Wednesday, November 14, 2007

IOS + NET-SNMP v3 = F.U.N. (just like it said on our badge)

Statement: So anything that remotely has anything to do with ASN.1(or perhaps it is International standards organizations) is going to be a pain in the ass.

Explanation: I've been trying to squeeze in here an there some time to get Cacti working with SNMPv3 on my 851 at home (12.4(15)T). I warn you. Don't bother trying to do this intuitively -- meaning just thinking you can fill in the forms and "question mark" your way to getting the config right in IOS. Plus net-snmp command line options are also painful.

But here is how what I got working with with AuthNoPriv with a little bit of help from here. Yeah, don't go to any of the creepy Russian sites that are the top google hits for "net snmp ios snmpv3"

The stuff that shows up in your config will be. You'll probably have to define the views first.

snmp-server group cactigroup v3 auth read readview
snmp-server view readview internet included
snmp-server view readview mib-2 included
snmp-server view readview system included
snmp-server view readview interfaces included
snmp-server view readview chassis included
snmp-server location blah
snmp-server contact donkey


and the line that won't (God Bless the SFB, yeah you know what I'm talking about)


851w(config)#snmp-server user cactiuser cactigroup v3 auth md5 whateverman


And then you can make sure they are there

851w#sh snmp group
groupname: cactigroup security model:v3 auth
readview : readview writeview:
notifyview:
row status: active


851w#sh snmp user

User name: cactiuser
Engine ID: 8000000903000014A40E21BD
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: None
Group-name: cactigroup

Oh, and the worst part


mfranz@gutsy61:~$ snmpget -v3 -u cactiuser -l authNoPriv -a md5 -A whateverman 192.168.2.100 system.sysContact.0
SNMPv2-MIB::sysContact.0 = STRING: donkey


Did it work on Cacti, don't know. Must sleep. Ubuntu says 19 minutes of battery left.

No comments: