Hi Support,
I used SNMPv3 feature on check_new_health, which is working on checkpoint/cisco. However, it's not working on a particular cisco 2960 device. I am wondering you can help on this.
Nagios command:
check_nwc_health --hostname *** --protocol 3 --username *** --authprotocol sha --privprotocol aes128 --privpassword *** --mode ***
I can get the correct result from other Cisco/checkpoint devices, only on one 2960 switch, I got below error
'UNKNOWN - got neither sysUptime nor sysDescr nor any other useful information, is this snmp agent working correctly'. but if I configured a snmp community on this switch, and use this command 'check_nwc_health --hostname *** --community *** --mode ***', I can get the correct result. I also used 'show snmp status' on that switch, and found the snmp agent is active.
Would you please provide some advices, Thanks
SNMPv3 on check_nwc_health
Re: SNMPv3 on check_nwc_health
Does it work if you wrap the credentials in single quotes?
/usr/local/nagios/libexec/check_nwc_health --hostname *** --protocol 3 --username '***' --authprotocol sha --privprotocol aes128 --privpassword '***' --mode ***
What about with regular aes?
Does this work?
- Change snmpv3user, authPass, privPass, and set X.X.X.X to the IP of the remote device.
/usr/local/nagios/libexec/check_nwc_health --hostname *** --protocol 3 --username '***' --authprotocol sha --privprotocol aes128 --privpassword '***' --mode ***
What about with regular aes?
Code: Select all
/usr/local/nagios/libexec/check_nwc_health --hostname *** --protocol 3 --username '***' --authprotocol sha --privprotocol aes --privpassword '***' --mode ***- Change snmpv3user, authPass, privPass, and set X.X.X.X to the IP of the remote device.
Code: Select all
snmpwalk -v3 -u snmpv3user -A 'authPass' -a SHA -X 'privPass' -x AES -l authPriv X.X.X.X systemRe: SNMPv3 on check_nwc_health
Thanks for your help.
1. If i use 'AES' instead of 'AES128', the result is same
2. if i use snmpwalk v3, I got below error
'Error in packet'
'Reason: authorizationError (access denied to that object)'
Then, I tried snmpwalk v3 at another switch, I can get the snmp result. It looks like some mis-configuration at Switch end. I've crosschecked with both switch, no lucky. I tried to google it, and found this one, https://github.com/lausser/check_nwc_health/issues/236, But i don't know how to grant the permission.
1. If i use 'AES' instead of 'AES128', the result is same
2. if i use snmpwalk v3, I got below error
'Error in packet'
'Reason: authorizationError (access denied to that object)'
Then, I tried snmpwalk v3 at another switch, I can get the snmp result. It looks like some mis-configuration at Switch end. I've crosschecked with both switch, no lucky. I tried to google it, and found this one, https://github.com/lausser/check_nwc_health/issues/236, But i don't know how to grant the permission.
Re: SNMPv3 on check_nwc_health
If you're getting authorizationError (access denied to that object) from the base snmpwalk command then it's very likely either a misconfiguration or an issue with the switch's snmp functionality. It's almost like it can connect but trying to grab the OIDs it's trying to grab is not allowed. You should reach out to your switch vendor and ask them what options you have, it may just be a misconfiguration.
Re: SNMPv3 on check_nwc_health
Noted with thanks, let me check with our vendor.
Re: SNMPv3 on check_nwc_health
Sounds good, we'll keep an eye out for your update.