How to specify SNMPv3 view mask? (cnMatrix EX2028-P firmware 2.1-r5)

Products cnMatrix
1

Hi, I'm trying to configure SNMPv3 on a cnMatrix EX2028-P (firmware 2.1-r5), but I can't create a view, and I think the problem is with the mask, but I'm not sure. Here are the values:

2020-01-06-081420_341x231_scrot.png

But when I clock Add it shows me:

2020-01-06-081501_663x189_scrot.png

I provides no info about where o what the error is. How can I create the view?

Any help would be appreciated.

Regards,

2

Hi,

To create a view you also need to create Group and Group Access entries. Please see attached screenshots.

Required parameters:

1) The Group Name in Group Access entry must match the Group Name in Group entry

2) The View Name in View entry must match the Read View/Write View/Notify View fields in Group Access entry

3

Hi, thanks for the quick reply, it works.

But the configuration is really awkward, I have to create a "Group Access" specifing a view that does not exist to be able to create it later (???), it is strange at least. It would be great if this info could be added to the cnMatrix manual.

Regards,

4

Hi, although I could create the view but I still can't get SNMPv3 working. I find it a bit complicated to understand . The manual and the SNMP tab fields.pdf are of little help, what would be the full steps to configure an group, user, and view to get SNMPv3 working?

Thanks,

5

Hello,

Looks like v3 user is missing in your configuration. However, there appears to be an issue with creating v3 user using our Web GUI, and we are looking into it. Meanwhile I am providing example of CLI commands that would achieve the same requirement. You need to establish ssh connection to the switch to execute the CLI commands.

Create SNMPv3 user ("testmgrsecret") with encrypted (both authentication 
and privacy is enabled) read access to the standard "mib-2" (1.3.6.1.2.1.48) 
and write access to the standard "system" MIB group (1.3.6.1.2.1.1). No 
other MIB data is accessible.

EX2010-EC9A21# con t

EX2010-EC9A21(config)# snmp user testmgrsecret auth sha256 cnmatrix priv AES_CFB256 switches

EX2010-EC9A21(config)# snmp group privteam user testmgrsecret security v3

EX2010-EC9A21(config)# snmp access privteam v3 priv read mib2 write system

EX2010-EC9A21(config)# snmp view mib2 1.3.6.1.2.1 included

EX2010-EC9A21(config)# snmp view system 1.3.6.1.2.1.1 included




EX2010-EC9A21# show snmp user


Engine ID               : 80.00.08.1c.04.46.53

User                    : testmgr

Authentication Protocol : None

Privacy Protocol        : None

Storage Type            : Nonvolatile

Row Status              : Active


Engine ID               : 80.00.08.1c.04.46.53

User                    : noAuthUser

Authentication Protocol : None

Privacy Protocol        : None

Storage Type            : Nonvolatile

Row Status              : Active


Engine ID               : 80.00.08.1c.04.46.53

User                    : templateMD5

Authentication Protocol : MD5

Privacy Protocol        : None

Storage Type            : Nonvolatile

Row Status              : Active


Engine ID               : 80.00.08.1c.04.46.53

User                    : templateSHA

Authentication Protocol : SHA

Privacy Protocol        : AES_CFB128

Storage Type            : Nonvolatile

Row Status              : Active


Engine ID               : 80.00.08.1c.04.46.53

User                    : testmgrsecret

Authentication Protocol : SHA256

Privacy Protocol        : AES_CFB256

Storage Type            : Nonvolatile

Row Status              : Active


EX2010-EC9A21# show snmp group


Security Model : v1

Security Name  : none

Group Name     : iso

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v1

Security Name  : readOnly

Group Name     : isoReadOnly

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v2c

Security Name  : none

Group Name     : iso

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v2c

Security Name  : readOnly

Group Name     : isoReadOnly

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v3

Security Name  : testmgr

Group Name     : testgrp

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v3

Security Name  : noAuthUser

Group Name     : noAuthUser

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v3

Security Name  : templateMD5

Group Name     : noAuthUser

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v3

Security Name  : templateSHA

Group Name     : noAuthUser

Storage Type   : Nonvolatile

Row Status     : Active


Security Model : v3

Security Name  : testmgrsecret

Group Name     : privteam

Storage Type   : Nonvolatile

Row Status     : Active


EX2010-EC9A21# show snmp group access


Group Name     : iso

Context Prefix :

Security Model : v1

Security Level : NoAuthentication

Read View      : iso

Write View     : iso

Notify View    : iso

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : iso

Context Prefix :

Security Model : v2c

Security Level : NoAuthentication

Read View      : iso

Write View     : iso

Notify View    : iso

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : testgrp

Context Prefix :

Security Model : v3

Security Level : NoAuthentication

Read View      : interfaces

Write View     :

Notify View    :

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : privteam

Context Prefix :

Security Model : v3

Security Level : Private

Read View      : mib2

Write View     : system

Notify View    :

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : noAuthUser

Context Prefix :

Security Model : v3

Security Level : NoAuthentication

Read View      : restricted

Write View     : restricted

Notify View    : restricted

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : noAuthUser

Context Prefix :

Security Model : v3

Security Level : Authentication

Read View      : iso

Write View     : iso

Notify View    : iso

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : noAuthUser

Context Prefix :

Security Model : v3

Security Level : Private

Read View      : iso

Write View     : iso

Notify View    : iso

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : isoReadOnly

Context Prefix :

Security Model : v1

Security Level : NoAuthentication

Read View      : iso

Write View     :

Notify View    :

Storage Type   : Nonvolatile

Row Status     : Active


Group Name     : isoReadOnly

Context Prefix :

Security Model : v2c

Security Level : NoAuthentication

Read View      : iso

Write View     :

Notify View    :

Storage Type   : Nonvolatile

Row Status     : Active


EX2010-EC9A21# show snmp viewtree


View Name    : iso

Subtree OID  : 1

Subtree Mask : 1

View Type    : Included

Storage Type : Nonvolatile

Row Status   : Active


View Name    : mib2

Subtree OID  : 1.3.6.1.2.1

Subtree Mask : 1.1.1.1.1.1

View Type    : Included

Storage Type : Nonvolatile

Row Status   : Active


View Name    : system

Subtree OID  : 1.3.6.1.2.1.1

Subtree Mask : 1.1.1.1.1.1.1

View Type    : Included

Storage Type : Nonvolatile

Row Status   : Active


View Name    : interfaces

Subtree OID  : 1.3.6.1.2.1.31

Subtree Mask : 1.1.1.1.1.1.1

View Type    : Included

Storage Type : Nonvolatile

Row Status   : Active


View Name    : restricted

Subtree OID  : 1

Subtree Mask : 1

View Type    : Included

Storage Type : Nonvolatile

Row Status   : Active

------------------------------  

6

Hi, this is a great reply, thank you so much, it works. It's a lot easier and simpler than the web interface.

Regards,