Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure) (1033 Views)
Reply
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 1 of 14 (1,125 Views)

Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Since converting our network to SNMP V3 I am no longer able to query devices from the CLI only the GUI.  I can query V2 devices from the nnmsnmpwalk command but not V3.  I am running NNM on Linux and Solaris and I receive the same error.  My command entry is

 

./nnmsnmpwalk.ovpl -A < Authentication Passphrase> -X <Privacy Passphrase> -a SHA -v 3 <username> -x AES <IPADDR>

 

My entry returns

 

"SNMPv3 authentication failure for the SNMP agent at <ip Address>

 

V2 works with no issues and I can query all my SNMP V3 devices from the GUI.  I am running 9.23

HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 2 of 14 (1,111 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I noticed the following in your snmp command:

 

./nnmsnmpwalk.ovpl -A < Authentication Passphrase> -X <Privacy Passphrase> -a SHA -v 3 <username> -x AES <IPADDR>

 

It looks like you really want "-v3u <username>"

 

From the nnmsnmpwalk.ovpl reference pages:

 

 -v version
           Requests the script to use a specific version of SNMP to communicate with the remote
           node. Valid choices for version are 1, 2c, or 3.

 

 -v3u SNMPv3 user name
           SNMPv3 security name (for example, testV3user

 

Please try the the command with "-v3u" and see if it works.

 

 

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 3 of 14 (1,106 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I tried that also and receive this error

 

./nnmsnmpwalk.ovpl -A <Passphrase> -X <Key> -a SHA -v3u READ-USER -x AES x.x.x.x

 

SNMPv# Authentication failure for the SNMP agent at x.x.x.x

 

 

 

HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 4 of 14 (1,104 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

What version and patch are you using?

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 5 of 14 (1,102 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

9.2 Patch level 4
Honored Contributor
LindsayHill
Posts: 732
Registered: ‎11-16-2011
Message 6 of 14 (1,083 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

What happens if you use snmpwalk (i.e. from the net-snmp packages, NOT nnmsnmpwalk.ovpl distributed with NNMi)
CCIE 36708 | @northlandboy | lkhill.com
Respected Contributor
Bharath M R
Posts: 410
Registered: ‎03-10-2010
Message 7 of 14 (1,072 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

 

Hi,

 

          Be sure to use both "-v 3"  &   "-v3u" in the command. Below is the format.

 

/opt/OV/bin/nnmsnmpwalk.ovpl -u [NNMi_user] -p [NNMi_password] -v 3 -v3u [snmpv3_username] -a MD5 -A [passphrase] -x DES -X [passphrase]   <IP_Address>

 

 

Where :

-v3u SNMPv3 user name : SNMPv3 security name (for example, testV3user)

-a Authentication Protocol : SNMPv3 Authentication Protocol (MD5|SHA)

-A Authentication Passphrase : SNMPv3 Authentication Passphrase

-x Privacy Protocol : SNMPv3 Privacy Protocol (DES|3DES|AES|AES192|AES256) -

-X Privacy Passphrase : SNMPv3 Privacy Passphrase

Thanks,
Bharath
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 8 of 14 (1,064 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

  1. I could not find the net-snmp package installed on my LNUX machine.  I will need to work to get it loaded
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 9 of 14 (1,063 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Tried that also and I get a return "SNMPv# authentication failure for the SNMP agent at x.x.x.x I can run the same command on other LINUX servers without issues and this works fine from the Actions Polling in the GUI
HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 10 of 14 (1,053 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I tried a simple test in my lab using a cisco catalyst 7260 Router.

 

Here are the SNMPV3 set-up commands I used:

 

snmp-server view NORMAL iso included
snmp-server group NORMAL v3 priv read NORMAL write NORMAL
snmp-server user NORMAL NORMAL v3 auth sha CISCO priv aes 128 CISCO
snmp-server enable traps snmp linkup linkdown
snmp-server host <ip of trap receiver> traps version 3 priv NORMAL

 

Here is the snmpwalk command:

 

# nnmsnmpwalk.ovpl -A CISCO -X CISCO -a SHA -v3u NORMAL -x AES myrtr.mynet.com


sysDescr.0 : OCTET STRING- (ascii): Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Fri 10-Oct-08 10:10 by prod_rel_team
sysObjectID.0 : OBJECT IDENTIFIER: .1.3.6.1.4.1.9.1.222
sysUpTime.0 : Timeticks: (92021) 0:15:20.21
sysContact.0 : OCTET STRING- (ascii): System Admin

sysName.0 : OCTET STRING- (ascii): myrtr
sysLocation.0 : OCTET STRING- (ascii): RTR-LAB
sysServices.0 : INTEGER: 78
sysORLastChange.0 : Timeticks: (0) 0:00:00.00
interfaces.ifNumber.0 : INTEGER: 15
interfaces.ifTable.ifEntry.ifIndex.1 : INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 : INTEGER: 2
...

 

There were no acl's defined.  It was a very simple SNMPV3 set-up.  The nnmsnmpwalk.ovpl worked fine from an NNMi 9.2 patch 4 system.

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Honored Contributor
LindsayHill
Posts: 732
Registered: ‎11-16-2011
Message 11 of 14 (1,050 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Do you have any special characters in either of your passphrases?

 

I don't think that there's anything specifically wrong with nnmsnmpwalk.ovpl, but I think that possibly you're using some special characters, and the shell is interpreting them before passing them to nnmsnmpwalk.ovpl. That leads to authentication failures.

CCIE 36708 | @northlandboy | lkhill.com
Regular Advisor
David Pavlow
Posts: 152
Registered: ‎05-19-2004
Message 12 of 14 (1,045 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

That is the same command I ran and still receive the authentication error.  If I run the same from the GUI "Actions" "Polling" Status and Configuration Poll it returns the poll alghough it takes some time to return.

 

I have numerous SNMP V3 user's in my network and I am working to create Regions to force polling on particular SNMP users. 

Honored Contributor
LindsayHill
Posts: 732
Registered: ‎11-16-2011
Message 13 of 14 (1,037 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Definitely sounds like special character handling issues then.
CCIE 36708 | @northlandboy | lkhill.com
Honored Contributor
ramesh9
Posts: 1,084
Registered: ‎04-19-2011
Message 14 of 14 (1,033 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Try this,

 

nnmsnmpwalk.ovpl -v 3 -v3u READ-USER -a SHA -A <Passphrase> -x AES -X <Key> x.x.x.x

 

If this fails then definitely there is a authentication problem.

 

Also you had mentioned that if you run GUI actions->Status polling or configuration poll it runs.

 

I suspect it can run if you had defined SNMPv2 Community strings for the same device or Default SNMPv2 community strings defined.

 

Please check that in Communication configuration->Specific Node Settings or Default SNMPv1/v2 Community strings tab.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.