10-20-2016 12:56 PM - edited 03-01-2019 05:04 AM
So Tomas de Leon has put together a really excellent guide for configuring SNMP and its also just been recently updated and so is very current (Sept 2016) Having followed his instructions, I'm still not able to query the APICs.
The leafs are all fine.
----------------------- New Test -----------------------
Paessler SNMP Tester 5.2.3 Computername: PARADISEDANCER Interface: 10.1.12.198
10/20/2016 12:46:43 PM (4 ms) : Device: 10.5.1.41
10/20/2016 12:46:43 PM (7 ms) : SNMP V2c
10/20/2016 12:46:43 PM (9 ms) : Custom OID 1.3.6.1.2.1.1.1.0
10/20/2016 12:46:43 PM (93 ms) : SNMP Datatype: ASN_OCTET_STR
10/20/2016 12:46:43 PM (99 ms) : -------
10/20/2016 12:46:43 PM (101 ms) : Value: Cisco NX-OS(tm) aci, Software (aci-n9000-system), Version 12.0(1o), RELEASE SOFTWARE Copyright (c) 2002-2015 by Cisco Systems, Inc. Compiled 2016/07/16 20:44:43
10/20/2016 12:46:43 PM (103 ms) : Done
I searched for exactly which MIBs were supported on the APICs and looked for a generid OID I might use. I made sure each apic node had a static management address.
Cisco System MIB
lax-ctl01# show snmp hosts
IP-Address Version Security Level Community
-------------------- ---------- ---------- --------------------
10.1.12.198 v2c noauth *****
lax-ctl01# show snmp summary
Active Policy: default, Admin State: enabled
Local SNMP engineID: [Hex] 0x8000000980a5624f305223c45700000000
----------------------------------------
Community Description
----------------------------------------
****** RO SNMP String
------------------------------------------------------------
User Authentication Privacy
------------------------------------------------------------
------------------------------------------------------------
Client-Group Mgmt-Epg Clients
------------------------------------------------------------
LAX-SNMP-ClientGrpProf default (Out-Of-Band) 10.1.12.198
------------------------------------------------------------
Host Port Version Level SecName
------------------------------------------------------------
10.1.12.198 162 v2c noauth *********
lax-ctl01# moquery -c snmpPol
Total Objects shown: 1
# snmp.Pol
name : default
adminSt : enabled
childAction :
contact : Network Services
descr : SNMP Policy for Fabric
dn : uni/fabric/snmppol-default
lcOwn : local
loc : LV1
modTs : 2016-10-20T11:45:17.742+00:00
monPolDn : uni/fabric/monfab-default
ownerKey :
ownerTag :
rn : snmppol-default
status :
uid : 0
10-20-2016 02:32 PM
Following some of the troubleshooting information in the SNMP Tech Note I notice I'm missing some managed objects but its not clear to me where I went wrong!
lax-ctl01#
lax-ctl01# show snmp policy default
Name Admin State Location Contact Description
-------------------- ---------- -------------------- -------------------- --------------------
default enabled lax Network Services SNMP Policy for
lax Fabric
lax-ctl01# show snmp community
SNMP Policy Community Name Description
-------------------- -------------------- ------------------------------
default ****** RO SNMP String
lax-ctl01# show snmp hosts
IP-Address Version Security Level Community
-------------------- ---------- ---------- --------------------
10.1.12.198 v2c noauth ******
lax-ctl01# show snmp clientgroups
SNMP Policy Name Description Client Entries Associated Management EPG
-------------------- -------------------- -------------------- -------------------- --------------------
default lax-SNMP- 10.1.12.198 default (Out-Of-Band)
ClientGrpProf
default SNMP-Pollers- 10.2.6.16,10.2.3. default (Out-Of-Band)
ClientGrpPol 9,10.2.1.3
lax-ctl01#
lax-ctl01# moquery -c mgmtSubnet
No Mos found
lax-ctl01# moquery -c mgmtRsOoBCons
No Mos found
lax-ctl01# moquery -c vzOOBBrCP
Total Objects shown: 2# vz.OOBBrCP
name : default
childAction :
configIssues :
descr :
dn : uni/tn-common/oobbrc-default
lcOwn : local
modTs : 2016-08-29T11:58:27.363+00:00
monPolDn : uni/tn-common/monepg-default
ownerKey :
ownerTag :
