ipaddress 10.1.20.1 255.255.255.0
enable ipforwarding vlan FW
#
# Module fdb configuration.
#
#
# Module rtmgr configuration.
#
configure iproute add default 10.1.20.10
#
# Module mcmgr configuration.
#
configure igmp snooping vlan "Things" ports 9 add static router
configure igmp snooping vlan "Things" ports 10 add static router
configure igmp snooping vlan "Things" ports 11 add static router
configure igmp snooping vlan "Things" ports 12 add static router
configure igmp snooping vlan "Things" ports 13 add static router
configure igmp snooping vlan "Things" ports 14 add static router
configure igmp snooping vlan "Things" ports 15 add static router
configure igmp snooping vlan "Things" ports 16 add static router
enable mvr vr VR-Default
configure mvr add vlan Things
configure mvr vlan Things mvr-address mvr_address_range
configure mvr vlan Things static group none
configure mvr add vlan WifiPr
configure mvr vlan WifiPr mvr-address mvr_address_range_wifipr
configure mvr vlan WifiPr static group none
#
# Module aaa configuration.
#
configure account admin encrypted "jWz.MJ$qhCnFcbimMlx99QNp.e.L."
create account admin bbutts encrypted "PCaRMJ$t2sN5JH1X63jmTtIivRX50"
#
# Module acl configuration.
#
#
# Module bfd configuration.
#
#
# Module cfgmgr configuration.
#
#
# Module dosprotect configuration.
#
#
# Module dot1ag configuration.
#
#
# Module eaps configuration.
#
#
# Module edp configuration.
#
#
# Module elrp configuration.
#
#
# Module ems configuration.
#
#
# Module epm configuration.
#
enable cpu-monitoring interval 20
#
# Module erps configuration.
#
#
# Module esrp configuration.
#
#
# Module ethoam configuration.
#
#
# Module etmon configuration.
#
#
# Module hal configuration.
#
#
# Module idMgr configuration.
#
create ldap domain "Service-BNS.com" default
configure ldap domain "Service-BNS.com" base-dn none
#
# Module ipSecurity configuration.
#
#
# Module ipfix configuration.
#
#
# Module lacp configuration.
#
#
# Module lldp configuration.
#
#
# Module mrp configuration.
#
#
# Module msdp configuration.
#
#
# Module netLogin configuration.
#
#
# Module netTools configuration.
#
configure dns-client add name-server 8.8.8.8 vr VR-Default
configure dns-client add name-server 23.119.196.81 vr VR-Default
configure dns-client add name-server 10.1.10.5 vr VR-Default
configure bootprelay add 10.1.10.5 vr VR-Default
enable bootprelay vlan Default
enable bootprelay vlan FW
enable bootprelay vlan public
enable bootprelay vlan Server
enable bootprelay vlan Things
enable bootprelay vlan WifiPr
#
# Module poe configuration.
#
disable inline-power ports 5
#
# Module rip configuration.
#
enable rip
configure rip add vlan Server
configure rip add vlan Things
configure rip add vlan WifiPr
#
# Module r.png configuration.
#
#
# Module snmpMaster configuration.
#
configure snmpv3 add user monitor authentication md5 auth-encrypted hex 65:8e:0d:5b:19:4c:1d:62:7b:e5:49:c0:07??8d:8f privacy aes 128 privacy-encrypted hex 53:01:82:fb:bb:49:44:e2:c5:1a:2b:d0:51:73:99:1d
configure snmpv3 add group admin user monitor sec-model usm
configure snmpv3 add access admin sec-model usm sec-level priv read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add community Service-BNS encrypted name Service-BNS user v1v2c_rw
configure snmpv3 add target-addr inform param infparam ipaddress 50.204.100.145 transport-port 162 from 10.1.20.1 tag-list defaultInform
configure snmpv3 add target-addr snmpv3target param snmpv3params ipaddress 50.204.100.145 transport-port 162 tag-list Service-BNS
configure snmpv3 add target-addr v1v2cNotifyTAddr1 param v1v2cNotifyParam1 ipaddress 50.204.100.145 transport-port 162 tag-list defaultNotify
configure snmpv3 add target-params infparam user monitor mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add target-params v1v2cNotifyParam1 user v1v2cNotifyUser1 mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add notify defaultInform tag defaultInform type inform
#
# Module stp configuration.
#
configure mstp region 00049628240a
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default
#
# Module telnetd configuration.
#
#
# Module tftpd configuration.
#
#
# Module thttpd configuration.
#
enable web http
enable web https
#
# Module vmt configuration.
#
#
# Module vsm configuration.
#
ExtremeXOS Copyright (C) 1996-2015 Extreme Networks. All rights reserved.
This product is protected by one or more US patents listed at http://www.extremenetworks.com/patents along with their foreign counterparts.
==============================================================================
Press the
Remember to save your configuration changes.
