r***@telecom-bretagne.eu
2012-05-10 10:27:46 UTC
According to the admin guide and this mail :
http://www.mail-archive.com/packetfence-***@lists.sourceforge.net/msg00661.html
I try to make SNMPv3 work, but I dont have crypto on my Cisco 3560...
So I try this :
On PacketFence:
[IP of switch]
type=Cisco::Catalyst_3560
mode=production
vlans=10,20,30
normalVlan=10
registrationVlan=20
isolationVlan=30
SNMPVersion=3
SNMPEngineID = XXXXXXXXXXX (obtain with "show snmp engineid")
SNMPUserNameRead=readUser
SNMPAuthProtocolRead=MD5
SNMPAuthPasswordRead=authpwdread
SNMPPrivProtocolRead=
SNMPPrivPasswordRead=
SNMPUserNameWrite=writeUser
SNMPAuthProtocolWrite=MD5
SNMPAuthPasswordWrite=authpwdwrite
SNMPPrivProtocolWrite=
SNMPPrivPasswordWrite=
SNMPVersionTrap=3
SNMPAuthProtocolTrap=MD5
SNMPAuthPasswordTrap=authpwdread
SNMPPrivProtocolTrap=
SNMPPrivPasswordTrap=
Cisco 3560 config (ios : c3560-ipbase-mz.122-50.SE5.bin):
service encryption
snmp-server group readGroup v3 auth
snmp-server group writeGroup v3 auth read v1default write v1default
snmp-server user readUser readGroup v3 auth md5 authpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host "IP my PF Server" version 3 auth readUser port-security
show snmp user's command :
User name: readUser
Engine ID: XXXXXXXXXXXXXXXXXXX
storage-type: nonvolatile active
Authentication Protocol: MD5
Group-name: readGroup
User name: writeUser
Engine ID: XXXXXXXXXXXXXXXXXXX
storage-type: nonvolatile active
Authentication Protocol: MD5
Group-name: writeGroup
and show run command :
snmp-server group readGroup v3 auth notify
*tv.00000000.00000000.00000000.000002000F
snmp-server group writeGroup v3 auth write v1default
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host "IP of PF" version 3 auth readUser port-security
When I am restarting PackteFence I have some warning about
switches.conf and this line :
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
So can I use SNMPv3 without AES or DES ?
http://www.mail-archive.com/packetfence-***@lists.sourceforge.net/msg00661.html
I try to make SNMPv3 work, but I dont have crypto on my Cisco 3560...
So I try this :
On PacketFence:
[IP of switch]
type=Cisco::Catalyst_3560
mode=production
vlans=10,20,30
normalVlan=10
registrationVlan=20
isolationVlan=30
SNMPVersion=3
SNMPEngineID = XXXXXXXXXXX (obtain with "show snmp engineid")
SNMPUserNameRead=readUser
SNMPAuthProtocolRead=MD5
SNMPAuthPasswordRead=authpwdread
SNMPPrivProtocolRead=
SNMPPrivPasswordRead=
SNMPUserNameWrite=writeUser
SNMPAuthProtocolWrite=MD5
SNMPAuthPasswordWrite=authpwdwrite
SNMPPrivProtocolWrite=
SNMPPrivPasswordWrite=
SNMPVersionTrap=3
SNMPAuthProtocolTrap=MD5
SNMPAuthPasswordTrap=authpwdread
SNMPPrivProtocolTrap=
SNMPPrivPasswordTrap=
Cisco 3560 config (ios : c3560-ipbase-mz.122-50.SE5.bin):
service encryption
snmp-server group readGroup v3 auth
snmp-server group writeGroup v3 auth read v1default write v1default
snmp-server user readUser readGroup v3 auth md5 authpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host "IP my PF Server" version 3 auth readUser port-security
show snmp user's command :
User name: readUser
Engine ID: XXXXXXXXXXXXXXXXXXX
storage-type: nonvolatile active
Authentication Protocol: MD5
Group-name: readGroup
User name: writeUser
Engine ID: XXXXXXXXXXXXXXXXXXX
storage-type: nonvolatile active
Authentication Protocol: MD5
Group-name: writeGroup
and show run command :
snmp-server group readGroup v3 auth notify
*tv.00000000.00000000.00000000.000002000F
snmp-server group writeGroup v3 auth write v1default
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
snmp-server host "IP of PF" version 3 auth readUser port-security
When I am restarting PackteFence I have some warning about
switches.conf and this line :
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
Use of uninitialized value in concatenation (.) or string at
/usr/local/pf/lib/pf/services/snmptrapd.pm line 92.
So can I use SNMPv3 without AES or DES ?