[f-nsp] SNMP question(s)
Mike Lott
lists.accounts at gmail.com
Wed Apr 30 11:32:50 EDT 2008
On 29 Apr 2008, at 19:33, Eric Helm wrote:
> Mike Lott wrote:
>> Hi all
>> I'm having trouble configuring SNMP v3 access on the ServerIron XL
>> here, running code base 09.5.02cTD2. Any prods in the right
>> direction would be great.
>> Config:
>> SLB-SSH at host(config)#sh run | i snmp
>> snmp-server
>> snmp-server location LRC_CAB00
>> snmp-server group RAVE_RO v3 noauth read all
>> snmp-server group RAVE_RW v3 noauth read all write all
>> snmp-server user snmp_ravero RAVE_RO v3
>> snmp-server user snmp_raverw RAVE_RW v3
>
> Mike,
>
> It looks like your missing the authentication and encryption portion.
> This is a config I've used on the Foundry L2/L3 switches without
> issues.
>
> snmp-server
> snmp-server contact <string>
> snmp-server location <string>
> snmp-server view <ALLROv3> internet included
> snmp-server group <adminv3ROgroup> v3 priv access <61> read <ALLROv3>
> snmp-server user <snmpv3admin> <adminv3ROgroup> v3 auth md5
> <MD5secret> priv des <DESsecret>
>
> access-list 61 permit ip <ip-addr/mask> log
> access-list 61 deny any log
>
>
> /Eric
Hi Eric
Thanks for that. Fixed it. I hadn't created a SNMP view as I read this
in the Foundry Security docs (dated OCT 2006) that there is a default
view of "all" that should be referenced for access to the entire MIB
tree:
"The value of <viewstring> is defined using the snmp-server view
command. The SNMP agent comes with the
"all" view, the default view that provides access to the entire MIB;
however, it must be specified when creating the
group. The "all" view also allows SNMP version 3 to be backwards
compatibility with SNMP version 1 and version
2."
Either I've misinterpreted the docs or they are wrong. However, once I
had defined a view and referenced it in the snmp-server group
configuration, all was well.
Mike
More information about the foundry-nsp
mailing list