Presentation is loading. Please wait.

Presentation is loading. Please wait.

Setup a Cisco router to SNMPv3 query a 117G running ANW2 for a oid value Cisco 891 router running Version 15.1(4)M4 117G radios running ODIA code for ANW2C.

Published byDamian Gallagher Modified over 7 years ago

Similar presentations

Presentation on theme: "Setup a Cisco router to SNMPv3 query a 117G running ANW2 for a oid value Cisco 891 router running Version 15.1(4)M4 117G radios running ODIA code for ANW2C."— Presentation transcript:

1 Setup a Cisco router to SNMPv3 query a 117G running ANW2 for a oid value Cisco 891 router running Version 15.1(4)M4 117G radios running ODIA code for ANW2C Radios already configured for SNMPv3 operation and working with SNMPc manager (IP 192.168.1.103/24) Router interface (192.168.1.254/24) is connected to Radio 01 interface (192.168.1.1/24)

2 Cisco configuration (in theory all that is needed for this to work) #Enable SNMP manager service conf t snmp-server manage #Setup SNMP management all done under conf t #Set up "View1" as a view for use by users and groups and allow it to query top of the tree snmp-server view view1 1.3.6.1.4* included #Setup the group "test" and set the security for the group to SNMPv3, point to view1 for views snmp-server group test v3 priv read view1 write view1 #Setup the user using same info SNMP manager is successfully using #user = sysadmin authpw = thisisauthstring and privpw = thisisprivstring snmp-server user sysadmin test v3 auth sha thisisauthstring priv aes 128 thisisprivstring

3 Cisco configuration continued #Maybe specifics to target host need to be set (didn’t resolve issue) snmp-server host 192.168.1.1 version 3 priv sysadmin #Maybe EngineID cannot be default command to change EngineID to 1234567890 (didn’t resolve issue) snmp-server engineID remote 192.168.1.1 udp-port 161 1234567890

4 The problem appears to be that the Cisco is not encrypting the packet payload or including Auth/Priv information #Command to router to send query to radio using SNMPv3, use sysadmin as user and poll for the oid value snmp get v3 192.168.1.1 sysadmin oid 1.3.6.1.4.1.290.3.5.1.2.2.1.3 Router responds with Request Failed #turning on debug snmp headers the following comes in after an attempt. The problem field Bolded and underlined Outgoing SNMP packet Mar 4 14:21:23.315: v3 packet security model: v3 security level: noauth Mar 4 14:21:23.315: username: sysadmin Mar 4 14:21:23.315: snmpEngineID: 800000090300E4D3F1741948 Mar 4 14:21:23.315: snmpEngineBoots: 1 snmpEngineTime: 67086 Mar 4 14:21:23.319: Incoming SNMP packet Mar 4 14:21:23.319: v3 packet security model: v3 security level: noauth Mar 4 14:21:23.319: username: sysadmin Mar 4 14:21:23.319: snmpEngineID: 800000090300E4D3F1741948 Mar 4 14:21:23.319: snmpEngineBoots: 0 snmpEngineTime: 0

5 Looking at the exchange using Wireshark, the router is indeed not using the Auth/Priv security level for some reason

6 Here is a packet capture from an exchange between the SNMP manager and the radio showing the proper encryption and auth/priv

7 Subsequent testing using the SNMPc manager to poll the router shows the router using SNMPv3 with auth/priv correctly (verified with debug and Wireshark). This outgoing issue seems to be either an IOS bug or some configuration that is missed that is hidden. In the router, the feature does not seem as complete as other features. The tried and true ? doesn’t work for some commands and configurations and documentation is very spotty.

Download ppt "Setup a Cisco router to SNMPv3 query a 117G running ANW2 for a oid value Cisco 891 router running Version 15.1(4)M4 117G radios running ODIA code for ANW2C."

Similar presentations

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.

Managing Cisco IOS Software. Overview The router boot sequence Locating IOS software The configuration register Recovering Passwords Backing Up the Cisco.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
SNMP v3.

SNMP v3.
Implementing Secure Converged Wide Area Networks (ISCW)

Implementing Secure Converged Wide Area Networks (ISCW)
Securing the Router Chris Cunningham.

Securing the Router Chris Cunningham.
1 Passwords and Banners Cisco Devices Packet Tracer.

1 Passwords and Banners Cisco Devices Packet Tracer.
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Point-to-Point Protocol

Point-to-Point Protocol
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Implementing a Highly Available Network

Implementing a Highly Available Network
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.
1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.

1 CCNA 2 v3.1 Module 4. 2 CCNA 2 Module 4 Learning about Devices.
CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim 04.19.2010.

CSEE W4140 Networking Laboratory Lecture 11: SNMP Jong Yul Kim
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
SNMP Simple Network Management Protocol

SNMP Simple Network Management Protocol
1 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada Equipping Today’s Instructors for Tomorrow’s.

1 © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential.Cisco Networking Academy, U.S./Canada Equipping Today’s Instructors for Tomorrow’s.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Ch. 31 Q and A CS332 Spring 2014. Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.

Ch. 31 Q and A CS332 Spring Network management more than just Ethernet Q: Comer mentions that network managers need to be able to account for different.

Similar presentations

Ads by Google