在IOS上的SNMPv3上下文似乎不适用于

Question

我们最近转向了SNMPV3，并经历了这样的问题，即在素数中没有可用的客户端数据。因此，我们快速地阅读了我们需要添加到设备配置中的SNMP上下文，这样素才能获得正确的数据。这对于IOS来说很好。但到目前为止，我们在IOS-XE上还没有任何进展。这是在我们的2960 X型号上工作的配置：

snmp-server group COMPANY v3 priv context vlan- match prefix read COMPANY

当我们发布snmp组和上下文时，我们得到：

switch#show snmp group 
groupname: COMPANY                          security model:v3 priv 
contextname: <no context specified>         storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-                          storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

switch#show snmp context 
vlan-1
vlan-10
vlan-11
vlan-20

因此，如果我们检查IOS的配置，它看起来是一样的，但是它根本不起作用。没有任何客户端连接到任何IOS设备，这些设备都是以素数显示的。我们有不同的型号开关，如:思科催化剂3850和9200。我们尝试使用每个Vlan的上下文，但这也没有帮助：

snmp-server group COMPANY v3 priv context vlan-1 read COMPANY 
snmp-server group COMPANY v3 priv context vlan-10 read COMPANY 
snmp-server group COMPANY v3 priv context vlan-11 read COMPANY 
snmp-server group COMPANY v3 priv context vlan-20 read COMPANY 

switch#show snmp group                   
groupname: COMPANY                          security model:v3 priv 
contextname: <no context specified>         storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-1                         storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-10                        storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-11                        storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-20                        storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

switch#show snmp context 
vlan-1
vlan-10
vlan-11
vlan-20

我尝试使用默认的readview，因为我已经看到一些配置使用v1default：

snmp-server group COMPANY v3 priv read COMPANY
snmp-server group COMPANY v3 priv context vlan- match prefix 

switch#show snmp group 
groupname: COMPANY                          security model:v3 priv 
contextname: <no context specified>         storage-type: nonvolatile
readview : COMPANY                          writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

groupname: COMPANY                          security model:v3 priv 
contextname: vlan-                          storage-type: nonvolatile
readview : v1default                        writeview: <no writeview specified>        
notifyview: <no notifyview specified>       
row status: active

到目前为止没有什么帮助。我在网上找不到有同样问题的人，所以我把这个放在这里。如果有人能够给出正确的字符串(OID)，我可能会用SNMP客户端来测试这个字符串，看看这两个操作系统之间的响应是否不同。

Answer 1

我找到了解决办法。诀窍是不要把read社区放在命令中。因此，我们将其部署到所有IOS和IOS交换机中，它适用于所有Vlans：

snmp-server group COMPANY v3 priv context vlan- match prefix

质数内部也有一个奇怪的时间问题，这使得很难验证配置。