According to the admin guide and this mail : http://www.mail-archive.com/[email protected]/msg00661.html I try to make SNMPv3 work, but I dont have crypto on my Cisco 3560... So I try this :
On PacketFence: [IP of switch] type=Cisco::Catalyst_3560 mode=production vlans=10,20,30 normalVlan=10 registrationVlan=20 isolationVlan=30 SNMPVersion=3 SNMPEngineID = XXXXXXXXXXX (obtain with "show snmp engineid") SNMPUserNameRead=readUser SNMPAuthProtocolRead=MD5 SNMPAuthPasswordRead=authpwdread SNMPPrivProtocolRead= SNMPPrivPasswordRead= SNMPUserNameWrite=writeUser SNMPAuthProtocolWrite=MD5 SNMPAuthPasswordWrite=authpwdwrite SNMPPrivProtocolWrite= SNMPPrivPasswordWrite= SNMPVersionTrap=3 SNMPAuthProtocolTrap=MD5 SNMPAuthPasswordTrap=authpwdread SNMPPrivProtocolTrap= SNMPPrivPasswordTrap= Cisco 3560 config (ios : c3560-ipbase-mz.122-50.SE5.bin): service encryption snmp-server group readGroup v3 auth snmp-server group writeGroup v3 auth read v1default write v1default snmp-server user readUser readGroup v3 auth md5 authpwdread snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host "IP my PF Server" version 3 auth readUser port-security show snmp user's command : User name: readUser Engine ID: XXXXXXXXXXXXXXXXXXX storage-type: nonvolatile active Authentication Protocol: MD5 Group-name: readGroup User name: writeUser Engine ID: XXXXXXXXXXXXXXXXXXX storage-type: nonvolatile active Authentication Protocol: MD5 Group-name: writeGroup and show run command : snmp-server group readGroup v3 auth notify *tv.00000000.00000000.00000000.000002000F snmp-server group writeGroup v3 auth write v1default snmp-server enable traps port-security snmp-server enable traps port-security trap-rate 1 snmp-server host "IP of PF" version 3 auth readUser port-security When I am restarting PackteFence I have some warning about switches.conf and this line : Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/pf/services/snmptrapd.pm line 92. Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/pf/services/snmptrapd.pm line 92. Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/pf/services/snmptrapd.pm line 92. Use of uninitialized value in concatenation (.) or string at /usr/local/pf/lib/pf/services/snmptrapd.pm line 92. So can I use SNMPv3 without AES or DES ? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
