cancel
Showing results for 
Search instead for 
Did you mean: 

Non-default SNMP User in XMC = headache with Traps... FAD?

Non-default SNMP User in XMC = headache with Traps... FAD?

Tomasz
Valued Contributor II

Hello,

 

I’ve a bit long story to a short question (tl;dr: GOTO the last paragraph). 🙂

I’ll share my thoughts below according to the troubleshooting steps I took today, hoping that someone can have a look and make sure it’s FAD and not some tricky internals in XMC that are to be modified in a future release.

I am playing around in my lab trying to configure EXOS + XMC/EAC/EAN + few other things in the way I consider a set of deployment good practices. I decided to use a non-default SNMPv3 user for XMC-EXOS communication, along with SHA and AES (FYI: 128b) instead of MD5/DES.

XMC: 8.5.4.23

EXOS: 30.7 and 31.2

I wanted to play with SNMP Traps today as someone told me they don’t work with ELRP. I remember they work well in the EXOS S&R training so tried to do it quick and spent few hours on that lol. 😉

I used “Configure Trap Receiver” option in XMC to configure EXOS.

Toggling ports, saving config, inducing ELRP to trigger port disabling, custom trap - nothing shown up in XMC Events when limiting the view to Traps. Syslog was good though.

Double-checked device profile in XMC and SNMP config in EXOS. All was fine. XMC and EXOS in the same subnet thru VR-Default.

Unfortunately I spotted wrong time on XMC and it distracted me for a while (took another quarters to understand chronyd doesn’t like Windows Server for time sync unless additional measure is taken). I thought perhaps that’s the reason why traps are not showing. Definitely looked in a wrong place, tcpdump would be better to see if anything comes to XMC as the first step.

I tried to fix things like limit to VR-Default in snmpv3 target-params as I didn’t see any traps sent under neither ‘show snmp vr-def’ nor ‘show snmp vr-mgmt’. I thought they are not sent as it tried VR-Mgmt by default and it was down so nothing to send. But when I limited the VR scope, it didn’t work.

Moved between 30.7 and 31.2 just to check for any potential fw issue.

After a bit of lurking around the same show commands again and again and staring into the void I have spotted that XMC’s right-click option put a username into EXOS config that I don’t want to use (ie. I have a different username in SNMP part of device profile):

configure snmpv3 add target-params "TV1v3snmpuser" user "snmpuser" mp-model snmpv3 sec-model usm sec-level priv

And it was wrong, because I have created SNMPv3 user called xmc for XMC-EXOS communication and I don’t have snmpuser account in SNMP config of EXOS at all.

So I have modified this line in EXOS. The switch started sending traps! But… Nothing in XMC.

With tcpdump on XMC (helped a lot as ‘show snmpv3 counters’ are good in default communication direction, not relevant for Traps/Informs) I could see this kind of stuff:

21:53:51.339422 00:04:96:d7:85:28 (oui Unknown) > 00:0c:29:c3:94:f8 (oui Unknown), ethertype IPv4 (0x0800), length 271: 172.16.101.1.44417 > xmc.lab.local.snmp-trap:  F=apr U="xmc" [!scoped PDU]01_5[ABBREVIATED - Tomasz]
21:53:51.339607 00:0c:29:c3:94:f8 (oui Unknown) > 00:04:96:d7:85:28 (oui Unknown), ethertype IPv4 (0x0800), length 148: xmc.lab.local.snmp-trap > 172.16.101.1.44417:  F= U="xmc" E=_80_00_1f_88_80_2b_a1_56_5d_46_43_30_60 C="" Report(28)  S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownUserNames.0=23
That was strange indeed. I have decided to run through /usr/postinstall/snmpconfig to change the default snmpuser to my good ol’ pal ‘xmc’. During deployment I didn’t change it as I considered it just for SNMP agent on XMC in case of anything above trying to poll XMC server.
Restarted the service, restarted the server. No friggin’ luck this time.
After digging more I have realized that postinstall script is modifying /etc/snmp/snmpd.conf but it doesn’t touch /usr/local/Extreme_Networks/NetSight/appdata/snmptrapd.conf. I have added a line to cover my non-default user (‘createUser xmc SHA <authcred> AES <privcred>’). Traps finally got succesfully processed by XMC and displayed under Events tab.
 
My quesion is - is this FAD? I had to manually modify /usr/local/Extreme…/appdata/snmptrapd.conf with my non-default EXOS SNMPv3 user (although the file comments wanted to discourage me) as right-click ‘Register Trap Receiver’ wasn’t using my Device Profile SNMP user and that user was neither reflected in the config to receive traps.
 
Thanks,
Tomasz
 
P.S. If you find that useful for non-defaults in SNMP config, perhaps it’s worth noting in the KB until XMC behavior is adjusted.
1 ACCEPTED SOLUTION

Stefan_K_
Valued Contributor

So what is the purpose of this?

66cdd61a90d04377804f3ead26a09018_393cee50-f1ff-4f71-a173-42ac7e221dcb.png

 

View solution in original post

9 REPLIES 9

PeterK
Contributor III

ok, thanks.

I always have trouble to get informs running/displayed in XMC.

That’s why I prefer v3 Traps.

Tomasz
Valued Contributor II

Hi Peter,

 

Inform (which I prefer):

configure snmpv3 add target-addr "TVv3xmc" param "TV1v3xmc" ipaddress 172.16.101.121 transport-port 162 from 172.16.101.1 tag-list "TVInformTag"
configure snmpv3 add target-params "TV1v3xmc" user "xmc" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add notify "TVInformTag" tag "TVInformTag" type inform

 

Cheers,

Tomasz

PeterK
Contributor III

Hi Tomasz,

is it registered as trap or as inform?

Stefan_K_
Valued Contributor

 

Yeah, I would support such a feature request. Extreme needs a Uservoice where we could upvote such ideas. 😄

GTM-P2G8KFN