Extreme Networks

tobias_berndes · ‎03-30-2021

Hey,

i have som issues concerning the configuration of SNMP on the AP130’s.

Version of Controller ExtremeCloud IQ On-Premises 21.1.20.24-IQVA

Version of AP 10.0.8.0 (10.0r8)

I already enabled the SNMP Server in Network Policies > Additional Settings > Management Server.

Apart from that i added here the respective SNMP Server with Version V3 and i also activated the option Apply SNMP Servers to devices via classification. Under this option i also added the same SNMP Server like in the general settings above. Then i added a classification rule, based on the IP-Range, the AP130’s are part of.

Also under Security > Traffic Filter i activated enable SNMP.

Finally i executed a Delta Update on all accesspoints.

From the SNMP Server then i tried to perform a query and got the following output:

Last binding: null
SNMP Requests: 25 (successful 0)
Variable bindings: 0
Starters started: [0, 1.0.8802, 1.0.8802.1.1.1, 1.0.8802.1.1.2, 1.3, 1.3.6.1.2, 1.3.6.1.4]
Exceptions:
0 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 0
1 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1
1.0.8802 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802
1.0.8802.1.1.1 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.1.1.1
1.0.8802.1.1.2 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.1.1.2
1.0.8802.1.1.3 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.1.1.3
1.0.8802.1.2 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.1.2
1.0.8802.1.3 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.1.3
1.0.8802.2 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.2
1.0.8802.3 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8802.3
1.0.8803 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8803
1.0.8804 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.0.8804
1.1 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.1
1.2 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.2
1.3 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.3
1.3.6.1.2 10.202.1.201 timed out after 2s (wrong credentials?), code -1, request OID 1.3.6.1.2
1.3.6.1.3 Empty response PDU, request OID 1.3.6.1.3
1.3.6.1.4 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.6.1.4
1.3.6.1.5 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.6.1.5
1.3.6.2 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.6.2
1.3.6.3 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.6.3
1.3.7 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.7
1.3.8 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.3.8
1.4 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.4
1.5 Message processing model 3 returned error: Unknown security name/Unknown security name, code 1404, request OID 1.5

So on the SNMP Server i chose SHA-1 as Authentication Type and AES128 as Privacy Type.

I use the same credentials for our switches and that is working as it should.

Do i have to choose another Authentication Type or Privacy Type?

I am also wondering why i don’t see any information of the named SNMP server on the AP.

When i establish an SSH connection to one of the AP130’s and run

show snmp

i only see the Syslocation, the Syscontact and the community numbers but there isn’t any information about the named SNMP Server of the ExtremeCloud IQ Managament Server.

When i run

show config running | i snmp

i got the following output (Company-specific information was concealed with ***)

hive "****HiveManager NG" manage snmp
snmp location "****"
no snmp reader version any community hivecommunity
snmp reader version v3 admin Username auth sha password *** encryption aes password ***

And can someone explain to me the stuff of the Apply SNMP Servers to devices via classification?

Do i have to use it?

Shouldn't I actually see the named SNMP server somewhere in the configuration?

Ash_Finch · ‎03-30-2021

Traditionally I’ve always done this via the port of the AP - though traffic filter via additional settings sounds like it should also enable this...

Network Policy > Device Templates > [use existing AP130 template, or create a new one if there isn’t an existing] > scroll to wired interfaces > click + next to port type > give it a name > change back to uplink port > in the “traffic filter management” enable SNMP.

“And can someone explain to me the stuff of the Apply SNMP Servers to devices via classification? Do i have to use it?”

No you don’t have to use this, it’s optional. E.g. at site A you want an AP talking to SNMP Server A, at another site, B, you want the AP to talk to SNMP Server B etc.

View solution in original post

Ash_Finch · ‎05-24-2021

Honestly not too sure! What version were you on previously?

If you compare a running-config of a non-upgraded and upgraded AP is it the same in regards to SNMP?

tobias_berndes · ‎05-22-2021

@Ash Finch The SNMP Query worked pretty well - just until the time I upgraded all AP's to the new version of 10.0.10.2 (10.0r10b) - do you know why?

Ash_Finch · ‎03-30-2021