• December 16, 2019, 09:12:13 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: SNMPv3 via Management Port 8800  (Read 3796 times)

0 Members and 1 Guest are viewing this topic.

Offline Straphlinger

  • Rookie
  • **
  • Posts: 15
SNMPv3 via Management Port 8800
« on: December 12, 2011, 08:23:46 PM »
Does anyone know if you can run SNMPv3 over the management port on an 8800.

We are running COM 2.2 and I am trying to connect to my DEV environment via the management port.

Our produciton environment is two 8800's running 7.1.1.0, our DEV environment is two 8800's with copies of the production configs and I am trying to connect to the DEV cores over the management ports.
SSH works fine, but I keep receiving
"SNMP INFO request  received from xxx.xxx.xxx.xxx  with unsupported sec levels"
in the log file on the DEV core and in COM I receive
" Error: SNMP operation failed. Error index : usmStatsUnsupportedSecLevels: Invalid Security Level" in COM.
 
I've done an SNMP walk using readonly SNMPv1, over the management port but I would prefer to do V3.




Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3841
    • michaelfmcnamara
    • Michael McNamara
Re: SNMPv3 via Management Port 8800
« Reply #1 on: December 12, 2011, 10:09:48 PM »
You are referring to the management port on the CPU/SF?

Have you tried using any of the IPv4 interfaces (just to verify your configuration)?

I personally don't using the management ports but rather use a CLIP for all my management needs.
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!

Offline Straphlinger

  • Rookie
  • **
  • Posts: 15
Re: SNMPv3 via Management Port 8800
« Reply #2 on: December 12, 2011, 10:52:12 PM »
Hopefully the picture will explain it a bit more.

We copy the config files from the Production cores to the Dev cores (And 2 selected 5530 stacks, depending on the need) and then run any tests on the Dev environment before applying them to the production environment. This way both the production and Dev cores have the exact same configs. Not something I'd like to link via the network, hence the use of the management interfaces. From the COM server I can ssh to both production and dev, I can also connect to the dev environment via https over the management interface (after adding an access policy to their configs).
Also the COM server is a VM so adding another NIC to the server in the dev environment is not a good option. (Can be done, but I still like physical separation...)
One option is to run up a physical server and install the time limited version of COM to see if the config works as per normal over the dev network.

Just curious if anyone else has tried this?