This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Technical Discussions
- Network Architecture & Design
- Re: VSP - unable send traps to XMC SNMPv3
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
VSP - unable send traps to XMC SNMPv3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-06-2019 01:13 PM
Hi team,
I´m unable recive traps in the XMC server form VSPs, and in the VSP logs I can see:
SNMP ERROR Failed to create trap (Reason=Failed to create v3 trap) for host A.B.C.D:162
Any idea?
Regards,
EF
I´m unable recive traps in the XMC server form VSPs, and in the VSP logs I can see:
SNMP ERROR Failed to create trap (Reason=Failed to create v3 trap) for host A.B.C.D:162
Any idea?
Regards,
EF
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-27-2020 07:56 AM
Hi,
About this, I’ve reach out the support team and now the SNMP traps on my VSPs devices are working fine.
So, first, I’ve configured a loopback IP address (CLIP) on the switch to use it as the SNMP sender source. On the VOSS CLI reference doc (https://documentation.extremenetworks.com/VOSS/SW/71x/9035528_CLIRefVOSS_7.1_CRG.pdf), page 2110, it says that the IP SNMP sender source should be a CLIP address. If is not a CLIP address, then the config snmp-server force-trap-sender enable will be ignored and the switch automatically uses the IP address of the logical interface that is closest (from the perspective of the routing table). If the reachability to the SNMP server is over an IS-IS/SPB IP shortcut NNI, the switch automatically uses the IS-IS IP source address and the settings from this command are ignored.
After this, I was able to use the command snmp-sever force-trap-sender enable properly. So, my snmp config, look like this:
------------------------------------------
snmp-server contact "Contact"
snmp-server location "Location"
snmp-server authentication-trap enable
snmp-server force-iphdr-sender enable
snmp-server sender-ip <XMC Server IP> <CLIP address of the switch>
snmp-server force-trap-sender enable
snmp-server user user_xmc group "xmcgroup"
snmp-server user user_xmc group "xmcgroup"
snmp-server view "xmc_read" 1
snmp-server view "xmc_write" 1
snmp-server view "xmc_notify" 1
snmp-server group "xmcgroup" "" auth-priv read-view xmc_read write-view xmc_write notify-view root
snmp-server group "user_xmc" "" auth-priv read-view xmc_read write-view xmc_write notify-view xmc_notify
snmp-server host <XMC server IP> v3 authPriv user_xmc inform
------------------------------------------
After this config, I was able to see traffic on the tcpdump capture coming through port 162 (SNMP traps) to the XMC from the VSP.
At last I removed the VSP switches from XMC and added them again using the CLIP address.
I hope this helps someone else.
Regards
7 REPLIES 7
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-20-2019 04:42 PM
These commands worked for me. Yet to configure traps, but will post when working
snmp-server view root +1
snmp-server user netsight sha aes read-view root write-view root notify-view root
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-20-2019 03:10 PM
Hi
Just seeing if anyone has a working SNMPv3 configuration for an ERS 3600 series switch.
Typically you would need to configure three elements:
- Group
- Access
- User
In the ERS configuration I can’t see how to do this, as the commands above do not translate equally to BOSS?
The configuration I have so far is
For MD5/DES:
snmp-server user engine-id 0x80:00:1f:88:80:d5:74:92:2d:32:d4:4a:5d snmpuser md5 desFor SHA/AES
snmp-server user snmpuser sha aes
The engine ID has been taken from XMC via:
/usr/local/Extreme_Networks/NetSight/services/snmptrapd.conf
In addition, do you know what configuration is required in XMC. Running version 8.3 but I am falling back to the java version and adding the engine ID for the switch into the snmptrapd file.
For MD5/DES I’m thinking it will look something like the below, with the engineID being that of the switch:
createUser -e 0x800002328002005d31384f4c3531303045333030 snmpuser MD5 snmpauthcred DES snmpprivcred
For SHA/AES thinking I just need to add:
# createUser myAuthPrivUser SHA mypassword AES myotherpassword
Maybe I don’t need to go to all this trouble at all and like EXOS its done automatically?
Many thanks in advance
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-06-2019 05:22 PM
in some versions of VSP commands must be entered in following order.
Here are CLI commands:
VOSS02:1(config)#snmp-server authentication-trap enable
VOSS02:1(config)#snmp-server contact MasterOfUniverse
VOSS02:1(config)#snmp-server force-iphdr-sender enable
VOSS02:1(config)#snmp-server location MiddleOfTheWorld
VOSS02:1(config)#snmp-server group "RWgroup" "" auth-priv read-view root write-view root notify-view root
VOSS02:1(config)#snmp-server user snmpuser group RWgroup md5 snmpauthcred des snmpprivcred
VOSS02:1(config)#snmp-server sender-ip 192.168.130.30 192.168.130.16
VOSS02:1(config)#snmp-server user engine-id 0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a snmpuser md5 snmpauthcred des snmpprivcred
VOSS02:1(config)#snmp-server host 192.168.130.30 v3 authpriv snmpuser inform
Where:
0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a = SNMP engine ID of the XMC
192.168.130.30 = IP address of the XMC
192.168.130.16 = IP address of the VSP
While the snmpuser is used with the same credentials for both SNMP queries and for SNMP informs. Both with authpriv.
Here are CLI commands:
VOSS02:1(config)#snmp-server authentication-trap enable
VOSS02:1(config)#snmp-server contact MasterOfUniverse
VOSS02:1(config)#snmp-server force-iphdr-sender enable
VOSS02:1(config)#snmp-server location MiddleOfTheWorld
VOSS02:1(config)#snmp-server group "RWgroup" "" auth-priv read-view root write-view root notify-view root
VOSS02:1(config)#snmp-server user snmpuser group RWgroup md5 snmpauthcred des snmpprivcred
VOSS02:1(config)#snmp-server sender-ip 192.168.130.30 192.168.130.16
VOSS02:1(config)#snmp-server user engine-id 0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a snmpuser md5 snmpauthcred des snmpprivcred
VOSS02:1(config)#snmp-server host 192.168.130.30 v3 authpriv snmpuser inform
Where:
0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a = SNMP engine ID of the XMC
192.168.130.30 = IP address of the XMC
192.168.130.16 = IP address of the VSP
While the snmpuser is used with the same credentials for both SNMP queries and for SNMP informs. Both with authpriv.
Regards
Zdeněk Pala
