Is it possible to direct SNMP traffic to a specific physical port on a EWC C5210?

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I am having trouble getting Extreme Management Center to receive SNMP traffic from my 2 C5210 controllers.
I am currently only using the 2 10 Gig fibre ports.  1 is used for the VNS VLANs.  All of them are tagged and the port is not set as phyisical and does not have management traffic allowed.  The other is used for APs.  The port is untagged and set as physical with allow management traffic.
We use this port and network to access the controller GUIs.
NetSight is on a different subnet than the AP network but it is in the same router and the same router table.
NetSight can not see the SNMP traffic coming from the controller and will not discover the controllers
When I place an X440 switch on the AP subnet NetSight can discover it and display its information.
When I attach the management port to the same subnet as NetSight it is discovered and full information seems to be able to be retrieved in the console but not in OneView which still shows the controllers as down in the Wireless Dashboard
I do not want to use the Management Port as most documentation says not to.
I have the 2 copper ports available.  Would it help to configure one of them as a physical port and connect it directly to the subnet that NetSIght is on?  Is this advisable?

Thank you for your help.
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
Hi Chris,

is there  a route added in the controller to reach the EMC subnet ?
Could you ping the controller AP interface from EMC ?

You'd add a route in ....
GUI > controller > network > routing protocols

-Ron
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb
Hi Ronald,

Yes I am able to ping the physical port IP on each controller from the CLI of the EMC

In the routing protocols I only have the 1 route to the gateway of the AP subnet


Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
Hello Chris
If you admin port has an IP in the same subnet as your Netsight server you will need to change that IP back to the default 192.168.10.1 (assuming your Netsight is not in that subnet) and reboot the controller to clear that route up. Assuming the Netsight Server is behind the same default gateway as your default route of 172.16.16.1 the IP connectivity should be fine. Then refer to this: https://gtacknowledge.extremenetworks.com/articles/Solution/No-controllers-are-configured-for-OneVie...
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb
Hello Craig,

The NetSight is not behind the gateway of that default route.  That is the subnet we have the APs on.  The NetSight is on subnet 172.16.10.0/24
The subnets are on the same router table and share the same default route.  Other devices, such as an X440 switch are on the 172.16.16.0 subnet and can contact NetSight but not the controller.
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
What IP address do you have assigned to the physical port of the controller? 
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
... and what would the correct next hop be to get from said IP to the Netsight? My assumption is you need to add a static route to the route table where you have your default route. 
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb
The physical port on the controller is 172.16.16.5
The Netsight Interface is 172.16.10.51
They are directly connected networks with their own gateways but in the same route table

Do you have an example of what that static route would look like?
Thanks
Photo of Craig Guilmette

Craig Guilmette, Employee

  • 2,610 Points 2k badge 2x thumb
OK think about it this way if an snmp packet leaves the controller on IP 172.16.16.5 then goes to its default gateway of 172.16.16.1 does that router have a direct route to the 172.16.10.x subnet that the Netsight device of 172.16.10.51 resides on? If so you are good. Nothing else needs to be done. 
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb
Hi Craig,
Yes it does have a direct route to the subnet that NetSight is on and yet it does not work, thus the reason for my post. I have put other switches, such as an X440, on the same network as the controllers physical port and Netsight discovers it and talks to it just fine.
I have opened a case and worked for 4 hours with GTAC, both a wireless guy and a NetSight guy and they couldn't figure it out.
This has continued through 3 firmware upgrades.
I'm starting to think there is a problem with the SNMP service on my controller but no one has ever heard of that.
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
Hi Chris

If you put a PC in the same vlan and use an snmp tool (eg from http://www.net-snmp.org/  ) - does the controller respond?  Is the issue with snmp v1/v2 or v3?

Also I understand an X440 works just fine, but as a shot in the dark, do you have some ACL's on the router that might be blocking SNMP to the controller IP?

-Gareth
Photo of Chris Taylor

Chris Taylor

  • 796 Points 500 badge 2x thumb
Hello Gareth,
The NetSight and the Controller are both directly connected to the Extreme core switch so there is no router between them.  The core switch does not have any ACL's that would block the SNMP.

I connected the C5210 management ports to the same subnet as NetSight and was able to establish connection.  The controllers show up in the console but only 1 of them shows as up in OneView.
I then removed the connection on the Management port and the connection remains up.
In console I can use the "properties", "Compass" and "Interface statistics Flex view" tabs to pull information.  I can also use the MIB tool to query the controller.
However in OneView it only shows 1 controller up in the Dashboards even though under the device section I can see both controllers as up.

This leads me to believe that there is not a problem with the controllers and NetSight communicating between the 2 different subnets

I have tried this experiment before and the controllers will eventually lose contact and can not be re-discovered until the management port is re-connected.

 
Photo of Gareth Mitchell

Gareth Mitchell, Extreme Escalation Support Engineer

  • 5,588 Points 5k badge 2x thumb
Hi Chris

It sounds like you have a couple of problems there, please call into GTAC and we can take a look at it.

-Gareth
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
Sorry I'm a little bit confused what the exact issue is.

If I read thru all the posts it looks like that SNMP is working (status in devices is correct) but the view in EMC > wireless doesn't show the correct status and graphs for the controller.

If that is the case it sounds like a problem with the langley tunnel between EMC - controller.

EMC needs this tunnel and ssh access to the controller or it wouldn't work 100%.
Also make sure that stats collection is enabled.

If you take a look in the following thread - my 2 posts explain the required settings.

https://community.extremenetworks.com/extreme/topics/using_netsight_5_to_manage_wireless_controllers 

If that is correct and didn't solved the issue I'd delete/add the controller in EMC to see whether that has any effect.

-Ron