prio : unspecified
reevaluateAll : no
rn : oobbrc-default
scope : context
status :
targetDscp : unspecified
uid : 0# vz.OOBBrCP
name : lax-OOB-Contract
childAction :
configIssues :
descr : OOB Contract - Global
dn : uni/tn-mgmt/oobbrc-lax-OOB-Contract
lcOwn : local
modTs : 2016-10-20T11:39:45.165+00:00
monPolDn : uni/tn-common/monepg-default
ownerKey :
ownerTag :
prio : unspecified
reevaluateAll : no
rn : oobbrc-lax-OOB-Contract
scope : global
status :
targetDscp : unspecified
uid : 15374lax-ctl01# moquery -c vzEntry | grep 161
dFromPort : 161
dToPort : 161
lax-ctl01# moquery -c vzEntry | grep 162
dFromPort : 162
dToPort : 162
lax-ctl01# moquery -c mgmtRsOoBStNode | egrep "tDn|addr"
tDn : topology/pod-1/node-101
addr : 10.5.1.31/24
tDn : topology/pod-1/node-102
addr : 10.5.1.32/24
tDn : topology/pod-1/node-103
addr : 10.5.1.33/24
tDn : topology/pod-1/node-104
addr : 10.5.1.34/24
tDn : topology/pod-1/node-201
addr : 10.5.1.41/24
tDn : topology/pod-1/node-202
addr : 10.5.1.42/24
tDn : topology/pod-1/node-203
addr : 10.5.1.43/24
tDn : topology/pod-1/node-204
addr : 10.5.1.44/24
tDn : topology/pod-1/node-205
addr : 10.5.1.45/24
tDn : topology/pod-1/node-206
addr : 10.5.1.46/24
tDn : topology/pod-1/node-207
addr : 10.5.1.47/24
tDn : topology/pod-1/node-208
addr : 10.5.1.48/24
tDn : topology/pod-1/node-209
addr : 10.5.1.49/24
tDn : topology/pod-1/node-210
addr : 10.5.1.50/24
tDn : topology/pod-1/node-3
addr : 10.5.1.13/24
lax-ctl01# moquery -c mgmtRsInBStNode | egrep "tDn|addr"
lax-ctl01# moquery -c snmpCtxP
No Mos found
lax-ctl01# moquery -c snmpSrc | egrep "snmp.Src|name|dn|incl|minSev|monPolDn"
# snmp.Src
name : lax-Access-MonPol-SNMP-Source
dn : uni/infra/moninfra-default/snmpsrc-lax-Access-MonPol-SNMP-Source
incl : events,faults
minSev : info
monPolDn : uni/infra/moninfra-default
# snmp.Src
name : lax-SNMP-Source
dn : uni/fabric/monfab-default/snmpsrc-lax-SNMP-Source
incl : events,faults
minSev : info
monPolDn : uni/fabric/monfab-default
# snmp.Src
name : lax-CommonPol-SNMP-Source
dn : uni/fabric/moncommon/snmpsrc-lax-CommonPol-SNMP-Source
incl : events,faults
minSev : info
monPolDn : uni/fabric/moncommon
lax-ctl01#
10-20-2016 07:32 PM
MIBs Supported by APIC
MIB RELEASE
CISCO-SYSTEM-MIB 1.2(1)
ENTITY-MIB 1.2(1)
CISCO-ENTITY-EXT-MIB 1.2(1)
CISCO-ENTITY-FRU-CONTROL-MIB 1.2(1)
CISCO-ENTITY-SENSOR-MIB 1.2(1)
CISCO-PROCESS-MIB 1.2(1)
Note: not all objects in mibs are available. The hardware is different so some objects may not be available.
Try the following to the APIC.
example where:
community = deadbeef
APIC IP = 192.168.242.11
$ snmpget -v2c -c deadbeef 192.168.242.11 SNMPv2-MIB::sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: APIC VERSION 2.1(1h); PID APIC-SERVER-L1; Serial FCH12345678
$ snmpget -v2c -c deadbeef 192.168.242.11 1.3.6.1.2.1.1.1.0
SNMPv2-MIB::sysDescr.0 = STRING: APIC VERSION 2.1(1h); PID APIC-SERVER-L1; Serial FCH12345678
$ snmpwalk -v2c -c deadbeef 192.168.242.11 1.3.6.1.2.1.1.1
SNMPv2-MIB::sysDescr.0 = STRING: APIC VERSION 2.1(1h); PID APIC-SERVER-L1; Serial FCH12345678
10-21-2016 06:51 AM
These two missing constructs were added but still no go.
These two were also missing. I'm trying to see if I can track these mos down in the APIC docs.
lax-ctl01# moquery -c mgmtRsInBStNode | egrep "tDn|addr"
lax-ctl01# moquery -c snmpCtxP
No Mos found
lax-ctl01# moquery -c snmpCtxP
No Mos found
lax-ctl01# show snmp clientgroups
SNMP Policy Name Description Client Entries Associated Management EPG
-------------------- -------------------- -------------------- -------------------- --------------------
default LAX-SNMP-TEST- 10.5.12.198 default (Out-Of-Band)
ClientGrpProf
default LAX-SNMP-Pollers- 10.2.6.163,10.2.3. default (Out-Of-Band)
ClientGrpPol 129,10.2.1.34
10-21-2016 08:23 AM
I would suggest opening a case with the Cisco TAC and the ACI team can get on a webex with you and troubleshoot issues. Probably need to run some tcpdumps and check the iptables for snmp.
Thanks
T.
