SNMPv3 is not working

Arturo5
Kilo Explorer

‎04-23-2020 11:19 AM

Hi All,

I'm starting with Discovery, and i'm trying to discover switches and routers with snmpv3 credentials, i have enabled mid.snmp.use_snmp_v3, i have created the credentials and are valid, i have increase the request timeout and session timeout way to high, i have made a snmpv3 walk from the mid server and is working, however i'm still getting "SNMP probe timed out. Target is either unreachable or there are no valid credentials for it" error

 

do you have face this issue before, what else can i try?

 

Thanks,

Labels:
0 Helpfuls
  • 2,897 Views
4 REPLIES 4

DaveHertel
Kilo Sage
Kilo Sage

‎04-24-2020 11:46 AM

Hi -- you didn't mention how you are launching the job.  Via a schedule? or quick discovery...?

If via a scheduled job, note the DEFAULT snmp uses v1/v2.  So if you need v3 and have verified the credential works, then look at scheduled job.  you may have to add the field to the form.  then set it to either "All" or "v3"

find_real_file.png

 

Hope this helps??

Preview file
9 KB

Arturo5
Kilo Explorer

‎04-25-2020 10:48 AM

hi Dave,

 

I've tried all methods, quick discovery, schedule, debug pattern and all gives me the same result, in the schedule job I've selected only snmpv3 to force it but unfortunately no success, 

 

Thanks 

0 Helpfuls

chuckm
Giga Guru

‎04-25-2020 11:54 AM

I ran into the same issue - you might check if you are using AES256 in the credential Privacy Protocol in the SNMPv3 credential - there is a known defect when setting the Privacy protocol to AES256 for switch patterns.

find_real_file.png

A work around is to set the Privacy protocol AES192. The issue is fixed in Madrid Patch 8, New York Patch 2 or Orlando. More detail is in the following knowledge articles:

KB0779871

CISCO SNMP router / switch - timeout in Classify/ Identification phase - troubleshooting

You have to read toward the bottom of the KB to where it discusses the "Further troubleshooting of the credential we found that if we reduced to AES128 we no longer saw the problem."  It is a known issue and identifies the releases of ServiceNow the issue is fixed in.

-There is a known issue regarding CISCO and AES256: PRB1348201 which is fixed in Madrid Patch 8, New York Patch 2, Orlando.

-The workaround is to use AES128 on the permission for CISCO Switch.

KB0754325

Network Switch Pattern fails on Cisco Catalyst 3750 using SNMPv3 using SNMPv3 AES 256

Another KB article for troubleshooting SNMP discovery issues:

KB0696727

MID Server SNMP Troubleshooting

Preview file
30 KB

Arturo5
Kilo Explorer

‎04-25-2020 06:11 PM

Thanks chuckm, I'll check that, the credential I used is AES128, however I will double check this, Regards
0 Helpfuls