GLPI GUI SNMP Credentials Port Option

[delboy1966]

Cisco are now forcing SHA256 and AES256 protocols on its routers, well at least the VEdge routers, which we have a number of. I would expect that other routers will have the same protocols forced upon them.

Intially it was an issue because NET::SNMP, which glpi-agent uses, didn't support them, but after opening a disccusion in https://github.com/glpi-project/glpi-agent it was solved with a patch for NET::SNMP. And now I believe glpi-agent will now use its own version of NET::SNMP and was included in nightly build.

But now I have found that if a Cisco devices uses the SHA256 and AES256 protocols it only accepts SNMP queries on port 1161 and not the default port 161. Which is fine when using glpi-agent and glpi-netdiscovery on the command line, as they both allow me to pass the port number.

But the GUI page "GLPI -> Administration -> Inventory -> SNMP credentials" doesn't allow me to input the port number to use. So, for those subnets that have the VEdge routers on, I can't use the plugin via the GUI to inventory those devices. I have a workaround for now, by using glpi-netdiscovery on the command line for those subnets and then injecting the XML into the GLPI server.

But as more Cisco devices starting using port 1161, at some point the SNMP Credentials page will need the option to include the SNMP port number. And for that port number to be passed to the Agent running the scan, along with the creds. If this can be included in a later release, that would be great.

Thanks

[g-bougard]

To amend this issue, this is also supported by glpi-agent ToolBox UI as shown in documentation here: https://glpi-agent.readthedocs.io/en/latest/plugins/toolbox-plugin.html#create-a-credential

[delboy1966]

I've looked at putting it into the toolbox, but have come across an issue with that.
I enter the SNMP details, selecting sha256 and aes265c, but when I save it, it doesn't save the privacy protocol aes256c.
I go back into it and select it again, press update and the box clears again.

[delboy1966]

In the toolbox.yaml file it saves the privprotocol as:

privprotocol: 'aes256c (cisco protocol)'

If I edit that and put

privprotocol: aes256c

Then go to back to toolbox and look at those creds, the privacy protocol box is not blank anymore, it says "aes256c (cisco protocol)" if I then press update on that page, it clears the box again, And we are back to square one, the toolbox.yaml file sais "aes256c (cisco protocol)".

It doesn't seem to be saving anything.

[delboy1966]

It seems it doesn't like any of the protocols that have ( ) in them.
If I edit this part of the credentials-edit.tpl file to remove the ( .* )

        <option{$privprotocol ? "" : " selected"}></option>
        <option{$privprotocol eq "des" ? " selected" : ""}>des</option>
        <option{$privprotocol eq "aes" ? " selected" : ""}>aes</option>
        <option{$privprotocol eq "3des" ? " selected" : ""}>3des</option>
        <option{$privprotocol eq "cfb192-aes" ? " selected" : ""}>cfb192-aes</option>
        <option{$privprotocol eq "cfb256-aes" ? " selected" : ""}>cfb256-aes</option>
        <option{$privprotocol eq "aes192c" ? " selected" : ""}>aes192c</option>
        <option{$privprotocol eq "aes256c" ? " selected" : ""}>aes256c</option>

It saves the protocol aes256c and it doesn't disappear from the box. And the toolbox.yaml file is correct.

[g-bougard]

Hi @delboy1966

please don't hijack this issue for another problem not related to the plugin or you will loose plugin developers attention. I just created glpi-project/glpi-agent#1016.

[delboy1966]

Apologies, I forgot what project ai was in.
You mentioned Toolbox and I found the issues after trying it, and replied in here by mistake.