02-10-2017 03:47 AM
Claudia & Tomas
Did you get this solved? I am having the exact same issue.
I have configured OOB addresses for the spine and leaf
I have defined the SNMP contracts and it is applied.
I also get the -2003 result from PRTG when testing the same OID as you use above.
CallHome and Syslog are working
I am using the VM appliance, so understand that there are limitations, but as callhome and
02-10-2017 07:21 AM
* Unconfigure your snmp context and then perform an snmpwalk to see of you receive any snmp information back.
* Also, for test purposes configure a different community string without any special characters and shorter in length. For example, cisco123.
thanks
T.
02-10-2017 07:54 AM
I never through to change the community string!
I am getting some data returned now.
Many thanks for your help Tomas!
10-20-2016 07:49 PM
In addition, I noticed some things..
Where is the "static node management" address' for Node-1 & Node-2?
moquery -c mgmtRsOoBStNode | egrep "tDn|addr"
Only shows APIC3.
Another issue seen:
lax-ctl01# moquery -c mgmtSubnet
No Mos found
lax-ctl01# moquery -c mgmtRsOoBCons
No Mos found
These commands lookup configuration for the "External Management Network Instance Profile" this is necessary to get your snmp walks and snmp gets to work correctly. You need to add your OOB Contract to the "External Management Network Instance Profile" along with the "Subnets" that you want to allow.
Also, you need to add your SNMP client's IP to the SNMP Client Group in the Fabric Policies for SNMP...
Cheers!
T.
10-21-2016 06:11 AM
Thanks for catching that Tomas. I was initially testing with just Node-3 which is why you only see it in this output but then I though...Is that the issue? Do they all need to be addressed for any of them to respond (Yes..I was reaching) and so I finished up adding them in and there was no difference.
I've defined the two missing constructs.
What does the Subnet field actually represent? What external subnets can query? So I just basically said "all" with the 0.0.0.0/0 entry?
lv1-ctl01# moquery -c mgmtSubnet
Total Objects shown: 1
# mgmt.Subnet
ip : 0.0.0.0/0
childAction :
descr :
dn : uni/tn-mgmt/extmgmt-default/instp-LV1-ExtMgmtNetworkInstanceProfile/subnet-[0.0.0.0/0]
lcOwn : local
modTs : 2016-10-21T06:08:08.192+00:00
monPolDn : uni/tn-common/monepg-default
name :
rn : subnet-[0.0.0.0/0]
status :
uid : 15374
lv1-ctl01# moquery -c mgmtRsOoBCons
Total Objects shown: 1
# mgmt.RsOoBCons
tnVzOOBBrCPName : LV1-OOB-Contract
childAction :
deplInfo :
dn : uni/tn-mgmt/extmgmt-default/instp-LV1-ExtMgmtNetworkInstanceProfile/rsooBCons-LV1-OOB-Contract
forceResolve : yes
lcOwn : local
modTs : 2016-10-21T06:08:08.325+00:00
monPolDn : uni/tn-common/monepg-default
prio : unspecified
rType : mo
rn : rsooBCons-LV1-OOB-Contract
state : formed
stateQual : none
status :
tCl : vzOOBBrCP
tContextDn :
tDn : uni/tn-mgmt/oobbrc-LV1-OOB-Contract
tRn : oobbrc-LV1-OOB-Contract
tType : name
triggerSt : triggerable
uid : 15374
lv1-ctl01#
10-21-2016 06:47 AM
the subnets definition (.ie 0.0.0.0/0) represents which subnets that can access your OOB management network.
And yes, any node that you want to push a management or data collection policy to needs to have a management address defined. They all do not have to have them (but recommended). Only the nodes that you want the policy to work and gather data from.
From the APIC, please provide the output of "show snmp clientgroups"
Thanks
T.
02-16-2017 05:26 AM
I can connect to the leafs and spines from solarwinds but cannot connect to the APIC itself.
I also did not need to create contracts for the leaf/spines.
Have attempted to add a contract but the APICs are still not seen from Solarwinds. I suspect I've mis-configured along the way. Is there a step-by-step guide on adding APICS to receive SNMP reads?
Many thanks
Ian Gallimore
02-16-2017 06:14 AM
Ian,
Check out here:
https://supportforums.cisco.com/blog/13100731/ask-aci-experts-snmp-aci-fabric
There is my Technote and SNMP Guide for ACI there. Also, make sure the the APIC IP Addresses are added to the Solarwinds Servers as an snmp Agent.
Also, make sure the Solarwinds Servers are added to the SNMP Client Groups. If you are using OOB for management, Contracts are required for SNMP and applied to the OOB external management instance. One last thing that people miss, You need to add "Static node management addresses" for the APICs in addition to Leaf & Spines for the policy to be successfully deployed.
I hope this helps!
T.
02-16-2017 07:47 AM
Great, thanks Tomas!
I was missing - "Static node management addresses" for the APICs
Best Regards
Ian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide