This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SNMP Error #2003

SNMP Error #2003

Ghost1081
New Contributor

‎01-29-2017 07:59 AM

Hello togehter,

i have an extreme switch an would like to use snmp.
my snmp config looks like this:

384ee4ef97584c768fcda685d0f60a3b_RackMultipart20170129-113839-fqnz4p-Unbenannt_inline.png



problem is:
my snmp test tool says: Error #2003
What can i do now?

0 Kudos
24 REPLIES 24

Ariyakudi_Srini
Extreme Employee

‎01-30-2017 02:06 AM

Hi,

The switch does seem to have the necessary configuration for the user's "public" and "private",

configure snmpv3 add community "private" name "private" user "v1v2c_rw"
configure snmpv3 add community "public" name "public" user "v1v2c_ro"

Now, as long as there is no network related issue, we should have no problem with the SNMP being functional.

Just to test, the counters across the switch can be cleared with the command "clear counters" and try to test the connectivity and verify if the SNMP is functional from the output of "show management".
The part of the output of interest is as below to check if there are any errors, drops.

SNMP stats: InPkts 0 OutPkts 0 Errors 0 AuthErrors 0
Gets 0 GetNexts 0 Sets 0 Drops 0
SNMP traps: Sent 0 AuthTraps Enabled
SNMP inform: Sent 0 Retries 0 Failed 0

0 Kudos

Ghost1081
New Contributor

‎01-29-2017 02:40 PM

Please look at the result of "show conf snmp detail"

#
# Module snmpMaster configuration.
#
configure snmpv3 engine-id 03:02:04:96:37:44:77
configure snmp compatibility get-bulk reply-too-big-action too-big-error
configure snmp compatibility ip-fragmentation disallow
configure snmpv3 add user "admin" engine-id 80:00:07:7c:03:02:04:96:37:44:77 authentication md5 auth
-encrypted localized-key XXX
configure snmpv3 add user "initial" engine-id 80:00:07:7c:03:02:04:96:37:44:77
configure snmpv3 add user "initialmd5" engine-id 80:00:07:7c:03:02:04:96:37:44:77 authentication md5
auth-encrypted localized-key XXX
configure snmpv3 add user "initialsha" engine-id 80:00:07:7c:03:02:04:96:37:44:77 authentication sha
auth-encrypted localized-key XXX
configure snmpv3 add user "initialmd5Priv" engine-id 80:00:07:7c:03:02:04:96:37:44:77 authentication
md5 auth-encrypted localized-key XXXX
configure snmpv3 add user "initialshaPriv" engine-id 80:00:07:7c:03:02:04:96:37:44:77 authentication
sha auth-encrypted localized-key XXX privacy privacy-encrypted localized-key XXX
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c
configure snmpv3 add group "v1v2cNotifyGroup" user "v1v2cNotifyUser1" sec-model snmpv2c
configure snmpv3 add group "admin" user "admin" sec-model usm
configure snmpv3 add group "initial" user "initial" sec-model usm
configure snmpv3 add group "initial" user "initialmd5" sec-model usm
configure snmpv3 add group "initial" user "initialsha" sec-model usm
configure snmpv3 add group "initial" user "initialmd5Priv" sec-model usm
configure snmpv3 add group "initial" user "initialshaPriv" sec-model usm
configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-
view "defaultAdminView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" not
ify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView"
write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView"
notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView
" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView"
write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView
" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth notify-view "defaul
tNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth notify-view "defau
ltNotifyView"
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/80 type included
configure snmpv3 add community "private" name "private" user "v1v2c_rw"
configure snmpv3 add community "public" name "public" user "v1v2c_ro"
disable snmpv3 community "public"
configure snmpv3 add community "v1v2cNotifyComm1" name "public" user "v1v2cNotifyUser1"
configure snmpv3 add target-addr "v1v2cNotifyTAddr1" param "v1v2cNotifyParam1" ipaddress XXX
70 transport-port 10550 from XXX tag-list "defaultNotify"
configure snmpv3 target-addr "v1v2cNotifyTAddr1" timeout 15
configure snmpv3 target-addr "v1v2cNotifyTAddr1" retry 3
configure snmpv3 add target-params "v1v2cNotifyParam1" user "v1v2cNotifyUser1" mp-model snmpv2c sec-
model snmpv2c sec-level noauth
configure snmpv3 add notify "defaultNotify" tag "defaultNotify"
configure snmpv3 add notify "defaultnotify" tag "defaultnotify"
enable snmp access
enable snmp access snmp-v1v2c
enable snmp access snmpv3
disable snmpv3 default-group
enable snmpv3 default-user
enable snmp traps
configure snmp access-profile none
enable snmp access vr "VR-Default"
enable snmp access vr "VR-Mgmt"

And this is the output of a switch which works fine with snmp.
i only use and test it with snmp v1

#
# Module snmpMaster configuration.
#
configure snmpv3 engine-id 03:02:04:96:36:f9:3c
configure snmp compatibility get-bulk reply-too-big-action too-big-error
configure snmp compatibility ip-fragmentation disallow
configure snmpv3 add user "admin" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c authentication md5 auth
-encrypted localized-key XXX privac
y privacy-encrypted localized-key XXX
configure snmpv3 add user "initial" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c
configure snmpv3 add user "initialmd5" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c authentication md5
auth-encrypted localized-key XXX
configure snmpv3 add user "initialsha" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c authentication sha
auth-encrypted localized-key XXX
configure snmpv3 add user "initialmd5Priv" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c authentication
md5 auth-encrypted localized-key XXX privacy privacy-encrypted localized-key XXX
configure snmpv3 add user "initialshaPriv" engine-id 80:00:07:7c:03:02:04:96:36:f9:3c authentication
sha auth-encrypted localized-key XXX
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv1
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv1
configure snmpv3 add group "v1v2c_ro" user "v1v2c_ro" sec-model snmpv2c
configure snmpv3 add group "v1v2c_rw" user "v1v2c_rw" sec-model snmpv2c
configure snmpv3 add group "v1v2cNotifyGroup" user "v1v2cNotifyUser1" sec-model snmpv2c
configure snmpv3 add group "admin" user "admin" sec-model usm
configure snmpv3 add group "initial" user "initial" sec-model usm
configure snmpv3 add group "initial" user "initialmd5" sec-model usm
configure snmpv3 add group "initial" user "initialsha" sec-model usm
configure snmpv3 add group "initial" user "initialmd5Priv" sec-model usm
configure snmpv3 add group "initial" user "initialshaPriv" sec-model usm
configure snmpv3 add access "admin" sec-model usm sec-level priv read-view "defaultAdminView" write-
view "defaultAdminView" notify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level noauth read-view "defaultUserView" not
ify-view "defaultNotifyView"
configure snmpv3 add access "initial" sec-model usm sec-level authnopriv read-view "defaultUserView"
write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv1 sec-level noauth read-view "defaultUserView"
notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_ro" sec-model snmpv2c sec-level noauth read-view "defaultUserView
" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv1 sec-level noauth read-view "defaultUserView"
write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2c_rw" sec-model snmpv2c sec-level noauth read-view "defaultUserView
" write-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv1 sec-level noauth notify-view "defaul
tNotifyView"
configure snmpv3 add access "v1v2cNotifyGroup" sec-model snmpv2c sec-level noauth notify-view "defau
ltNotifyView"
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultAdminView" subtree 1.0/80 type included
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0/80 type included
configure snmpv3 add community "private" name "private" user "v1v2c_rw"
configure snmpv3 add community "public" name "public" user "v1v2c_ro"
configure snmpv3 add community "v1v2cNotifyComm1" name "ST.-1062731350.10550" user "v1v2cNotifyUser1
"
configure snmpv3 add target-addr "v1v2cNotifyTAddr1" param "v1v2cNotifyParam1" ipaddress XXX
70 transport-port 10550 from XXX tag-list "defaultNotify"
configure snmpv3 target-addr "v1v2cNotifyTAddr1" timeout 15
configure snmpv3 target-addr "v1v2cNotifyTAddr1" retry 3
configure snmpv3 add target-params "v1v2cNotifyParam1" user "v1v2cNotifyUser1" mp-model snmpv2c sec-
model snmpv2c sec-level noauth
configure snmpv3 add notify "defaultNotify" tag "defaultNotify"
enable snmp access
enable snmp access snmp-v1v2c
disable snmp access snmpv3
enable snmpv3 default-group
enable snmpv3 default-user
enable snmp traps
configure snmp access-profile none
enable snmp access vr "VR-Default"
enable snmp access vr "VR-Mgmt"
0 Kudos

Ronald_Dvorak
Honored Contributor

‎01-29-2017 02:33 PM

I don't see a SNMP user in the your config that refers to the group - first command in the below picture

Here two links on to how to setup SNMPv3...

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-set-up-SNMPv3-on-EXOS
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-SNMPv3-informs-in-EXOS

I've put together my own table (as the KB wasn't very clear to me) to show which "variables" interact which each other - so here a picture - so the the same colour must have the same name to work with the other commands.

2183fd1289654b5a94e787b982a9edf8_RackMultipart20170129-45742-6ssc4u-XOS_SNMP_commands_inline.png



I'd delete the SNMP config and start from scratch.
0 Kudos

Prashanth_KG
Extreme Employee

‎01-29-2017 02:31 PM

Hi,

Based on my quick research, the error 2003 could be related to the connectivity issues or limited access to the SNMP on the switch or wrong community setting etc.,

Looking at the configuration, I see that the default snmpv3 groups and communities are disabled.

disable snmpv3 community "public"
disable snmpv3 default-group

Is this the complete configuration that you have on the device that you have shared with us? If that is the case, please try to enable these 2 and check if that helps!

enable snmpv3 community public
enable snmpv3 default-group.

Also, please share the "show log match snmp" output from the switch at the time of the error on the SNMP tester.

Hope this helps!

0 Kudos

davidj_cogliane
Contributor

‎01-29-2017 02:30 PM

I see V3 disabled and I don't see any custom SNMP community strings for V2. I assume you have the tool configured for the default community strings. Is there a user guide for the tool you are using? It would be good to clerified why the tool is giving you that error. You can see the default configuration with Show configuration SNMP detail.
0 Kudos
GTM-P2G8KFN