Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sat Feb 23, 2019 11:55 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: [HOWTO] Monitor Cisco switches via SNMP v3
PostPosted: Sat Dec 08, 2007 8:40 am 
Offline

Joined: Tue Jan 16, 2007 3:49 am
Posts: 12
Simple Network Management Protocol Version 3 (SNMPv3) is an interoperable standards-based protocol for network management. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network.
So,we should apply the snmpv3
For example,cisco 3550
First,login the switch,and show the version
Cisco Internetwork Operating System Software
IOS (tm) C3550 Software (C3550-I5Q3L2-M), Version 12.1(22)EA1a, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 20-Aug-04 00:44 by yenanh
Image text-base: 0x00003000, data-base: 0x0083AF00
The version of IOS -- C3550-I5Q3L2-M decides we can use auth.
# configure terminal
#snmp-server group cactigroup v3 auth
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd
#end
#copy run start
Second,configuring the cacti for the cisco switch


Attachments:
3550.GIF
3550.GIF [ 18.68 KiB | Viewed 64781 times ]
Top
 Profile  
 
 Post subject:
PostPosted: Sat Dec 08, 2007 8:42 am 
Offline

Joined: Tue Jan 16, 2007 3:49 am
Posts: 12
For example,cisco 3750
First,login the switch,and show the version
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(25)SEE4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Mon 16-Jul-07 03:24 by myl
Image text-base: 0x00003000, data-base: 0x01240000
The version of IOS -- C3750-IPSERVICESK9-M decides we can use priv
# configure terminal
#snmp-server group cactigroup v3 priv
#snmp-server user cactiuser cactigroup v3 auth md5 cactipasswd1 priv des56 cactipasswd2
#end
#copy run start
Second,configuring the cacti for the cisco switch


Attachments:
3750.GIF
3750.GIF [ 18.14 KiB | Viewed 64779 times ]
Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 02, 2008 6:39 pm 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
Does anyone know if something within Cacti needs to be configured, installed, or modified somehow to use AES instead of DES? I have this working using DES but a recent upgrade on our equipment is requiring us to use AES.
I have tried doing an SNMPwalk using AES, getting "Invalid privacy protocol specified after -x flag: AES

No log entry in the equipment I am trying to walk. Cacti isn't even trying to walk the equipment.

Issuing the same command on the same type of equipment (of type, not same exact equipment) that is still using DES-everything works great.

This equipment will be upgraded soon and will be using AES-like the rest of our equipment.
command:

snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x DES -X pass equip
works

snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip
Invalid privacy protocol specified after -x flag: AES


Centos OS
Version 8.7a
Net-SNMP 5.x
RRD Tool 1.2x
Settings Plugin
Thold Plugin

Thanks in advance.

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 02, 2008 7:20 pm 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
OK! I found something that helped. I found some documentation that the "witness" said only AES128 was supported. So, instead of


snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES -X pass equip

I did


snmpwalk -v 3 -a MD5 -A pass -l authPriv -u Manager -x AES128 -X pass equip

It worked. I can SNMPwalk from the CLI but...Cacti isn't graphing anymore data for this host. The graph just seemed to end when I configured Cacti to use SNMPv3. It was using SNMPv2.

Any ideas or pointers would be awesome!
Please..help me out.

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 02, 2008 7:22 pm 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
I'm thinking I'm going to need to change a .conf file to be more specific when it choses it's AES version.

I'm using FIPS-197 (AES that supports 128,192, or 256). SNMP.conf?

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject:
PostPosted: Wed Jan 02, 2008 7:37 pm 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
Ok...I know it's not SNMP.conf but is probably SNMP.php

I don't know anything about scripts or php...so I'm going to wait until I hear from someone because I'm pretty sure I'm looking in the right direction-but then again I don't know anything about scripts/php.

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject:
PostPosted: Thu Jan 03, 2008 11:40 am 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
Here is some other info..

net-snmp-utils-5.1.2-11.EL4.7
net-snmp-libs-5.1.2-11.EL4.7
net-snmp-5.1.2-11.EL4.7
php-snmp-4.3.9-3.22
net-snmp-devel-5.1.2-11.EL4.7

[[email protected] net-snmp]# snmpget --version
NET-SNMP version: 5.1.2


I read somewhere that 5.1.2 only supports DES. Using DES, I don't see any data in my graphs. I can snmpwalk via the CLI...

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject:
PostPosted: Fri Jan 04, 2008 12:46 pm 
Offline
Cacti User
User avatar

Joined: Tue Jul 03, 2007 4:11 pm
Posts: 74
Location: San Luis Obispo
Created a new topic...

http://forums.cacti.net/viewtopic.php?t=25120

_________________
Cacti Ver: 0.8.7h
netSNMP 5.4.2.1
PHP 5.3.2-1ubuntu4.9 with Suhosin-Patch
mysql Ver 14.14 Distrib 5.1.41, for debian-linux-gnu (i486) using readline 6.1
RRDtool 1.3.8
CCNA,CCDA,CCSE


Top
 Profile  
 
 Post subject: Re: [HOWTO] Monitor Cisco switches via SNMP v3
PostPosted: Wed Nov 09, 2011 1:17 am 
Offline

Joined: Fri Jul 15, 2011 2:37 am
Posts: 7
thank you for share


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group