Nexus 3500 snmp traps not sending

matthewhenshaw · ‎06-04-2015

We have a pair of Nexus 3500 switches. We are monitoring them using Prime Infrastructure 2.1 using snmpv3. Prime sees the switches fine and is able to show information on them. I have some 2960X's configured using snmp v3 and they are sending traps to prime and everything is working fine. When I run a tcpdump on the Prime server it does not see any traps coming from the Nexus switches, so I am starting to think the problem is with the switches and not Prime. See below for my SNMP config and the output of "show snmp user"

snmp-server contact XXXXX_Helpdesk
snmp-server location XXXXXXXXXX
snmp-server source-interface trap Vlan1
snmp-server source-interface inform Vlan1
no snmp-server tcp-session auth
snmp-server user super network-admin auth sha 0x12345600f7bec0d79e2724de0a40
e8e268c6 priv 0x48e7aa888600f7bec0d79e2724de0a40e8e268c6 localizedkey
snmp-server user test network-operator auth sha 0x12345a45a5eb73beb4f9b3a436
5ff37844523 localizedkey
snmp-server host x.x.x.x traps version 3 auth test
snmp-server enable traps callhome event-notify
snmp-server enable traps callhome smtp-send-fail
snmp-server enable traps cfs state-change-notif
snmp-server enable traps lldp lldpRemTablesChange
snmp-server enable traps cfs merge-failure
snmp-server enable traps aaa server-state-change
snmp-server enable traps hsrp state-change
snmp-server enable traps upgrade UpgradeOpNotifyOnCompletion
snmp-server enable traps upgrade UpgradeJobStatusNotify
snmp-server enable traps feature-control FeatureOpStatusChange
snmp-server enable traps sysmgr cseFailSwCoreNotifyExtended
snmp-server enable traps config ccmCLIRunningConfigChanged
snmp-server enable traps snmp authentication
snmp-server enable traps link cisco-xcvr-mon-status-chg
snmp-server enable traps vtp notifs
snmp-server enable traps vtp vlancreate
snmp-server enable traps vtp vlandelete
snmp-server enable traps bridge newroot
snmp-server enable traps bridge topologychange
snmp-server enable traps stpx inconsistency
snmp-server enable traps stpx root-inconsistency
snmp-server enable traps stpx loop-inconsistency
snmp-server enable traps poe portonoff
snmp-server enable traps poe pwrusageon
snmp-server enable traps poe pwrusageoff
snmp-server enable traps poe police

XXXXXCORE1# show snmp user
______________________________________________________________
SNMP USERS
______________________________________________________________

User Auth Priv(enforce) Groups
____ ____ _____________ ______
super sha des(no) network-admin

test sha no network-operator

______________________________________________________________
NOTIFICATION TARGET USERS (configured for sending V3 Inform)
______________________________________________________________

User Auth Priv
____ ____ ____

Any Ideas why the switch is not sending traps ??????

AFROJ AHMAD · ‎06-05-2015

Hi ,

you need to configure the below command , if you are using VRF.

snmp-server host ip-address use-vrf vrf_name [udp_port number]

For Example:

switch(config)# snmp-server host 192.0.2.1 use-vrf management

hope it will help

Also , you can run "debug SNMP all" command and "term mon" to diagnose the issue if above does not help

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

matthewhenshaw · ‎06-05-2015

That seens to make help. Now I can see the SNMP Traps arriving at the PI servers when I run tcpdump on the PI server, but there is still nothing showing up in PI in the alarms and events.

Here is the output of the tcpdump

16:22:56.477286 IP (tos 0x0, ttl 64, id 31513, offset 0, flags [none], proto: UDP (17), length: 88) 10.28.255.253.14848 > prime.snmptrap: { SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E= C= { GetRequest(12) R=190 [|snmp] } } }

AFROJ AHMAD · ‎06-06-2015

Hi Matt,

not all types of traps supported in PI , I would suggest to test a linkup \link down trap from Nexus and see if you can found it under alram and event

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

matthewhenshaw · ‎06-06-2015

I enabled all traps on the Nexus, then tried a shut/no shut on a loopback interface and PI did not report anything. I also tried a HSRP state change and nothing.

AFROJ AHMAD · ‎06-07-2015

Hi Matt,

get the sysobjectID of switch and check if the device is supported in PI from the below link:

http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-infrastructure/products-device-support-tables-list.html

Thanks-

Afroz

***Ratings Encourages Contributors ***

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

matthewhenshaw · ‎06-08-2015

I am starting to think it is any issues with the switch blocking traffic somehow. I had to remove our dhcp server from the switch and plug it into a downstream 2960 because DHCP broadcasts seem to get filtered if passing through the the Nexus, and I just had a call from our Windows Server admin that reports the they are having issues with LDAP syncing though it using port 389 and TLS. So far I am not a fan of these Nexus Switches, give me a IOS switch anyday.

Claudio Gonzalez Sequeira · ‎08-07-2015

Hi Matt,

Most of the times this issue is because you are not using the correct vrf.

as Afroj mentioned you need to configure the VRF command, but first do the following to confirm if you are using the respective VRF.

check the following command :

- show ip inter brief vrf all

this command will display all yours vrf then you just need to check in which vrf is the ip add that is connected to your NMS Tool .

then just configure the command:

switch(config)# snmp-server host x.x.x.x use-vrf <vrf name>

also, you can do some quick test for the snmp traps and check if you received those traps in your tool.

test pfm test-SNMP-trap powersupply

test pfm test-SNMP-trap temp-sensor

hope it helps!

Claudio Gonzalez