X450e-24p.1 # show config
#
# Module devmgr configuration.
#
configure snmp sysLocation "Brian_Butts'_Home_Network"
configure snmp sysContact "Brian_Butts"
configure sys-recovery-level switch reset
#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-26
configure vr VR-Default add ports 1-26
configure vlan default delete ports 1-26
create vlan "FW"
configure vlan FW tag 20
create vlan "public"
create vlan "Server"
configure vlan Server tag 10
create vlan "Things"
configure vlan Things tag 30
create vlan "WifiPr"
configure vlan WifiPr tag 40
enable sharing 21 grouping 21-23 algorithm address-based L2 lacp
configure vlan FW add ports 17 untagged
configure vlan public add ports 3-4 untagged
configure vlan Server add ports 21 tagged
configure vlan Things add ports 9-16, 18 untagged
configure vlan WifiPr add ports 1-2, 5 untagged
configure vlan Things ipaddress 10.1.30.1 255.255.255.0
enable ipforwarding vlan Things
configure vlan WifiPr ipaddress 10.1.40.1 255.255.255.0
enable ipforwarding vlan WifiPr
configure vlan Server ipaddress 10.1.10.1 255.255.255.0
enable ipforwarding vlan Server
configure vlan FW ipaddress 10.1.20.1 255.255.255.0
enable ipforwarding vlan FW
#
# Module fdb configuration.
#
#
# Module rtmgr configuration.
#
configure iproute add default 10.1.20.10
#
# Module mcmgr configuration.
#
configure igmp snooping vlan "Things" ports 9 add static router
configure igmp snooping vlan "Things" ports 10 add static router
configure igmp snooping vlan "Things" ports 11 add static router
configure igmp snooping vlan "Things" ports 12 add static router
configure igmp snooping vlan "Things" ports 13 add static router
configure igmp snooping vlan "Things" ports 14 add static router
configure igmp snooping vlan "Things" ports 15 add static router
configure igmp snooping vlan "Things" ports 16 add static router
enable mvr vr VR-Default
configure mvr add vlan Things
configure mvr vlan Things mvr-address mvr_address_range
configure mvr vlan Things static group none
configure mvr add vlan WifiPr
configure mvr vlan WifiPr mvr-address mvr_address_range_wifipr
configure mvr vlan WifiPr static group none
#
# Module aaa configuration.
#
configure account admin encrypted "jWz.MJ$qhCnFcbimMlx99QNp.e.L."
create account admin bbutts encrypted "PCaRMJ$t2sN5JH1X63jmTtIivRX50"
#
# Module acl configuration.
#
#
# Module bfd configuration.
#
#
# Module cfgmgr configuration.
#
#
# Module dosprotect configuration.
#
#
# Module dot1ag configuration.
#
#
# Module eaps configuration.
#
#
# Module edp configuration.
#
#
# Module elrp configuration.
#
#
# Module ems configuration.
#
#
# Module epm configuration.
#
enable cpu-monitoring interval 20
#
# Module erps configuration.
#
#
# Module esrp configuration.
#
#
# Module ethoam configuration.
#
#
# Module etmon configuration.
#
#
# Module hal configuration.
#
#
# Module idMgr configuration.
#
create ldap domain "Service-BNS.com" default
configure ldap domain "Service-BNS.com" base-dn none
#
# Module ipSecurity configuration.
#
#
# Module ipfix configuration.
#
#
# Module lacp configuration.
#
#
# Module lldp configuration.
#
#
# Module mrp configuration.
#
#
# Module msdp configuration.
#
#
# Module netLogin configuration.
#
#
# Module netTools configuration.
#
configure dns-client add name-server 8.8.8.8 vr VR-Default
configure dns-client add name-server 23.119.196.81 vr VR-Default
configure dns-client add name-server 10.1.10.5 vr VR-Default
configure bootprelay add 10.1.10.5 vr VR-Default
enable bootprelay vlan Default
enable bootprelay vlan FW
enable bootprelay vlan public
enable bootprelay vlan Server
enable bootprelay vlan Things
enable bootprelay vlan WifiPr
#
# Module poe configuration.
#
disable inline-power ports 5
#
# Module rip configuration.
#
enable rip
configure rip add vlan Server
configure rip add vlan Things
configure rip add vlan WifiPr
#
# Module r.png configuration.
#
#
# Module snmpMaster configuration.
#
configure snmpv3 add user monitor authentication md5 auth-encrypted hex 65:8e:0d:5b:19:4c:1d:62:7b:e5:49:c0:07??8d:8f privacy aes 128 privacy-encrypted hex 53:01:82:fb:bb:49:44:e2:c5:1a:2b:d0:51:73:99:1d
configure snmpv3 add group admin user monitor sec-model usm
configure snmpv3 add access admin sec-model usm sec-level priv read-view defaultUserView notify-view defaultNotifyView
configure snmpv3 add community Service-BNS encrypted name Service-BNS user v1v2c_rw
configure snmpv3 add target-addr inform param infparam ipaddress 50.204.100.145 transport-port 162 from 10.1.20.1 tag-list defaultInform
configure snmpv3 add target-addr snmpv3target param snmpv3params ipaddress 50.204.100.145 transport-port 162 tag-list Service-BNS
configure snmpv3 add target-addr v1v2cNotifyTAddr1 param v1v2cNotifyParam1 ipaddress 50.204.100.145 transport-port 162 tag-list defaultNotify
configure snmpv3 add target-params infparam user monitor mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add target-params v1v2cNotifyParam1 user v1v2cNotifyUser1 mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add notify defaultInform tag defaultInform type inform
#
# Module stp configuration.
#
configure mstp region 00049628240a
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default
#
# Module telnetd configuration.
#
#
# Module tftpd configuration.
#
#
# Module thttpd configuration.
#
enable web http
enable web https
#
# Module vmt configuration.
#
#
# Module vsm configuration.
#
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-02-2015 05:52 PM
Hi Brian,
I'm going through some of the unanswered threads and found that we missed this one. Do you still need assistance with this?
I'm going through some of the unanswered threads and found that we missed this one. Do you still need assistance with this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-23-2015 12:03 PM
I will add that 50.204.100.145 is the public IP (PRTG server) the traps need to go to. 10.1.20.1 gets nat'd by my firewall to a public IP set directly for the switch. ICMP and SNMP are the only allowed services and the rules are working. I verified that by my successful config of SNMPv2.
