Configuring SNMP polling on Cisco ASA and Nexus switches
This week I had to setup some Cisco SNMP credentials for a client. I've not done this before, and this page exi sts to remind me later.
Cisco ASA
sh snmp engineid # this is needed in a later command
Local SNMP Engine ID: 800003A6F7BE00
conf t
snmp-manager
snmp-server enable traps
smp-server user Sophie AdminGrp v3 auth sha Mypassword1 priv aed 256 MyOtherPasswd
snmp-server engineID remote 10.1.1.50 udp-port 162 @engineID
snmp-server engineID remote 10.1.1.51 udp-port 162 @engineID
snmp-server host 10.1.1.50 version 3 priv Sophie
snmp-server host 10.1.1.51 version 3 priv Sophie
Groups don't need setting up, because a user takes the defaults,
snmp-server group AdminGrp v3 priv read YourReadView
Also might need a view to be set up,
snmp-server view test $MIB
To delete the user,
no snmp-server user Sophie AdminGrp v3
Cisco Nexus 9000
sh snmp engineid # this is needed in a later command
Local SNMP Engine ID: [Hex] 800003A6F7BE00
[Dec] 128:000:000:009:111:111:344:000:111:444:555
conf t
snmp-server enable traps
snmp-server user SOphie auth sha MyPass1 priv auth aes-128 MyPass2 engineID 128:000:000:009:111:111:344:000:111:444:555
snmp-server host 10.1.1.50 version 3 priv Sophie
snmp-server host 10.1.1.51 version 3 priv Sophie
To delete the user type:
no snmp-server user Sophie AdminGrp
Test from a server Note that my net-snmp is old and supports up to AES 128, which means it will fail with the ASA's AES 256 configuration. The Nexus switches have yet to be upgraded to AES 256, but shall be sometime soon.
snmpwalk -v3 -l authPriv -u Sophie -a SHA -A ""Mypassword1"" -x AES -X ""MyOtherPasswd"" 10.2.2.2 sysName.0
This was written from my memory. Hopefully I did not miss something out.
After some testing: This did not work very well...