netdisco-users Digest, Vol 214, Issue 1

netdisco-users-request Thu, 27 Jun 2024 01:41:57 -0700

Send netdisco-users mailing list submissions to
        netdisco-users@lists.sourceforge.net


To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
        netdisco-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
        netdisco-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."

Today's Topics:

   1. SNMPv3 Issues (Ariel Jones)
   2. Re: SNMPv3 Issues (Roman Safonov)

--- Begin Message ---

I have been working to get SNMPv3 working with my Cisco switches, however no 
matter what I do I can't seem to get it working with NetDisco. I have confirmed 
I can connect with SNMPv3 with two other tools we utilize without any issue. 
Any help would be appreciated. The error "Error: passphrase chosen is below the 
length requirements of the USM (min=8)." shows in the output, however the 
passphrase is 15+ characters long.

deployment.yml file:

device_auth:
  - tag: 'Snmpv3cfg'
    user: 'USERNAME'
    auth:
    pass: 'PASSWORD'
    proto: 'SHA'
    priv:
    pass: 'PASSWORD'
    proto: 'AES'

Configuration from Cisco switches:

snmp-server view snmp-v3-ReadOnly-View internet included
snmp-server view snmp-v3-ReadOnly-View lldpObjects included
snmp-server view snmp-v3-ReadOnly-View cisco included
snmp-server group snmp-v3-ReadOnly v3 auth context vlan- match prefix
snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server group snmp-v3-ReadOnly v3 priv read snmp-v3-ReadOnly-View
snmp-server user USERNAME snmp-v3-ReadOnly v3 auth sha PASSWORD priv aes 128 
PASSWORD
snmp-server group snmp-v3-ReadOnly v3 auth
(There is also an access list allowing access)

Result of netdisco-do -D discover -d:

itservices@netdisco:~/netdisco/config$ sudo docker-compose run netdisco-do -D 
discover -d 10.10.80.80
Creating itservices_netdisco-do_run ... done
Attempting to create directory /home/netdisco/perl5
[1] 2024-06-26 22:38:59  info App::Netdisco version 2.072003 loaded.
[1] 2024-06-26 22:38:59  info discover: [10.10.80.80] started at Wed Jun 26 
22:38:59 2024
[1] 2024-06-26 22:39:00 debug discover: running with timeout 600s
[1] 2024-06-26 22:39:00 debug => running workers for phase: check
[1] 2024-06-26 22:39:00 debug -> run worker check/1000000 
"internal::backendfqdn"
[1] 2024-06-26 22:39:00 debug -> run worker check/1000000 
"internal::snmpfastdiscover"
[1] 2024-06-26 22:39:00 debug running with configured SNMP timeouts
[1] 2024-06-26 22:39:00 debug -> run worker check/0 "discover"
[1] 2024-06-26 22:39:00 debug Discover is able to run.
[1] 2024-06-26 22:39:00 debug => running workers for phase: early
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug snmp reader cache warm: [10.10.80.80]
[1] 2024-06-26 22:39:00 debug [10.10.80.80:161] try_connect with v: 3, t: 0.2, 
r: 0, class: SNMP::Info, comm: <hidden>
Error: passphrase chosen is below the length requirements of the USM (min=8).
[1] 2024-06-26 22:39:00 debug [10.10.80.80:161] try_connect with v: 3, t: 3, r: 
2, class: SNMP::Info, comm: <hidden>
Error: passphrase chosen is below the length requirements of the USM (min=8).
[1] 2024-06-26 22:39:00 debug discover failed: could not SNMP connect to 
10.10.80.80
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug => running workers for phase: main
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::canonicalip"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::entities"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::neighbors"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::neighbors::docsis"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::neighbors::routed"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::portpower"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::portproperties"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::portproperties::portaccessentity"
[1] 2024-06-26 22:39:00 debug pae failed: could not SNMP connect to 10.10.80.80
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::properties::tags"
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::properties::tags"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::vlans"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::wireless"
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::withnodes"
[1] 2024-06-26 22:39:00 debug => running workers for phase: late
[1] 2024-06-26 22:39:00 debug -> run worker late/0 "discover::hooks"
[1] 2024-06-26 22:39:00 debug  [10.10.80.80] hooks - skipping due to incomplete 
job
[1] 2024-06-26 22:39:00 debug -> run worker late/0 "discover::snapshot"
[1] 2024-06-26 22:39:00 debug discover failed: could not SNMP connect to 
10.10.80.80
[1] 2024-06-26 22:39:00  info discover: finished at Wed Jun 26 22:39:00 2024
[1] 2024-06-26 22:39:00  info discover: status defer: discover failed: could 
not SNMP connect to 10.10.80.80
ERROR: 1

--- End Message ---

--- Begin Message ---

My working SNMP credentials for CISCO switch:

- tag: 'v3_CISCO_SHA-AES-256-C
    user: ‘user’
    auth:
     pass: password'
     proto: SHA
    priv:
     pass: 'password'
     proto: AES-256-C

Our CISCO switches use AES-256-C for privacy.

