CODEWITHSUNDEEP
perlsnmpnet-snmp
Burkhard
Burkhard

Reputation: 14738

SNMP v3 with NET::SNMP working, but snmpwalk/snmpget not?

I have the following (working) perl script:

use Net::SNMP;

 # create session to the host
 my ($session, $error) = Net::SNMP->session(
                -hostname => $hostname,
                -version => 'snmpv3',
                -username => 'my_user_name',
                -authkey => 'my_authkey',#actually, here stands the real authkey as configured on the switch
                -privkey => 'my_privkey',#same as on switch
                -authprotocol => 'sha',
                -privProtocol => 'des'
        );
        if (!defined($session)) {
            print $error . "\n";
                last;
        }

        # retrieve a table from the remote agent
        my $result = $session->get_table(
                -baseoid => $MAC_OID
        );

        if (!defined($result)) {
                print $session->error . "\n";
                $session->close;
                last;
        }
#print out the result of the snmp query
#....

Now I wanted to use snmpwalk or snmpget with the same keys. For that, I created a snmp.conf file in .snmp of my home directory with the following content:

defSecurityName my_user_name
defContext ""
defAuthType SHA
defSecurityLevel authPriv
defAuthPassphrase my_auth_key here
defVersion 3
defPrivPassphrase my_privkey here
defPrivType DES

As I see it, I use the same credentials in the script and for snmpget. Why do I get snmpget: Authentication failure (incorrect password, community or key) ?

Upvotes: 0

Views: 6829

Answers (2)

Lex Li
Lex Li

Reputation: 63264

That depends on the version of snmpget and snmpset you use. When I tested an older version of net-snmp against my C# based SNMP agent https://sharpsnmp.com I noticed that for SHA authen mode + DES privacy mode a bug prevented the net-snmp command line tools from generating the correct message bytes (the encryption is wrong so that no agent can decrypt it).

My suggestion is that you try to use Net::SNMP instead, as like you found out, it is not affected by the same bug.

Upvotes: 1

Wes Hardaker
Wes Hardaker

Reputation: 22262

Your problem is that you're using an authentication key for Net::SNMP and a password for the command-line net-snmp tools. Based on your Net::SNMP usage you're actually using 'localized' keys. Which means the right tokens for your snmp.conf file are:

defAuthLocalizedKey 0xHEXSTRING
defPrivLocalizedKey 0xHEXSTRING

See the snmp.conf manual page for further details.

Upvotes: 1

Related Questions