Hi Kings,
May I know the year and month in the archive when you discussed it?
Any idea why two routers running the same IOS 12.4(15)T9 but different
platforms - 1841 and 2800 show absolutely different results in terms of snmp
informs? My point is that I don't have any informs sent from R5 (counters are
0) and informs are not active for R6.
Router R5 (1841)
R5#sh run | sec snmp
snmp-server engineID remote 10.0.0.100 ABCD1234567890
snmp-server group SNMP-GROUP v3 priv
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps syslog
snmp-server host 10.0.0.100 inform version 3 priv SNMP-USER
R5#sh snmp
Chassis: FHK133673MS
31 SNMP packets input
0 Bad SNMP version errors
1 Unknown community name
5 Illegal operation for community name supplied
0 Encoding errors
8 Number of requested variables
0 Number of altered variables
5 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
35 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
3 Response PDUs
0 Trap PDUs
0 Unknown Security Models
0 SNMP Invalid Messages
0 SNMP Unknown PDU handlers
0 Unsupported Security Level
0 Unknown User Names
2 Unknown EngineIDs
0 Not In Time Windows
0 Wrong MD5 or SHA Digests
0 Decryption Errors
SNMP Trap Queue: 0 dropped due to resource failure.
SNMP logging: disabled
SNMP Manager-role output packets
0 Get-request PDUs
0 Get-next PDUs
0 Get-bulk PDUs
0 Set-request PDUs
28 Inform-request PDUs
28 Timeouts
0 Drops
SNMP Manager-role input packets
0 Inform request PDUs
0 Trap PDUs
0 Response PDUs
0 Responses with errors
SNMP informs: enabled
Informs in flight 0/25 (current/max)
Logging to 10.0.0.100.162
0 sent, 0 in-flight, 0 retries, 0 failed, 0 dropped
Router R6(2800)
R6#sh run | s snmp
snmp-server engineID remote 10.0.0.100 ABC12345678900
snmp-server group SNMP-GROUP v3 priv notify
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps syslog
snmp-server host 10.0.0.100 inform version 3 priv SNMP-USER
R6#sh snmp
Chassis: FTX0949C02R
6 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
5 Number of requested variables
0 Number of altered variables
4 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
6 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
0 Unknown Security Models
0 SNMP Invalid Messages
0 SNMP Unknown PDU handlers
0 Unsupported Security Level
0 Unknown User Names
2 Unknown EngineIDs
0 Not In Time Windows
0 Wrong MD5 or SHA Digests
0 Decryption Errors
SNMP logging: disabled
From: Kingsley Charles [mailto:[email protected]]
Sent: Wednesday, May 23, 2012 11:16 PM
To: Eugene Pefti
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] Is "snmp-server engineID" mandatory when
configuring snmp informs ?
You can see, when trying to configure a remote user without an engine ID, you
can following error message.
router(config)#snmp-server user test test remote 10.20.30.40 v3
router(config)#
*May 24 06:23:12.943: %SNMP-4-NOENGINEID: Remote snmpEngineID for 10.20.30.40
not found when creating user: test
On Thu, May 24, 2012 at 11:43 AM, Kingsley Charles
<[email protected]<mailto:[email protected]>> wrote:
For informs, we need remote engine ID and a remote user. Just give a search in
the archive, you can find my analysis on this subject.
With regards
Kings
On Thu, May 24, 2012 at 8:10 AM, Eugene Pefti
<[email protected]<mailto:[email protected]>> wrote:
Folks,
Would appreciate your input please.
Trying to configure snmp v3 with informs that should be sent to the SNMP
management station.
Part of the task is to configure SNMP server users.
Cisco documentation says:
-------------------------
To configure a remote user, specify the IP address or port number for the
remote SNMP agent of the device where the user resides.
Also, before you configure remote users for a particular agent, configure the
SNMP engine ID, using the snmp-server engineID command
with the remote option. The remote agent's SNMP engine ID is required when
computing the authentication and privacy digests from the password.
If the remote engine ID is not configured first, the configuration command will
fail.
-------------------------------
I don't have any problem adding both the user and the group before configuring
"snmp-server engineID" and have them showing
in the router. What "configuration" command will fail if I don't configure it ?
Secondly,
What do I miss in the SNMP config to not have informs sent at all ?
snmp-server engineID remote 10.0.0.100 ABC12345678900
snmp-server group SNMP-GROUP v3 priv notify
*tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.FFFFFFFF0F
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps syslog
snmp-server host 10.0.0.100 inform version 3 priv SNMP-USER
I already mentioned earlier that it looks for me as if informs are not active.
I can't configure informs timeout parameters and there's nothing showing for
"show snmp"
I installed SNMP management software on 10.0.0.100 and successfully poll the
router using SNMP-USER credentials.
R6(config)#do sh snmp
Chassis: FTX0949C02R
4 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
3 Number of requested variables
0 Number of altered variables
2 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
4 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
0 Unknown Security Models
0 SNMP Invalid Messages
0 SNMP Unknown PDU handlers
0 Unsupported Security Level
0 Unknown User Names
2 Unknown EngineIDs
0 Not In Time Windows
0 Wrong MD5 or SHA Digests
0 Decryption Errors
SNMP logging: disabled
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com<http://www.ipexpert.com>
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