CISCO configuration:
snmp-server group Snmpv3 v3 priv access allowSnmp
snmp-server drop unknown-user
snmp-server location <location>
snmp-server contact <mail>
snmp-server group Snmpv3 v3 priv access SnmpAuthoritative
snmp-server user user Snmpv3 v3 auth sha password priv aes 256 password access 
allowSnmp



From: Ariel Jones <ariel.jo...@gfcmsu.edu>
Date: Thursday, 27 June 2024 at 5:25
To: netdisco-users@lists.sourceforge.net <netdisco-users@lists.sourceforge.net>
Subject: [Netdisco] SNMPv3 Issues
Some people who received this message don't often get email from 
ariel.jo...@gfcmsu.edu. Learn why this is 
important<https://protect.checkpoint.com/v2/___https://aka.ms/LearnAboutSenderIdentification___.YzJlOnRlY2huaW9uOmM6bzoyMGQxZDk3NmMxMWRmODExN2Y2MTdmYjczMzEzZTI1Nzo2OjNjOWI6MGZiZTQ4MjUxYzhlMGY4M2UyYTlhOTU1NzE2Y2M4ZDE1ODA1ZGY5ODNhOWU1MmJiNjE5ZjE3OTUzMjRiMTEzYjpoOkY6Tg>
I have been working to get SNMPv3 working with my Cisco switches, however no 
matter what I do I can’t seem to get it working with NetDisco. I have confirmed 
I can connect with SNMPv3 with two other tools we utilize without any issue. 
Any help would be appreciated. The error “Error: passphrase chosen is below the 
length requirements of the USM (min=8).” shows in the output, however the 
passphrase is 15+ characters long.

deployment.yml file:

device_auth:
  - tag: 'Snmpv3cfg'
    user: 'USERNAME'
    auth:
    pass: 'PASSWORD'
    proto: 'SHA'
    priv:
    pass: 'PASSWORD'
    proto: 'AES'

Configuration from Cisco switches:

snmp-server view snmp-v3-ReadOnly-View internet included
snmp-server view snmp-v3-ReadOnly-View lldpObjects included
snmp-server view snmp-v3-ReadOnly-View cisco included
snmp-server group snmp-v3-ReadOnly v3 auth context vlan- match prefix
snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server group snmp-v3-ReadOnly v3 priv read snmp-v3-ReadOnly-View
snmp-server user USERNAME snmp-v3-ReadOnly v3 auth sha PASSWORD priv aes 128 
PASSWORD
snmp-server group snmp-v3-ReadOnly v3 auth
(There is also an access list allowing access)

Result of netdisco-do -D discover -d:

itservices@netdisco:~/netdisco/config$ sudo docker-compose run netdisco-do -D 
discover -d 10.10.80.80
Creating itservices_netdisco-do_run ... done
Attempting to create directory /home/netdisco/perl5
[1] 2024-06-26 22:38:59  info App::Netdisco version 2.072003 loaded.
[1] 2024-06-26 22:38:59  info discover: [10.10.80.80] started at Wed Jun 26 
22:38:59 2024
[1] 2024-06-26 22:39:00 debug discover: running with timeout 600s
[1] 2024-06-26 22:39:00 debug => running workers for phase: check
[1] 2024-06-26 22:39:00 debug -> run worker check/1000000 
"internal::backendfqdn"
[1] 2024-06-26 22:39:00 debug -> run worker check/1000000 
"internal::snmpfastdiscover"
[1] 2024-06-26 22:39:00 debug running with configured SNMP timeouts
[1] 2024-06-26 22:39:00 debug -> run worker check/0 "discover"
[1] 2024-06-26 22:39:00 debug Discover is able to run.
[1] 2024-06-26 22:39:00 debug => running workers for phase: early
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug snmp reader cache warm: [10.10.80.80]
[1] 2024-06-26 22:39:00 debug [10.10.80.80:161] try_connect with v: 3, t: 0.2, 
r: 0, class: SNMP::Info, comm: <hidden>
Error: passphrase chosen is below the length requirements of the USM (min=8).
[1] 2024-06-26 22:39:00 debug [10.10.80.80:161] try_connect with v: 3, t: 3, r: 
2, class: SNMP::Info, comm: <hidden>
Error: passphrase chosen is below the length requirements of the USM (min=8).
[1] 2024-06-26 22:39:00 debug discover failed: could not SNMP connect to 
10.10.80.80
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug -> run worker early/100 "discover::properties"
[1] 2024-06-26 22:39:00 debug => running workers for phase: main
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::canonicalip"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::entities"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::neighbors"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::neighbors::docsis"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::neighbors::routed"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::portpower"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::portproperties"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 
"discover::portproperties::portaccessentity"
[1] 2024-06-26 22:39:00 debug pae failed: could not SNMP connect to 10.10.80.80
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::properties::tags"
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::properties::tags"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::vlans"
[1] 2024-06-26 22:39:00 debug -> run worker main/100 "discover::wireless"
[1] 2024-06-26 22:39:00 debug -> run worker main/0 "discover::withnodes"
[1] 2024-06-26 22:39:00 debug => running workers for phase: late
[1] 2024-06-26 22:39:00 debug -> run worker late/0 "discover::hooks"
[1] 2024-06-26 22:39:00 debug  [10.10.80.80] hooks - skipping due to incomplete 
job
[1] 2024-06-26 22:39:00 debug -> run worker late/0 "discover::snapshot"
[1] 2024-06-26 22:39:00 debug discover failed: could not SNMP connect to 
10.10.80.80
[1] 2024-06-26 22:39:00  info discover: finished at Wed Jun 26 22:39:00 2024
[1] 2024-06-26 22:39:00  info discover: status defer: discover failed: could 
not SNMP connect to 10.10.80.80
ERROR: 1

External e-mail, be judicious when opening attachments or links

--- End Message ---

_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users

netdisco-users Digest, Vol 214, Issue 1

Reply via email to