Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure) (647 Views)
Reply
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 1 of 14 (739 Views)

Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Since converting our network to SNMP V3 I am no longer able to query devices from the CLI only the GUI.  I can query V2 devices from the nnmsnmpwalk command but not V3.  I am running NNM on Linux and Solaris and I receive the same error.  My command entry is

 

./nnmsnmpwalk.ovpl -A < Authentication Passphrase> -X <Privacy Passphrase> -a SHA -v 3 <username> -x AES <IPADDR>

 

My entry returns

 

"SNMPv3 authentication failure for the SNMP agent at <ip Address>

 

V2 works with no issues and I can query all my SNMP V3 devices from the GUI.  I am running 9.23

Please use plain text.
HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 2 of 14 (725 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I noticed the following in your snmp command:

 

./nnmsnmpwalk.ovpl -A < Authentication Passphrase> -X <Privacy Passphrase> -a SHA -v 3 <username> -x AES <IPADDR>

 

It looks like you really want "-v3u <username>"

 

From the nnmsnmpwalk.ovpl reference pages:

 

 -v version
           Requests the script to use a specific version of SNMP to communicate with the remote
           node. Valid choices for version are 1, 2c, or 3.

 

 -v3u SNMPv3 user name
           SNMPv3 security name (for example, testV3user

 

Please try the the command with "-v3u" and see if it works.

 

 

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Please use plain text.
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 3 of 14 (720 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I tried that also and receive this error

 

./nnmsnmpwalk.ovpl -A <Passphrase> -X <Key> -a SHA -v3u READ-USER -x AES x.x.x.x

 

SNMPv# Authentication failure for the SNMP agent at x.x.x.x

 

 

 

Please use plain text.
HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 4 of 14 (718 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

What version and patch are you using?

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Please use plain text.
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 5 of 14 (716 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

9.2 Patch level 4
Please use plain text.
Honored Contributor
LindsayHill
Posts: 713
Registered: ‎11-16-2011
Message 6 of 14 (697 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

What happens if you use snmpwalk (i.e. from the net-snmp packages, NOT nnmsnmpwalk.ovpl distributed with NNMi)
CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
Respected Contributor
Bharath M R
Posts: 407
Registered: ‎03-10-2010
Message 7 of 14 (686 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

 

Hi,

 

          Be sure to use both "-v 3"  &   "-v3u" in the command. Below is the format.

 

/opt/OV/bin/nnmsnmpwalk.ovpl -u [NNMi_user] -p [NNMi_password] -v 3 -v3u [snmpv3_username] -a MD5 -A [passphrase] -x DES -X [passphrase]   <IP_Address>

 

 

Where :

-v3u SNMPv3 user name : SNMPv3 security name (for example, testV3user)

-a Authentication Protocol : SNMPv3 Authentication Protocol (MD5|SHA)

-A Authentication Passphrase : SNMPv3 Authentication Passphrase

-x Privacy Protocol : SNMPv3 Privacy Protocol (DES|3DES|AES|AES192|AES256) -

-X Privacy Passphrase : SNMPv3 Privacy Passphrase

Thanks,
Bharath
Please use plain text.
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 8 of 14 (678 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

  1. I could not find the net-snmp package installed on my LNUX machine.  I will need to work to get it loaded
Please use plain text.
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 9 of 14 (677 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Tried that also and I get a return "SNMPv# authentication failure for the SNMP agent at x.x.x.x I can run the same command on other LINUX servers without issues and this works fine from the Actions Polling in the GUI
Please use plain text.
HP Expert
DSimon
Posts: 83
Registered: ‎04-04-2011
Message 10 of 14 (667 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

I tried a simple test in my lab using a cisco catalyst 7260 Router.

 

Here are the SNMPV3 set-up commands I used:

 

snmp-server view NORMAL iso included
snmp-server group NORMAL v3 priv read NORMAL write NORMAL
snmp-server user NORMAL NORMAL v3 auth sha CISCO priv aes 128 CISCO
snmp-server enable traps snmp linkup linkdown
snmp-server host <ip of trap receiver> traps version 3 priv NORMAL

 

Here is the snmpwalk command:

 

# nnmsnmpwalk.ovpl -A CISCO -X CISCO -a SHA -v3u NORMAL -x AES myrtr.mynet.com


sysDescr.0 : OCTET STRING- (ascii): Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(22)T, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2008 by Cisco Systems, Inc.

Compiled Fri 10-Oct-08 10:10 by prod_rel_team
sysObjectID.0 : OBJECT IDENTIFIER: .1.3.6.1.4.1.9.1.222
sysUpTime.0 : Timeticks: (92021) 0:15:20.21
sysContact.0 : OCTET STRING- (ascii): System Admin

sysName.0 : OCTET STRING- (ascii): myrtr
sysLocation.0 : OCTET STRING- (ascii): RTR-LAB
sysServices.0 : INTEGER: 78
sysORLastChange.0 : Timeticks: (0) 0:00:00.00
interfaces.ifNumber.0 : INTEGER: 15
interfaces.ifTable.ifEntry.ifIndex.1 : INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 : INTEGER: 2
...

 

There were no acl's defined.  It was a very simple SNMPV3 set-up.  The nnmsnmpwalk.ovpl worked fine from an NNMi 9.2 patch 4 system.

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution, If you are satisfied with anyone’s response please remember to give them a KUDOS and show your appreciation.
Please use plain text.
Honored Contributor
LindsayHill
Posts: 713
Registered: ‎11-16-2011
Message 11 of 14 (664 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Do you have any special characters in either of your passphrases?

 

I don't think that there's anything specifically wrong with nnmsnmpwalk.ovpl, but I think that possibly you're using some special characters, and the shell is interpreting them before passing them to nnmsnmpwalk.ovpl. That leads to authentication failures.

CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
Regular Advisor
David Pavlow
Posts: 141
Registered: ‎05-19-2004
Message 12 of 14 (659 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

That is the same command I ran and still receive the authentication error.  If I run the same from the GUI "Actions" "Polling" Status and Configuration Poll it returns the poll alghough it takes some time to return.

 

I have numerous SNMP V3 user's in my network and I am working to create Regions to force polling on particular SNMP users. 

Please use plain text.
Honored Contributor
LindsayHill
Posts: 713
Registered: ‎11-16-2011
Message 13 of 14 (651 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Definitely sounds like special character handling issues then.
CCIE 36708 | @northlandboy | lkhill.com
Please use plain text.
Honored Contributor
ramesh9
Posts: 1,030
Registered: ‎04-19-2011
Message 14 of 14 (647 Views)

Re: Unable to query SNMP V3 devices From Command Line (Returns authentication failure)

Try this,

 

nnmsnmpwalk.ovpl -v 3 -v3u READ-USER -a SHA -A <Passphrase> -x AES -X <Key> x.x.x.x

 

If this fails then definitely there is a authentication problem.

 

Also you had mentioned that if you run GUI actions->Status polling or configuration poll it runs.

 

I suspect it can run if you had defined SNMPv2 Community strings for the same device or Default SNMPv2 community strings defined.

 

Please check that in Communication configuration->Specific Node Settings or Default SNMPv1/v2 Community strings tab.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation