Trying to configure traffic/bandwidth monitoring on a Cisco 2921 router, config below as well as error from SNMP tester.

SNMP has not been tested with this device previously. 

Cisco router config:
snmp-server group prtg v3 auth read iso write ALL_ALLOW
snmp-server view ALL_ALLOW iso included
snmp-server user prtg prtg v3 auth md5 test123test priv aes 128 test123test

ROUTER#sh snmp user
User name: prtg
Engine ID: 123456789
storage-type: nonvolatile        active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: prtg

ROUTER#sh snmp group
groupname: prtg                             security model:v3 auth
contextname: <no context specified>         storage-type: nonvolatile
readview : iso                              writeview: ALL_ALLOW
notifyview: <no notifyview specified>
row status: active

SNMP tester error:
----------------------- New Test -----------------------
Paessler SNMP Tester 5.2.3 Computername: TAG9977 Interface: 172.16.129.94
3/14/2018 11:12:51 AM (2 ms) : Device: 172.16.127.1
3/14/2018 11:12:51 AM (4 ms) : SNMP V3
3/14/2018 11:12:51 AM (5 ms) : Uptime
3/14/2018 11:12:51 AM (189 ms) : SNMP Datatype: SNMP_EXCEPTION_NOSUCHOBJECT
3/14/2018 11:12:51 AM (191 ms) : -------
3/14/2018 11:12:51 AM (192 ms) : DISMAN-EVENT-MIB::sysUpTimeInstance = No such object (SNMP error # 222) ( 0 seconds )
3/14/2018 11:12:51 AM (403 ms) : SNMP Datatype: SNMP_EXCEPTION_NOSUCHOBJECT
3/14/2018 11:12:51 AM (404 ms) : HOST-RESOURCES-MIB::hrSystemUptime.0 = No such object (SNMP error # 222) ( 0 seconds )
3/14/2018 11:12:51 AM (406 ms) : Done

Any help would be greatly appreciated. Do I need to associate with an access list?

Article Comments

No, you shouldn't have to add it to an ACL. That's the point of having separate authentication and encryption.

The error is a weird as it indicates it authenticated, but couldn't find uptime.

Can you try one of the other options in the SNMP tester? Maybe try List Interfaces?


Mar, 2018 - Permalink

Sure, here is the result:

----------------------- New Test -----------------------
Paessler SNMP Tester 5.2.3 Computername: computername Interface: 1.1.1.1
3/15/2018 8:24:08 AM (2 ms) : Device: 2.2.2.2 (destination device trying to monitor, on a different subnet, can ping from 1.1.1.1)
3/15/2018 8:24:08 AM (3 ms) : SNMP V3
3/15/2018 8:24:08 AM (3 ms) : Scaninterfaces
Scanning Standard Interfaces...
3/15/2018 8:24:08 AM Start Scan
3/15/2018 8:24:08 AM Host: 2.2.2.2
3/15/2018 8:24:08 AM Community: public
3/15/2018 8:24:08 AM SNMP Version: V3
3/15/2018 8:24:08 AM Delay: 0
3/15/2018 8:24:08 AM Force32: No
3/15/2018 8:24:08 AM Single Get: No
3/15/2018 8:24:08 AM GET: 1.3.6.1.2.1.1.3.0
3/15/2018 8:24:08 AM Try 1
3/15/2018 8:24:09 AM DoRequest 0
3/15/2018 8:24:09 AM Init Session
3/15/2018 8:24:09 AM Host: 2.2.2.2:161
3/15/2018 8:24:09 AM Timeout: 2000000
3/15/2018 8:24:09 AM Version: 3
3/15/2018 8:24:09 AM Generate KU
3/15/2018 8:24:09 AM Open Session
3/15/2018 8:24:09 AM Send Request
3/15/2018 8:24:09 AM Send Done
3/15/2018 8:24:09 AM Start 53974048
3/15/2018 8:24:09 AM Done 53974048 Status=0
3/15/2018 8:24:09 AM 0 SNMP_ERR_NOSUCHOBJECT
3/15/2018 8:24:09 AM DoRequest 1
3/15/2018 8:24:09 AM Init Session
3/15/2018 8:24:09 AM Host: 2.2.2.2:161
3/15/2018 8:24:09 AM Timeout: 2000000
3/15/2018 8:24:09 AM Version: 3
3/15/2018 8:24:09 AM Generate KU
3/15/2018 8:24:09 AM Open Session
3/15/2018 8:24:09 AM Send Request
3/15/2018 8:24:09 AM Send Done
3/15/2018 8:24:09 AM Start 53711832
3/15/2018 8:24:09 AM Done 53711832 Status=0
3/15/2018 8:24:09 AM 0 SNMP_ERR_NOSUCHOBJECT
Result: #O244

Found standard interfaces:
No standard interfaces found

Mar, 2018 - Permalink

Can I see a screenshot of the configuration you have the SNMP Tester for SNMPv3?


Mar, 2018 - Permalink

Hi, here's an image of the snmp tester settings. 1.1.1.1 is the device where PRTG is installed on, 2.2.2.2 is the remote devices I'm trying to monitor (it's in a different subnet on the same network, traffic goes over internal dmvpn tunnel).

snmptester

And here's the router config again because I feel bad it wasn't formatted in the original post and I'm getting an error when trying to edit lol.

Cisco router config:
snmp-server group prtg v3 auth read iso write ALL_ALLOW
snmp-server view ALL_ALLOW iso included
snmp-server user prtg prtg v3 auth md5 test123test priv aes 128 test123test


ROUTER#sh snmp user
User name: prtg
Engine ID: 123456789
storage-type: nonvolatile active
Authentication Protocol: MD5
Privacy Protocol: AES128
Group-name: prtg


ROUTER#sh snmp group
groupname: prtg security model:v3 auth
contextname: <no context specified> storage-type: nonvolatile
readview : iso writeview: ALL_ALLOW
notifyview: <no notifyview specified>
row status: active


Mar, 2018 - Permalink

Hi - I'm not sure if my other reply was approved or not, below is a screenshot of snmp tester settings.

Image description


Mar, 2018 - Permalink

Does this router have any other layer 3 interfaces on it that you can try?

Are you running any ACLs on it?


Mar, 2018 - Permalink

Hi, looks like the images aren't embedding properly here's the direct link if you want to take a look https://imgur.com/a/UxVeK

Yes the router does have ACL's on it, however this traffic should be routing through internal vpn tunnels which should allow communication between the server and the router.


Mar, 2018 - Permalink

Everything looks OK.

Can you run a traceroute from the PRTG server to this device? Make sure nothing along the route is impeding or altering the data.


Mar, 2018 - Permalink

Hi Benjamin, I ran a traceroute and it completed successfully, from the local router to the tunnel interface, and then the remote router.


Mar, 2018 - Permalink

Is there a reason you are using SNMPv3?

Could we try this with a readonly SNMPv2c community and see if it works?

Then we could atleast rule out whether it's a path issue or a config issue.


Mar, 2018 - Permalink