Hi,
I posted on that thread earlier last week :
Tested on 12.1(22)EA11.
snmp-server engineID local AA5ED139B81D4A328D18ACD1
snmp-server group readonly v3 priv read readview
snmp-server view readview internet included
snmp-server user test readonly v3 auth md5 arightpassword priv des56
arightpassword
# snmpwalk -v 3 -u test -l authPriv -a MD5 -A arightpassword -x DES -X
arightpassword 10.0.0.15 sysLocation.0
SNMPv2-MIB::sysLocation.0 = STRING: Inverse
Those lines are an _*EXAMPLE*_ on how to configure v3 on the 2950 for
MD5 authentication and DES encryption. Our test switch is able to do
MD5 and SHA for the auth part, and des56 as the priv part. No AES for
us as well. You will need to create the proper write view, and make
sure the snmpv3 settings in switches.conf reflects your encryption
mechanisms.
On 11-03-14 8:42 AM, Renbarger, Nate wrote:
I had not tried any of the 2950 switches yet so I just tried one and
it appears that it does not support AES. You'll have to use des and
then in the switches.conf under that switch make sure you set
SNMPPrivProtocolRead and SNMPPrivProtocolWrite to DES instead of AES.
I believe that will work but I have not tested that configuration.
Could someone from Inverse confirm that packetfence supports DES as a
priv encryption protocol?
*NATE RENBARGER
*NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
*From:*Marlon Bastida [mailto:[email protected]]
*Sent:* Sunday, March 13, 2011 4:03 PM
*To:* [email protected]
*Subject:* Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
I was testing here, PF 2.1.0 commands (admin guide), and I tried
putting priv command, now works with IOS EA14, but I got this message.
Now I got a invalid command, look bellow:
fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread
snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes
128 privpwd
^read
% Invalid input detected at '^' marker.
Tks Marlon
fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread
snmp-server user readUser readGroup v3 auth md5 authpwdread p^read
% Invalid input detected at '^' marker.
fence0(config)#
2011/3/4 Renbarger, Nate <[email protected]
<mailto:[email protected]>>
Marlon,
What's the full version you are running? At the cli on the 2950 type
"show ver | include System image" and post the results. If it is that
it needs crypto (which trying to do the priv encryption it most likely
does) you'll have to get it from Cisco.com. To get that you'll need a
login because you'll have to go through a waiver process to be able to
download crypto software. You may also need to have a support contract
or purchase the upgrade (I'm not sure on the edge switches if that's
the case for sure). Also that setup is incorrect, the documentation
should be updated but the collowing commands:
*snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56*
*privpwdread*
*snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56*
*privpwdwrite*
need to be:
*snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128*
*privpwdread*
*snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
aes 128*
*privpwdwrite*
otherwise it won't work.
*NATE RENBARGER
*NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT <http://INDWES.EDU/IT>
*From:*Marlon Bastida [mailto:[email protected]
<mailto:[email protected]>]
*Sent:* Friday, March 04, 2011 12:48 PM
*To:* PacketFence Lista
*Subject:* [Packetfence-users] Cisco 2950 Crypto Image
Hi,
I'm doing the steps about SNMP config. on a Cisco 2950 -
(WS-C2950-24). So I did basic reseach on the software guide and tell
me about download a Software Image for enable priv (needs to use a
crypto image).
Can u point me a download link to the a right image software of this
swtich model, please?
priv commands need a software image to work...
*snmp-server engineID local AA5ED139B81D4A328D18ACD1*
*snmp-server group readGroup v3 priv*
*snmp-server group writeGroup v3 priv read v1default write v1default*
*snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56*
*privpwdread*
*snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56*
*privpwdwrite*
*snmp-server enable traps port-security*
*snmp-server enable traps port-security trap-rate 1*
Tks,
Marlon
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
