This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNMPv3 - VOSS - Solarwinds

SNMPv3 - VOSS - Solarwinds

Go to solution
bfaltys
Contributor II

‎09-15-2021 03:36 PM

Has anyone gotten this to work? I’ve been trying different combinations of MD5/SHA1 for auth and DES/AES128/AES192/AES256 for priv, as well as only doing auth with no priv, and can’t seem to get it to work. My most recent config...

 

VSP5520-TEST:1(config)#sh run | inc snmp
************************************************************************************
                Command Execution Time: Wed Sep 15 10:30:24 2021 CDT
************************************************************************************
snmp-server contact "NETWORK SERVICES"
snmp-server location "TEST LAB"
snmp-server user NET-USER group "NET-GROUP"
snmp-server view "NET-VIEW" 1
snmp-server group "NET-GROUP" "" auth-no-priv read-view NET-VIEW notify-view NET-VIEW
snmp-server host 192.168.1.67 v3 authNoPriv NET-USER

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
bfaltys
Contributor II

‎09-16-2021 02:29 PM

Ok, I have sorted this out. I enter variables such as usernames, vlan names, port descriptions, etc in caps. On the Solarwinds side I was not. The proper username along with SHA1/AES128 was the winning combination.

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
bfaltys
Contributor II

‎09-16-2021 02:29 PM

Ok, I have sorted this out. I enter variables such as usernames, vlan names, port descriptions, etc in caps. On the Solarwinds side I was not. The proper username along with SHA1/AES128 was the winning combination.

0 Kudos

Go to solution
bfaltys
Contributor II

‎09-16-2021 01:38 PM

Another issue is that I can’t seem to delete any “snmp-server host” entries. I get an error “Error: Target address does not exist.” but when I show my running config it is there.

 

**This is figured out. This is the wrong command:

no snmp-server host <IP> v3 authNoPriv

 

This worked:

no snmp-server host <IP> v3 <USER>

0 Kudos

Go to solution
bfaltys
Contributor II

‎09-16-2021 12:47 PM

Hi Todd. Yes, I am setting the auth/priv passwords. Here are the actual commands I used on my last test. Don’t mind the weak passwords as they are simply for testing this. 145045d982c04f96981aa5eebb7f8fc7_1f923.png Do you know which flavor of AES this is? Solarwinds has 128, 192 and 256 as options.

 

snmp-server contact "NETWORK SERVICES"
snmp-server location "TEST LAB"
snmp-server view NET-VIEW 1
snmp-server group NET-GROUP "" auth-no-priv read-view NET-VIEW notify-view NET-VIEW
snmp-server user NET-USER md5 PA$$word aes P@$$w0rd
snmp-server user NET-USER group NET-GROUP
snmp-server host 192.168.1.67 v3 authNoPriv NET-USER

 

That was my most recent test. I intend on using SHA/AES authPriv, but figured I’d try some different configs to see if I can get it to work.

0 Kudos

Go to solution
Todd_Hancock
New Contributor III

‎09-15-2021 04:44 PM

Hi,
I assume you are setting the keys when you create the User and it just doesn’t show in the output-
 snmp-server user <Username1> group <GroupName> sha <Authentication Key> aes <Privacy Key>
If you are on VOSS 8.2 or higher the syntax changes a bit to allow password confirmation.
If you are using an access-list you will need to add the Group to the allow policy.
 access-policy # snmp-group <GroupName> usm
Also don't forget to remove the default "initial" group as it is no auth-no priv.
 no snmp-server user initial
 no snmp-server group initial

 

0 Kudos
GTM-P2G8KFN