This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

VSP - unable send traps to XMC SNMPv3

VSP - unable send traps to XMC SNMPv3

Go to solution
EF
Contributor III

‎06-06-2019 01:13 PM

Hi team,

I´m unable recive traps in the XMC server form VSPs, and in the VSP logs I can see:

SNMP ERROR Failed to create trap (Reason=Failed to create v3 trap) for host A.B.C.D:162

Any idea?

Regards,

EF
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
csantos
New Contributor III

‎08-27-2020 07:56 AM

Hi,

About this, I’ve reach out the support team and now the SNMP traps on my VSPs devices are working fine.

So, first, I’ve configured a loopback IP address (CLIP) on the switch to use it as the SNMP sender source. On the VOSS CLI reference doc (https://documentation.extremenetworks.com/VOSS/SW/71x/9035528_CLIRefVOSS_7.1_CRG.pdf), page 2110, it says that the IP SNMP sender source should be a CLIP address. If is not a CLIP address, then the config snmp-server force-trap-sender enable will be ignored and the switch automatically uses the IP address of the logical interface that is closest (from the perspective of the routing table). If the reachability to the SNMP server is over an IS-IS/SPB IP shortcut NNI, the switch automatically uses the IS-IS IP source address and the settings from this command are ignored.

After this, I was able to use the command snmp-sever force-trap-sender enable properly. So, my snmp config, look like this:

 

------------------------------------------

snmp-server contact "Contact"

snmp-server location "Location"

snmp-server authentication-trap enable

snmp-server force-iphdr-sender enable

snmp-server sender-ip <XMC Server IP> <CLIP address of the switch>

snmp-server force-trap-sender enable

snmp-server user user_xmc group "xmcgroup"

snmp-server user user_xmc group "xmcgroup"

snmp-server view "xmc_read" 1

snmp-server view "xmc_write" 1

snmp-server view "xmc_notify" 1

snmp-server group "xmcgroup" "" auth-priv read-view xmc_read write-view xmc_write notify-view root

snmp-server group "user_xmc" "" auth-priv read-view xmc_read write-view xmc_write notify-view xmc_notify

snmp-server host <XMC server IP> v3 authPriv user_xmc inform

------------------------------------------

After this config, I was able to see traffic on the tcpdump capture coming through port 162 (SNMP traps) to the XMC from the VSP.

At last I removed the VSP switches from XMC and added them again using the CLIP address. 

I hope this helps someone else.

Regards

 

 

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
Anonymous
Not applicable

‎11-20-2019 04:42 PM

These commands worked for me. Yet to configure traps, but will post when working

snmp-server view root +1
snmp-server user netsight sha aes read-view root write-view root notify-view root

 

0 Kudos

Go to solution
Anonymous
Not applicable

‎11-20-2019 03:10 PM

Hi

Just seeing if anyone has a working SNMPv3 configuration for an ERS 3600 series switch.

Typically you would need to configure three elements:

  • Group 
  • Access
  • User

In the ERS configuration I can’t see how to do this, as the commands above do not translate equally to BOSS?

The configuration I have so far is

For MD5/DES:

snmp-server user engine-id 0x80:00:1f:88:80:d5:74:92:2d:32:d4:4a:5d snmpuser md5 des

For SHA/AES

snmp-server user snmpuser sha aes

 

The engine ID has been taken from XMC via:

 

/usr/local/Extreme_Networks/NetSight/services/snmptrapd.conf

 

In addition, do you know what configuration is required in XMC. Running version 8.3 but I am falling back to the java version and adding the engine ID for the switch into the snmptrapd file.

 

For MD5/DES I’m thinking it will look something like the below, with the engineID being that of the switch:

createUser -e 0x800002328002005d31384f4c3531303045333030 snmpuser MD5 snmpauthcred DES snmpprivcred

 

For SHA/AES thinking I just need to add:

# createUser myAuthPrivUser SHA mypassword AES myotherpassword

 

Maybe I don’t need to go to all this trouble at all and like EXOS its done automatically?

 

Many thanks in advance

0 Kudos

Go to solution
Zdeněk_Pala
Extreme Employee

‎06-06-2019 05:22 PM

in some versions of VSP commands must be entered in following order.

Here are CLI commands:
VOSS02:1(config)#snmp-server authentication-trap enable
VOSS02:1(config)#snmp-server contact MasterOfUniverse
VOSS02:1(config)#snmp-server force-iphdr-sender enable
VOSS02:1(config)#snmp-server location MiddleOfTheWorld
VOSS02:1(config)#snmp-server group "RWgroup" "" auth-priv read-view root write-view root notify-view root
VOSS02:1(config)#snmp-server user snmpuser group RWgroup md5 snmpauthcred des snmpprivcred

VOSS02:1(config)#snmp-server sender-ip 192.168.130.30 192.168.130.16
VOSS02:1(config)#snmp-server user engine-id 0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a snmpuser md5 snmpauthcred des snmpprivcred
VOSS02:1(config)#snmp-server host 192.168.130.30 v3 authpriv snmpuser inform

Where:
0x80:00:1f:88:80:cb:4b:36:51:8f:1b??5a = SNMP engine ID of the XMC
192.168.130.30 = IP address of the XMC
192.168.130.16 = IP address of the VSP

While the snmpuser is used with the same credentials for both SNMP queries and for SNMP informs. Both with authpriv.
Regards Zdeněk Pala
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN