[mrtg] Mrtg with snmpV3

Daniel J McDonald dan.mcdonald at austinenergy.com
Thu May 10 15:30:13 CEST 2007 

On Thu, 2007-05-10 at 00:35 +0200, Croulder wrote:
> yes,  i can see all data with snmpwalk (snmpV3 and snmpV1) OID 1.3.[0]  ,but 
> OID 1.3.6.1.2.1.1 don't exist and MRTG ask about it (perl source code).
> 


Sounds like you don't have your snmp-server group command set up
properly on your cisco, and the snmp-server user you have created has no
access to any mib variables.


if you use the command:
show snmp user

it will show you the group name, e.g:
stelmo-net-bay1c#sh snmp user

User name: public
Engine ID: 800000090300001B53886901
storage-type: nonvolatile        active access-list: 79
Authentication Protocol: SHA
Privacy Protocol: DES
Group-name: foo

Then use show snmp group to determine what access the group has:
stelmo-net-bay1c#sh snmp group
groupname: foo                              security model:v3 priv 
readview : v3priv                           writeview: <no writeview
specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: foo                              security model:v3 priv 
readview : v1default                        writeview: <no writeview
specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: foo                              security model:v3 priv 
readview : v1default                        writeview: <no writeview
specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: foo                              security model:v3 priv 
readview : v1default                        writeview: <no writeview
specified>        
notifyview: <no notifyview specified>       
row status: active
          

Ok, so here group foo has access to read v3priv and v1default
We can see those views using the show snmp view command:
stelmo-net-bay1c#sh snmp view  
v3priv iso - included nonvolatile active
v3priv internet - included nonvolatile active
v3priv snmpUsmMIB - included nonvolatile active
v3priv snmpVacmMIB - included nonvolatile active
v1default iso - included permanent active
v1default internet - included permanent active
v1default snmpUsmMIB - excluded permanent active
v1default snmpVacmMIB - excluded permanent active
v1default snmpCommunityMIB - excluded permanent active
v1default ciscoMgmt.252 - excluded permanent active

I created this view with the following configuration directives:
stelmo-net-bay1c#sh run | inc snmp
snmp-server group foo v3 priv read v3priv 
snmp-server view v3priv iso included
snmp-server view v3priv internet included
snmp-server view v3priv snmpUsmMIB included
snmp-server view v3priv snmpVacmMIB included

Once you get your snmp config on the router cleared up, mrtg should be
much happier.



-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

More information about the mrtg mailing list