Configuring SNMP polling on Cisco ASA and Nexus switches

This week I had to setup some Cisco SNMP credentials for a client. I've not done this before, and this page exi sts to remind me later.

Cisco ASA

    sh snmp engineid # this is needed in a later command
    Local SNMP Engine ID: 800003A6F7BE00
    conf t
     
    snmp-manager
    snmp-server enable traps
    smp-server user Sophie AdminGrp v3 auth sha Mypassword1 priv aed 256 MyOtherPasswd
    snmp-server engineID remote 10.1.1.50 udp-port 162 @engineID
    snmp-server engineID remote 10.1.1.51 udp-port 162 @engineID
    snmp-server host 10.1.1.50 version 3 priv Sophie
    snmp-server host 10.1.1.51 version 3 priv Sophie

Groups don't need setting up, because a user takes the defaults,

    snmp-server group AdminGrp v3 priv read YourReadView

Also might need a view to be set up,

    snmp-server view test $MIB

To delete the user,

    no snmp-server user Sophie AdminGrp v3

Cisco Nexus 9000

    sh snmp engineid # this is needed in a later command
    Local SNMP Engine ID: [Hex] 800003A6F7BE00
       [Dec] 128:000:000:009:111:111:344:000:111:444:555
    conf t
    snmp-server enable traps
    snmp-server user SOphie auth sha MyPass1 priv auth aes-128 MyPass2 engineID 128:000:000:009:111:111:344:000:111:444:555
    snmp-server host 10.1.1.50 version 3 priv Sophie
    snmp-server host 10.1.1.51 version 3 priv Sophie

To delete the user type:

    no snmp-server user Sophie AdminGrp

Test from a server Note that my net-snmp is old and supports up to AES 128, which means it will fail with the ASA's AES 256 configuration. The Nexus switches have yet to be upgraded to AES 256, but shall be sometime soon.

    snmpwalk -v3 -l authPriv -u Sophie -a SHA -A ""Mypassword1"" -x AES -X ""MyOtherPasswd"" 10.2.2.2 sysName.0

This was written from my memory. Hopefully I did not miss something out.

After some testing: This did not work very well...