I’ve a bit long story to a short question (tl;dr: GOTO the last paragraph). :)
I’ll share my thoughts below according to the troubleshooting steps I took today, hoping that someone can have a look and make sure it’s FAD and not some tricky internals in XMC that are to be modified in a future release.
I am playing around in my lab trying to configure EXOS + XMC/EAC/EAN + few other things in the way I consider a set of deployment good practices. I decided to use a non-default SNMPv3 user for XMC-EXOS communication, along with SHA and AES (FYI: 128b) instead of MD5/DES.
EXOS: 30.7 and 31.2
I wanted to play with SNMP Traps today as someone told me they don’t work with ELRP. I remember they work well in the EXOS S&R training so tried to do it quick and spent few hours on that lol. ;)
I used “Configure Trap Receiver” option in XMC to configure EXOS.
Toggling ports, saving config, inducing ELRP to trigger port disabling, custom trap - nothing shown up in XMC Events when limiting the view to Traps. Syslog was good though.
Double-checked device profile in XMC and SNMP config in EXOS. All was fine. XMC and EXOS in the same subnet thru VR-Default.
Unfortunately I spotted wrong time on XMC and it distracted me for a while (took another quarters to understand chronyd doesn’t like Windows Server for time sync unless additional measure is taken). I thought perhaps that’s the reason why traps are not showing. Definitely looked in a wrong place, tcpdump would be better to see if anything comes to XMC as the first step.
I tried to fix things like limit to VR-Default in snmpv3 target-params as I didn’t see any traps sent under neither ‘show snmp vr-def’ nor ‘show snmp vr-mgmt’. I thought they are not sent as it tried VR-Mgmt by default and it was down so nothing to send. But when I limited the VR scope, it didn’t work.
Moved between 30.7 and 31.2 just to check for any potential fw issue.
After a bit of lurking around the same show commands again and again and staring into the void I have spotted that XMC’s right-click option put a username into EXOS config that I don’t want to use (ie. I have a different username in SNMP part of device profile):
configure snmpv3 add target-params "TV1v3snmpuser" user "snmpuser" mp-model snmpv3 sec-model usm sec-level priv
And it was wrong, because I have created SNMPv3 user called xmc for XMC-EXOS communication and I don’t have snmpuser account in SNMP config of EXOS at all.
So I have modified this line in EXOS. The switch started sending traps! But… Nothing in XMC.
With tcpdump on XMC (helped a lot as ‘show snmpv3 counters’ are good in default communication direction, not relevant for Traps/Informs) I could see this kind of stuff:
21:53:51.339422 00:04:96:d7:85:28 (oui Unknown) > 00:0c:29:c3:94:f8 (oui Unknown), ethertype IPv4 (0x0800), length 271: 172.16.101.1.44417 > xmc.lab.local.snmp-trap: F=apr U="xmc" [!scoped PDU]01_5[ABBREVIATED - Tomasz]21:53:51.339607 00:0c:29:c3:94:f8 (oui Unknown) > 00:04:96:d7:85:28 (oui Unknown), ethertype IPv4 (0x0800), length 148: xmc.lab.local.snmp-trap > 172.16.101.1.44417: F= U="xmc" E=_80_00_1f_88_80_2b_a1_56_5d_46_43_30_60 C="" Report(28) S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownUserNames.0=23
Best answer by Stefan K.
I can confirm, that you need to manually mod the snmptrad.conf for using snmpV3 Traps.
So what is the purpose of this?