Ad Widget

Collapse

cannot connect Zabbix using SNMPv3 SHA protocol

Collapse
This topic has been answered.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • kitikant
    Junior Member
    • Oct 2024
    • 29
    #1

    cannot connect Zabbix using SNMPv3 SHA protocol

    Hi,
    I have confronted with a problem when I try to connect my device with ZBX by using SNMPv3 that the implemented authentication and privacy protocols are SHA and AES respectively. It can connect for a moment and then it appears that it cannot connect because of failed Authentication (incorrect password, community, key or duplication engine ID). However, it is fine when I use MD5 for authentication protocol. Click image for larger version Name: Screenshot 2024-11-12 104953.png Views: 0 Size: 34.7 KB ID: 494197
    Click image for larger version Name: Screenshot 2024-11-12 105201.png Views: 0 Size: 42.4 KB ID: 494198
    I've confirmed that the authen and priv password is completely correct. and the engine ID isn't duplicated, so could anyone point out what I am missing? I use Zabbix 7.0.4 on CentOS 9.
    Click image for larger version Name: Screenshot 2024-11-12 105232.png Views: 577 Size: 38.9 KB ID: 494199
    Last edited by kitikant; 13-11-2024, 04:27.
    Tags: None
    • Answer selected by kitikant at 28-11-2024, 04:38.
      kitikant
      Junior Member
      • Oct 2024
      • 29
      Get it
      Ok, I have found the cause.
      OMG, it just the Priv password that I use, it has "!", so it can connect some time but cannot poll info from the host leading to temporarily disconnect.
      Thank you cyber for your assistance and really useful information that help me to understand Zabbix better. Appreciate that.
      Thank you so much. Have a good day!
        • Selected Answer

        Comment

        • cyber
          Senior Member
          Zabbix Certified SpecialistZabbix Certified Professional
          • Dec 2006
          • 4806
          #2
          What? When you configure md5 in Zabbix and then it works? Then your password is md5 encrypted.. You cannot just change protocol and expect it to work... other side has to have same encryption... Or I misunderstood something?

          also are the protocol levels correct (256)? can you test from command line .. ?

            Comment

            • kitikant
              Junior Member
              • Oct 2024
              • 29
              #3
              Originally posted by cyber
              What? When you configure md5 in Zabbix and then it works? Then your password is md5 encrypted.. You cannot just change protocol and expect it to work... other side has to have same encryption... Or I misunderstood something?
              Actually, I don't know cuz I'm new for this field. The reason why I change the protocol because I have another device that allow just SHA protocol but right now, I cannot connect it with ZBX directly, so i use this device that used to connect via MD5 instead (just wanna check that using SHA protocol can work). At first, I thought there is no problem if I just change the authen protocol in ZBX cuz I also changed the authen protocol in the device, but if it is as ur suggestion, it means that I cannot change the protocol in the device that already be configured using other protocol before?

              Originally posted by cyber
              also are the protocol levels correct (256)? can you test from command line .. ?
              Sorry, could you guide me the command line to check that the protocol is the same level?
              Thank you for your suggestion, appreciate that.
              Last edited by kitikant; 14-11-2024, 04:49.

                Comment

                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4806
                  #4
                  If you changed on both sides to SHA, then of course, it should work... I could not tell, that you did it, from original post..
                  Which "level" your protocol has, should be defined on device side, when you set that password on device. I cannot tell you, what is the default for your devices...

                    Comment

                    • kitikant
                      Junior Member
                      • Oct 2024
                      • 29
                      #5
                      Originally posted by cyber
                      If you changed on both sides to SHA, then of course, it should work... I could not tell, that you did it, from original post..
                      Which "level" your protocol has, should be defined on device side, when you set that password on device. I cannot tell you, what is the default for your devices...
                      Get it.
                      On the device, there doesn't mention about the level of the protocol, it just has the available type of protocol like in Authen protocol has SHA and Priv protocol has AES and DES that all is provided.

                        Comment

                        • cyber
                          Senior Member
                          Zabbix Certified SpecialistZabbix Certified Professional
                          • Dec 2006
                          • 4806
                          #6
                          Then maybe device docs or support can tell you.. Quite often, when no numbers added, it settles for lowest possible.. ie. SHA1 and AES128...

                            Comment

                            • kitikant
                              Junior Member
                              • Oct 2024
                              • 29
                              #7
                              Okay, I already checked the protocol version that the device uses and then change the utilized protocol to match it with protocol in the device. However, it still be the same as before, can be connected for a while and then cannot and repeat this action in the circle. Therefore, I tried to check EngineID again to ensure that it is not duplicated by using Snmpwalk to device and then I get this info in the picture below,

                              Click image for larger version Name: Screenshot 2024-11-26 171008.png Views: 555 Size: 14.9 KB ID: 494934
                              which there is the same EngineID in different events, does this picture mean that they are duplicate EngineID on my device? if yes, do I really need to change it? cuz normally I cannot change it myself, I need to contact with the product's company

                                Comment

                                • cyber
                                  Senior Member
                                  Zabbix Certified SpecialistZabbix Certified Professional
                                  • Dec 2006
                                  • 4806
                                  #8
                                  Engine ID is per device, not per event... If you get same value from different OID-s but from same host, it should be OK...

                                    Comment

                                    • kitikant
                                      Junior Member
                                      • Oct 2024
                                      • 29
                                      #9
                                      Get it
                                      Ok, I have found the cause.
                                      OMG, it just the Priv password that I use, it has "!", so it can connect some time but cannot poll info from the host leading to temporarily disconnect.
                                      Thank you cyber for your assistance and really useful information that help me to understand Zabbix better. Appreciate that.
                                      Thank you so much. Have a good day!
                                        • Selected Answer

                                        Comment

                                        Previous template Next
                                        Working...