Unable to poll SNMP for Management Center

book

Article ID: 185079

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

Community strings are already configured on Management Center (MC) and a packet capture shows that MC not responding to snmpget nor snmpwalk. 

 

 

Cause

Missing SNMP configuration on management center and/or ACL not allowing SNMP poll. 

Environment

SNMP polling against Management Center running version 2.0 and above.

 

Resolution

Management Center follows VACM base for SNMPv2c (RFC3415) and USM based (RFC3414) for SNMPv3 for Simple Network Management Protocol configuration.

By default Management Center's access control list (ACL) blocks SNMP requests.

Here is an example on how to configure MC for SNMPv2c for access with the public community string:

configure terminal
snmp
agent version v2c
agent enable
community public
sec-name public
exit
vacm group bccm member public sec-model v2c
vacm view bcmc subtree 1.3 included
vacm group bccm access v2c no-auth-no-priv read-view bcmc
exit

Here is an example on how to configure MC for SNMPv3 giving access to a user named "sha-user":

configure terminal
snmp 
agent version v3
agent enable
vacm group BCCM member sha-user sec-model usm
vacm view bcmc subtree 1.3 included
vacm group BCCM access usm auth-priv read-view bcmc
usm local user sha-user auth sha password publicv3
usm local user sha-user priv aes password publicv3

To allow an IP to access MC via SNMP, here's an example for IP 172.16.1.170

configure terminal

acl
rule 172.16.1.170/32 SNMP
exit

 

Here are examples of using the commands snmpget and snmpwalk from a Unix or Linux

For SNMPv2c

[email protected]172.16.1.170$ snmpget -v2c -c public <IP.of.target.device> sysUpTimeInstance

[email protected]172.16.1.170$ snmpwalk -v2c -c public <IP.of.target.device>

 

For SNMPv3:

[email protected]172.16.1.170$ snmpget -v3  -l authPriv -u sha-user -a sha -A "publicv3"  -x AES -X "publicv3" <IP.of.target.device> hrSystemUptime

[email protected]172.16.1.170$ snmpwalk -v3  -l authPriv -u sha-user -a sha -A "publicv3"  -x AES -X "publicv3" <IP.of.target.device>

 

Here are example commands to remove and disable SNMPv2c configuration from MC

configure terminal
snmp
no vacm view bcmc subtree 1.3
no vacm group bccm 
no community public
no agent version v2c
agent disable

 

Here are example commands to remove and disable SNMPv3 configuration from MC

configure terminal
snmp 
no usm local user sha-user
no vacm view bcmc subtree 1.3
no vacm group BCCM
no agent version v3
agent disable

 

Further information for MC SNMP configuration are available at Management Center SNMP Monitoring Best Practices .