04-06-2021 09:28 PM
I’ve a bit long story to a short question (tl;dr: GOTO the last paragraph). 🙂
I’ll share my thoughts below according to the troubleshooting steps I took today, hoping that someone can have a look and make sure it’s FAD and not some tricky internals in XMC that are to be modified in a future release.
I am playing around in my lab trying to configure EXOS + XMC/EAC/EAN + few other things in the way I consider a set of deployment good practices. I decided to use a non-default SNMPv3 user for XMC-EXOS communication, along with SHA and AES (FYI: 128b) instead of MD5/DES.
EXOS: 30.7 and 31.2
I wanted to play with SNMP Traps today as someone told me they don’t work with ELRP. I remember they work well in the EXOS S&R training so tried to do it quick and spent few hours on that lol. 😉
I used “Configure Trap Receiver” option in XMC to configure EXOS.
Toggling ports, saving config, inducing ELRP to trigger port disabling, custom trap - nothing shown up in XMC Events when limiting the view to Traps. Syslog was good though.
Double-checked device profile in XMC and SNMP config in EXOS. All was fine. XMC and EXOS in the same subnet thru VR-Default.
Unfortunately I spotted wrong time on XMC and it distracted me for a while (took another quarters to understand chronyd doesn’t like Windows Server for time sync unless additional measure is taken). I thought perhaps that’s the reason why traps are not showing. Definitely looked in a wrong place, tcpdump would be better to see if anything comes to XMC as the first step.
I tried to fix things like limit to VR-Default in snmpv3 target-params as I didn’t see any traps sent under neither ‘show snmp vr-def’ nor ‘show snmp vr-mgmt’. I thought they are not sent as it tried VR-Mgmt by default and it was down so nothing to send. But when I limited the VR scope, it didn’t work.
Moved between 30.7 and 31.2 just to check for any potential fw issue.
After a bit of lurking around the same show commands again and again and staring into the void I have spotted that XMC’s right-click option put a username into EXOS config that I don’t want to use (ie. I have a different username in SNMP part of device profile):
configure snmpv3 add target-params "TV1v3snmpuser" user "snmpuser" mp-model snmpv3 sec-model usm sec-level priv
And it was wrong, because I have created SNMPv3 user called xmc for XMC-EXOS communication and I don’t have snmpuser account in SNMP config of EXOS at all.
So I have modified this line in EXOS. The switch started sending traps! But… Nothing in XMC.
With tcpdump on XMC (helped a lot as ‘show snmpv3 counters’ are good in default communication direction, not relevant for Traps/Informs) I could see this kind of stuff:
21:53:51.339422 00:04:96:d7:85:28 (oui Unknown) > 00:0c:29:c3:94:f8 (oui Unknown), ethertype IPv4 (0x0800), length 271: 172.16.101.1.44417 > xmc.lab.local.snmp-trap: F=apr U="xmc" [!scoped PDU]01_5[ABBREVIATED - Tomasz]21:53:51.339607 00:0c:29:c3:94:f8 (oui Unknown) > 00:04:96:d7:85:28 (oui Unknown), ethertype IPv4 (0x0800), length 148: xmc.lab.local.snmp-trap > 172.16.101.1.44417: F= U="xmc" E=_80_00_1f_88_80_2b_a1_56_5d_46_43_30_60 C="" Report(28) S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownUserNames.0=23
Solved! Go to Solution.
04-07-2021 07:42 AM
04-08-2021 08:31 AM
I always have trouble to get informs running/displayed in XMC.
That’s why I prefer v3 Traps.
04-08-2021 08:10 AM
Inform (which I prefer):
configure snmpv3 add target-addr "TVv3xmc" param "TV1v3xmc" ipaddress 172.16.101.121 transport-port 162 from 172.16.101.1 tag-list "TVInformTag"
configure snmpv3 add target-params "TV1v3xmc" user "xmc" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add notify "TVInformTag" tag "TVInformTag" type inform
04-08-2021 06:40 AM
is it registered as trap or as inform?
04-07-2021 08:03 PM
Yeah, I would support such a feature request. Extreme needs a Uservoice where we could upvote such ideas. 😄