Virtual Router/ Firewall/ VPN

Reply
Occasional Contributor
Posts: 7
Registered: ‎06-13-2016

SNMPv3 Configuration

Need help in configuring SNMPv3 on vyos and vyatta , will really appreciate if someone can share documentation or link with working configs 

vyatta@vyatta-loopback-testing:~$ show configuration commands | grep snmp
set service snmp v3 engineid '0x80001f8880b61f9921b417525800000000'
set service snmp v3 group V3Group seclevel 'priv'
set service snmp v3 group V3Group view 'V3View'
set service snmp v3 user V3User auth encrypted-key '0x6e5a4102f412e0df85a5a25d875669b8f18b27cb'
set service snmp v3 user V3User auth type 'sha'
set service snmp v3 user V3User engineid '0x80001f8880b61f9921b417525800000000'
set service snmp v3 user V3User group 'V3Group'
set service snmp v3 user V3User privacy encrypted-key '0x6e5a4102f412e0df85a5a25d875669b8'
set service snmp v3 user V3User privacy type 'des'
set service snmp v3 view V3View oid '1.3.6.1.2.1.4'

vyatta@vyatta-loopback-testing:~$ show version 
Version:      VSE6.7R11
Description:  Brocade vRouter 5410 6.7 R11
Copyright:    2016 Brocade Communications Systems, Inc.
Built by:     autobuild@vyatta.com
Built on:     Thu Feb 25 13:18:16 UTC 2016
Build ID:     1602251319-91e27a7
System type:  Intel 64bit
Boot via:     disk
Hypervisor:   Xen
Uptime:       13:28:39 up 16 days,  6:06,  1 user,  load average: 0.09, 0.12, 0.13

Occasional Contributor
Posts: 7
Registered: ‎06-13-2016

Re: SNMPv3 Configuration

Hi SNMP Experts/Team ,

Here is the brocade link and configuration i am using for configuring SNMPV3 but unable to add or see any traps coming from Vyatta Router to Collector.

 

 

http://www1.brocade.com/downloads/documents/html_product_manuals/vyatta/vyatta_5400_manual/Remote%20Management/wwhelp/wwhimpl/common/html/wwhelp.htm#context=Remote_Management&file=SNMP.5.18.html

 

 

vyatta@vyatta-loopback-testing# run show configuration commands | grep snmp
set service snmp v3 engineid '0x80001f8880b61f9921b417525800000000'
set service snmp v3 group V3Group seclevel 'priv'
set service snmp v3 group V3Group view 'V3View'
set service snmp v3 trap-target 35.163.179.190 auth plaintext-key 'Netorc@123456'
set service snmp v3 trap-target 35.163.179.190 auth type 'sha'
set service snmp v3 trap-target 35.163.179.190 engineid '0x80001f8880b61f9921b417525800000000'
set service snmp v3 trap-target 35.163.179.190 privacy plaintext-key 'Netorc@123456'
set service snmp v3 trap-target 35.163.179.190 privacy type 'des'
set service snmp v3 trap-target 35.163.179.190 type 'trap'
set service snmp v3 trap-target 35.163.179.190 user 'V3User'
set service snmp v3 user V3User auth encrypted-key '0x6e5a4102f412e0df85a5a25d875669b8f18b27cb'
set service snmp v3 user V3User auth type 'sha'
set service snmp v3 user V3User engineid '0x80001f8880b61f9921b417525800000000'
set service snmp v3 user V3User group 'V3Group'
set service snmp v3 user V3User privacy encrypted-key '0x6e5a4102f412e0df85a5a25d875669b8'
set service snmp v3 user V3User privacy type 'des'
set service snmp v3 view V3View oid '1.3.6.1.2.1.4'

 

 

Will really appreciate  if someone can validate or send any working configuration for SNMPV3 for auth Privacy .

 

Regards

Syed.

TAC Mod
Posts: 66
Registered: ‎04-07-2011

Re: SNMPv3 Configuration

[ Edited ]

Hello sfaiz13@gmail.com

 

I spoke with a TAC representative regarding your question and his response was that your configuration looks good to him.

 

He wondered if you had encountered any problem with your configuration? If yes, please let us know what SNMPv3 trap receiver you are using and what is the configuration?

 

Regards,

 

Denise K.

Brocade Community Team

@DeniseK

Occasional Contributor
Posts: 7
Registered: ‎06-13-2016

Re: SNMPv3 Configuration

Thanks Denise for looking into it , i tried my level best to locate any working configs for SNMPv3 on 5400 vyatta including Auth Level ,User , Algorithm and Crypto Algorithm .

 

The only configs available is for 5600 .

 

The configs mentioned in my post is the one i am using , can u please check with Tech engineer if he can simply give or validate if using this command how we can see flows locally in cache and if its trying to send to collector or not .

 

I have tried with couple of Collector but currently i am using Observium but le me know if he is will i can share my setup or share screen and show its not working but the same collector is working for CSR Cisco Cloud Router .

 

Regards

Syed.

TAC Mod
Posts: 66
Registered: ‎04-07-2011

Re: SNMPv3 Configuration

Hi sfaiz13@gmail.com

 

I checked back with a TAC agent and he is not familiar with the trap receiver you are using, but he did suggest some checklist items for you:

 

1. Make sure the trap receiver is reachable

2. Make sure the V3 user is defined at the trap receiver

3. Make sure the right engine-id is configured for that user. You can get the engine-id from the vRouter using command show service snmp v3 engineid

4. Make sure the AuthKey/PrivKey are correctly defined

 

You can try to capture the packets to make sure the packets are going out the vRouter.

For example: $sudo tshark -i eth0 -f ' udp port 161 or udp port 162'

 

Hope this helps,

 

Denise K.

Brocade Community Team

@DeniseK

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.