SNMPv3 secLevel parameter needed
grshea opened this issue · comments
When trying to poll SNMPv3 devices the secLevel parameter is needed to poll successfuly.
From command line
Without secLevel
snmpwalk -v3 -a SHA1 -A RandomAuthPass -u wbfwl02aSNMP -x AES128 -X RandomPrivPass 10.99.255.114 sysName.0
Error in packet.
Reason: authorizationError (access denied to that object)
With secLevel
snmpwalk -v3 -l authPriv -a SHA1 -A RandomAuthPass-u wbfwl02aSNMP -x AES128 -X RandomPrivPass10.99.255.114 sysName.0
SNMPv2-MIB::sysName.0 = STRING: WBFWL-02a
@grshea - would you recommend this as more of a documentation update as it is related to SNML CLI utilities and probably less likely to be SC4SNMP components or a bug?
Hello Gregory,
I've investigated the secLevel parameter.
Even though there's no secLevel option to configure, the secLevel is actually being set under the hood.
For creation of SNMP v3 security model the UsmUserData
class from pysnmp python package is being used (https://github.com/etingof/pysnmp/blob/master/pysnmp/hlapi/v3arch/auth.py)
Inside the class, secLevel is calculated based on parameters given in config.yaml.
- snmpwalk v3 example with authentication, but no encryption
config.yaml example:
usernames:
splunker:
authProtocol: SHA
authKey: changeme
In this case secLevel is authNoPriv.
- snmpwalk v3 example with authentication and encryption
config.yaml example:
usernames:
splunker:
authProtocol: SHA
authKey: changeme
privProtocol: AES
privKey: changeme
In this case secLevel is authPriv.
- snmpwalk v3 example without authentication and encryption
config.yaml example:
usernames:
splunker:
In this case secLevel is noAuthNoPriv.
Regards,
Olga