Marlon, I did not say readGroup or writeGroup, I said read/write *views*... You need to have a read view(to read the MIBs), and a write view (to write stuff via SNMP) created for your authentication group.
You should look the Cisco documentation about that : http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp18842 > Francois, > > OK. Sorry, but could you explain for me exactly what are the groups > readGroup and writeGroup if I intend to do a personal configuration based > on > PF 2.1.0 and doing ajust like you did for Cisco 2950? > > Tks Marlon > > 2011/3/14 Francois Gaudreault <[email protected]> > >> Hi, >> >> I posted on that thread earlier last week : >> >> >> Tested on 12.1(22)EA11. >> >> snmp-server engineID local AA5ED139B81D4A328D18ACD1 >> snmp-server group readonly v3 priv read readview >> snmp-server view readview internet included >> snmp-server user test readonly v3 auth md5 arightpassword priv des56 >> arightpassword >> >> # snmpwalk -v 3 -u test -l authPriv -a MD5 -A arightpassword -x DES -X >> arightpassword 10.0.0.15 sysLocation.0 >> SNMPv2-MIB::sysLocation.0 = STRING: Inverse >> >> Those lines are an *EXAMPLE* on how to configure v3 on the 2950 for MD5 >> authentication and DES encryption. Our test switch is able to do MD5 >> and >> SHA for the auth part, and des56 as the priv part. No AES for us as >> well. >> You will need to create the proper write view, and make sure the snmpv3 >> settings in switches.conf reflects your encryption mechanisms. >> >> >> >> On 11-03-14 8:42 AM, Renbarger, Nate wrote: >> >> I had not tried any of the 2950 switches yet so I just tried one and it >> appears that it does not support AES. Youll have to use des and then in >> the >> switches.conf under that switch make sure you set SNMPPrivProtocolRead >> and >> SNMPPrivProtocolWrite to DES instead of AES. I believe that will work >> but I >> have not tested that configuration. Could someone from Inverse confirm >> that >> packetfence supports DES as a priv encryption protocol? >> >> >> >> *NATE RENBARGER >> *NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY >> >> INDIANA WESLEYAN UNIVERSITY >> 4201 S. WASHINGTON ST. >> MARION, IN 46953 >> >> 765.677.2340 | 765.677.2020 FAX >> [email protected] >> >> >> INDWES.EDU/IT >> >> >> >> *From:* Marlon Bastida >> [mailto:[email protected]<[email protected]>] >> >> *Sent:* Sunday, March 13, 2011 4:03 PM >> *To:* [email protected] >> *Subject:* Re: [Packetfence-users] Cisco 2950 Crypto Image >> >> >> >> Nate, >> >> >> >> I was testing here, PF 2.1.0 commands (admin guide), and I tried putting >> priv command, now works with IOS EA14, but I got this message. >> >> >> >> Now I got a invalid command, look bellow: >> >> >> >> >> >> >> >> fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread >> >> snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128 >> privpwd >> ^read >> >> >> >> % Invalid input detected at '^' marker. >> >> >> >> >> >> >> >> Tks Marlon >> >> >> >> fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread >> >> snmp-server user readUser readGroup v3 auth md5 authpwdread p^read >> >> >> >> % Invalid input detected at '^' marker. >> >> >> >> fence0(config)# >> >> >> >> >> >> 2011/3/4 Renbarger, Nate <[email protected]> >> >> Marlon, >> >> >> >> Whats the full version you are running? At the cli on the 2950 type >> show >> ver | include System image and post the results. If it is that it needs >> crypto (which trying to do the priv encryption it most likely does) >> youll >> have to get it from Cisco.com. To get that youll need a login because >> youll have to go through a waiver process to be able to download crypto >> software. You may also need to have a support contract or purchase the >> upgrade (Im not sure on the edge switches if thats the case for sure). >> Also that setup is incorrect, the documentation should be updated but >> the >> collowing commands: >> >> *snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56* >> >> *privpwdread* >> >> *snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv >> des56 >> * >> >> *privpwdwrite* >> >> >> >> need to be: >> >> *snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes >> 128* >> >> *privpwdread* >> >> *snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes >> 128* >> >> *privpwdwrite* >> >> >> >> otherwise it wont work. >> >> >> >> *NATE RENBARGER >> *NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY >> >> INDIANA WESLEYAN UNIVERSITY >> 4201 S. WASHINGTON ST. >> MARION, IN 46953 >> >> 765.677.2340 | 765.677.2020 FAX >> [email protected] >> >> >> INDWES.EDU/IT >> >> >> >> *From:* Marlon Bastida [mailto:[email protected]] >> *Sent:* Friday, March 04, 2011 12:48 PM >> *To:* PacketFence Lista >> *Subject:* [Packetfence-users] Cisco 2950 Crypto Image >> >> >> >> Hi, >> >> >> >> I'm doing the steps about SNMP config. on a Cisco 2950 - (WS-C2950-24). >> So >> I did basic reseach on the software guide and tell me about download a >> Software Image for enable priv (needs to use a crypto image). >> >> Can u point me a download link to the a right image software of this >> swtich >> model, please? >> >> >> >> priv commands need a software image to work... >> >> >> >> >> >> *snmp-server engineID local AA5ED139B81D4A328D18ACD1* >> >> *snmp-server group readGroup v3 priv* >> >> *snmp-server group writeGroup v3 priv read v1default write v1default* >> >> *snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56* >> >> *privpwdread* >> >> *snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv >> des56 >> * >> >> *privpwdwrite* >> >> *snmp-server enable traps port-security* >> >> *snmp-server enable traps port-security trap-rate 1* >> >> >> >> >> >> Tks, >> >> Marlon >> >> >> >> ------------------------------------------------------------------------------ >> What You Don't Know About Data Connectivity CAN Hurt You >> This paper provides an overview of data connectivity, details >> its effect on application quality, and explores various alternative >> solutions. http://p.sf.net/sfu/progress-d2d >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> >> ------------------------------------------------------------------------------ >> Colocation vs. Managed Hosting >> A question and answer guide to determining the best fit >> for your organization - today and in the >> future.http://p.sf.net/sfu/internap-sfd2d >> >> >> _______________________________________________ >> Packetfence-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> >> >> -- >> Francois Gaudreault, ing. [email protected] :: +1.514.447.4918 >> (x130) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> >> >> ------------------------------------------------------------------------------ >> Colocation vs. Managed Hosting >> A question and answer guide to determining the best fit >> for your organization - today and in the future. >> http://p.sf.net/sfu/internap-sfd2d >> _______________________________________________ >> Packetfence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > ------------------------------------------------------------------------------ > Colocation vs. Managed Hosting > A question and answer guide to determining the best fit > for your organization - today and in the future. > http://p.sf.net/sfu/internap-sfd2d_______________________________________________ > Packetfence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
