Hi folks,
Trying to add a test switch into check_mk.
It’s a Cisco C9200-48P, with IOS XE 16.11.01.
Have set up the following on the switch so far, with help from this guide:
(config)#ip access-list standard SNMP-ACL
permit IP_OF_CHECK_MK_INSTANCE
(config)#snmp-server view v3view interfaces included
(config)#snmp-server view v3view internet included
(config)#snmp-server view v3view chassis included
(config)#snmp-server view v3view system included
(config)#snmp-server view v3view mib-2 included
(config)#snmp-server group GROUP_NAME v3 priv read v3view access SNMP-ACL
(config)#snmp-server user USER_NAME GROUP_NAME v3 auth sha PASSWORD1 priv aes 128 PASSWORD2
(config)#snmp-server host IP_OF_CHECK_MK_INSTANCE version 3 priv USER_NAME
(config)#snmp-server engineID remote IP_OF_CHECK_MK_INSTANCE {engine ID returned by command “sh snmp engineID”}
In WATO this switch is defined with DNS name, IP, “No agent”, SNMPv2 or v3 chosen and the following SNMP credential options:
- Security level: authentication and encryption
- Authentication protocol: SHA-1 (SHA-96) (had to try every option, can’t find anywhere an agreed setting for Cisco switches)
- security name: the username defined on the switch config
- Auth password, privacy pass phrase: PASSWORD1 and PASSWORD2 defined on the switch config
- Privacy protocol: AES-128
Now, ICMP and SNMP are allowed on the firewalls between the check_mk instance and the switch’s management interface.
Ping checks work fine.
But the service checks return the following error:
CRIT - no unmonitored services found, no vanished services found, no new host labels, [snmp] Cannot fetch system description OID .1.3.6.1.2.1.1.1.0. Please check your SNMP configuration. Possible reason might be: Wrong credentials, wrong SNMP version, Firewall rules, etc.
In this host’s diagnostic page, SNMPv3 section, I get the following:
SNMP Error on {switch DNS name} while walking .1.3.6.1.2.1.1.1. Normally this is caused by a device sending invalid SNMP responses (Details: Unknown user name (0/-33)).
From here, I have no clue what to do next.
Any ideas?