SNMPv3 Alarms to NetSight 6.3 fails

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I have the following problem:

1. Set the SNMPv3 on Extreme switches with siguinetre configuration:
snmpv3 add configure user authentication md5 NetSight F4l4b3114c01 privacy F4l4b3114c01
netsight_btcol configure SNMPv3 user group add NetSight sec-model usm
snmpv3 configure add access netsight_btcol sec-sec-level model usm priv defaultAdminView read-view write-view notify-view defaultAdminView defaultAdminView


2. NetSight have set alerts for ELRP, EAPS, Link Down, VRRP and OSPF protocols attached according to information in the image

The problem is that when a fault occurs in these protocols alarm never comes?

What should I do? as I set it up? anyone can share me some script?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Taykin Izzet

Taykin Izzet , Employee

  • 2,924 Points 2k badge 2x thumb
Hello Jario,

Can we firstly confirm whether the traps are being sent from the switch and whether the trap receiver is configured. This can be done using the commands:

show snmp <vr>
show managment

The counters in the mentioned outputs should show increments in the 'traps sent' section each time the event is triggered. If not, a trap receiver may not be configured or traps might not be enabled on the switch.

If they appear to be sent, do we see the traps in NetSight's console?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
configure snmpv3 delete access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth
configure snmpv3 delete community "public"
configure snmpv3 delete notify "defaultNotify"
configure snmpv3 add user "netsight" engine-id 80:00:07:7c:03:00:04:96:51:94:6f authentication md5 auth-encrypted localized-key 23:c7:23:16:6b:23:a7:23:e1:3d:23:b8:5d:60:28:23:26:23:09:59:23:19:23:e9:23:9d privacy privacy-encrypted localized-key 23:c7:23:16:6b:23:a7:23:e1:3d:23:b8:5d:60:28:23:26:23:09:59:23:19:23:e9:23:9d
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c
configure snmpv3 add group "v1v2cNotifyGroup" user "v1v2cNotifyUser3" sec-model snmpv2c
configure snmpv3 add group "admin" user "admin" sec-model usm
configure snmpv3 add group "initial" user "initial" sec-model usm
configure snmpv3 add group "netsight_btcol" user "netsight" sec-model usm
configure snmpv3 add group "initial" user "initialmd5" sec-model usm
configure snmpv3 add group "initial" user "initialsha" sec-model usm
configure snmpv3 add group "initial" user "initialmd5Priv" sec-model usm
configure snmpv3 add group "initial" user "initialshaPriv" sec-model usm
configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "netsight_btcol" sec-model usm sec-level priv read-view "defaultAdminView" write-view "defaultAdminView" notify-view "defaultAdminView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/80 type included
configure snmpv3 add community "MONFAL" name "MONFAL" user "v1v2c_ro"
configure snmpv3 add community "RIDGELINE" name "RIDGELINE" user "v1v2c_ro"
configure snmpv3 add community "ch1kg0" name "ch1kg0" user "v1v2c_ro"
configure snmpv3 add community "private" name "private" user "v1v2c_rw"
configure snmpv3 add community "v1v2cNotifyComm3" name "ST.175639426.10550" user "v1v2cNotifyUser3"
configure snmpv3 add target-addr "snmpv3Target" param "snmpv3Params" ipaddress 10.120.11.130 transport-port 162 tag-list "defaultNotify"
configure snmpv3 add target-addr "v1v2cNotifyTAddr5" param "v1v2cNotifyParam4" ipaddress 10.120.11.130 transport-port 10550 tag-list "defaultNotify"
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,442 Points 5k badge 2x thumb
Hi. Do I understand well that the switch does not send the trap? Or the switch does send the trap and the Netsight does no action?
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
generates the log on the switch but do not notify NetSight
Photo of Tony Thornton

Tony Thornton, Extreme Alumnus

  • 1,412 Points 1k badge 2x thumb
You may also want to consider start a packet capture on the the NetSight server/VM and trigger a trap to see what information is being sent to NetSight from the switch.
Photo of Tony Thornton

Tony Thornton, Extreme Alumnus

  • 1,412 Points 1k badge 2x thumb
Hi Jairo,

Can you confirm that the switch is responding to basic SNMP requests?  To do this, you can go to Console, select a device, click on MIB Tools, a new window will pop up.  The IP address of the device you chose should be in the IP address field.  Select a MIB you wish to test with from the Tree. Click on the MIB and in the bottom frame click Query to see if the switch responds.  The response should appear in the bottom frame.
Photo of Jairo Rojas Herrera

Jairo Rojas Herrera

  • 1,452 Points 1k badge 2x thumb
This is the information
Photo of David Choi

David Choi, Employee

  • 1,966 Points 1k badge 2x thumb
I'm not sure if you already add the switch to the NetSight's "snmptrapd.conf". If the switch is not registered on the "snmptrapd.conf" file in NetSight, then NetSight doesn't display the Trap alarm even though it receive trap message sent from the switch.

Followings are the procedure to add device into "snmptrad.conf" file.

1. Right-click on a device which you want to add in Console's device-tree.


2. Choose "Trap Receiver Configuration" then new window will be pop-up.
3. Select "snmptrapd" tab


4. Check the credential table (e.g. IP address or Credential Name) if they are correct. Usually the "Credential Name" is chosen incorrectly so you have to correct it.

5. Click the device in the Credential table and click "Get EngineID"


6. Click "Add to File" and confirm the EngineID is added as well in the end of line under "snmptrapd.conf text"


7. Save and Close
8. You have to restart "SNMPTrap" service in NetSight server
If your NetSight is Linux based, then please refer follow article:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-restart-snmptrapd-in-NetSight-of-li...

If your NetSight is Window based, then you can just use NetSight icon in taskbar to restart SNMPTrap.