Solved: SNMP Connectivity Failed but SNMP Walk (partially) OK

ssambourg · ‎09-17-2019

Hello,

I'm using a Cisco Prime Infra 3.6 (Patch 2). I have the same problem with two "WS-C2960S-24TS-L" version 12.2(53)SE2 for the first and 15.2(2)E9 for the second one.

I am using SNMP v3 (MD5/AES128 and try at first with AES258). But the problem is the same if I try with SNMP v2c.

Here is my SNMP configuration on switch side : (prime 192.168.113.34)

snmp-server engineID local 8000000903000009E8432381
snmp-server group prime-group v3 priv
snmp-server view myview iso included
snmp-server community public RO acl-snmp
snmp-server community private RW acl-snmp
snmp-server chassis-id Switch
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps rtr
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps vlan-membership
snmp-server host 192.168.113.34 version 3 priv Pr1meSnMp-RW
snmp-server host 192.168.113.34 version 2c private
snmp-server host 192.168.113.34 version 2c public
snmp-server host 192.168.113.35 version 2c public

What I see when I add one of these switch into Prime :

Some SNMP informations are collected by Prime. On switch side, the SNMP debug :

[...]
 ciscoEnvMonSupplyStatusEntry.2.1006 = NULL TYPE/VALUE
044811: Sep 17 11:36:03.864: SNMP: Response, reqid 983959, errstat 0, erridx 0
 ciscoEnvMonSupplyStatusEntry.3.1006 = 1
 ciscoEnvMonSupplyStatusEntry.2.1006 = Sw1, PS1 Normal, RPS NotExist
044812: Sep 17 11:36:03.874: SNMP: Packet sent via UDP to 192.168.113.35
044813: Sep 17 11:36:04.409: SNMP: Packet received via UDP from 192.168.113.35 on Vlan3
044814: Sep 17 11:36:04.409: SNMP: Get request, reqid 983956, errstat 0, erridx 0
 ciscoMemoryPoolEntry.5.16 = NULL TYPE/VALUE
 ciscoMemoryPoolEntry.6.16 = NULL TYPE/VALUE
044815: Sep 17 11:36:04.414: SNMP: Response, reqid 983956, errstat 0, erridx 0
 ciscoMemoryPoolEntry.5.16 = 40
 ciscoMemoryPoolEntry.6.16 = 1048536
044816: Sep 17 11:36:04.414: SNMP: Packet sent via UDP to 192.168.113.35
044817: Sep 17 11:36:04.949: SNMP: Packet received via UDP from 192.168.113.34 on Vlan3
044818: Sep 17 11:36:04.949: SNMP: Report, reqid 2147483647, errstat 0, erridx 0
 usmStats.2.0 = 363
044819: Sep 17 11:36:04.949: SNMP: Packet sent via UDP to 192.168.113.34
044820: Sep 17 11:36:10.360: SNMP: Packet received via UDP from 192.168.113.35 on Vlan3
044821: Sep 17 11:36:10.360: SNMP: Get request, reqid 983961, errstat 0, erridx 0
 cpmCPUTotalEntry.4.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.7.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.17.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.19.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.23.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.12.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.13.1 = NULL TYPE/VALUE
 cpmCPUTotalEntry.15.1 = NULL TYPE/VALUE
 ciscoMemoryPoolEntry.5.1 = NULL TYPE/VALUE
 ciscoMemoryPoolEntry.6.1 = NULL TYPE/VALUE
 lsystem.8.0 = NULL TYPE/VALUE
 lsystem.19.0 = NULL TYPE/VALUE
 lsystem.27.0 = NULL TYPE/VALUE
 lsystem.35.0 = NULL TYPE/VALUE
 lsystem.43.0 = NULL TYPE/VALUE
 lsystem.67.0 = NULL TYPE/VALUE
 lsystem.47.0 = NULL TYPE/VALUE
 snmpEngine.2.0 = NULL TYPE/VALUE
 snmpEngine.3.0 = NULL TYPE/VALUE
044822: Sep 17 11:36:10.391: SNMP: Response, reqid 983961, errstat 0, erridx 0
 cpmCPUTotalEntry.4.1 = 8
 cpmCPUTotalEntry.7.1 = 8
 cpmCPUTotalEntry.17.1 = NO_SUCH_OBJECT_EXCEPTION
 cpmCPUTotalEntry.19.1 = NO_SUCH_OBJECT_EXCEPTION
 cpmCPUTotalEntry.23.1 = NO_SUCH_OBJECT_EXCEPTION
 cpmCPUTotalEntry.12.1 = NO_SUCH_OBJECT_EXCEPTION
 cpmCPUTotalEntry.13.1 = NO_SUCH_OBJECT_EXCEPTION
 cpmCPUTotalEntry.15.1 = NO_SUCH_OBJECT_EXCEPTION
 ciscoMemoryPoolEntry.5.1 = 26451444
 ciscoMemoryPoolEntry.6.1 = 47745184
 lsystem.8.0 = 47745184
 lsystem.19.0 = 25
 lsystem.27.0 = 6983
 lsystem.35.0 = 23560
 lsystem.43.0 = 0
 lsystem.67.0 = 0
 lsystem.47.0 = 0
 snmpEngine.2.0 = 1
 snmpEngine.3.0 = 886
[...]

And I notice that the SNMP Get request loop like if there is a missing information collection.

From Prime Infra, the SNMP Walk give :

ade # snmpwalk -v3 -u Pr1meSnMp-RW -l AuthPriv -a MD5 -A ******* -x AES -X ****** 192.168.107.223
SNMPv2-MIB::sysDescr.0 = STRING: Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 21-Apr-10 06:08 by prod_rel_team
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.9.1.1208
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (114031903) 13 days, 4:45:19.03
SNMPv2-MIB::sysContact.0 = STRING: *********
SNMPv2-MIB::sysName.0 = STRING: *****
SNMPv2-MIB::sysLocation.0 = STRING: *****
SNMPv2-MIB::sysServices.0 = INTEGER: 6
SNMPv2-MIB::sysORLastChange.0 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::enterprises.9.7.129
SNMPv2-MIB::sysORID.2 = OID: SNMPv2-SMI::enterprises.9.7.115
SNMPv2-MIB::sysORID.3 = OID: SNMPv2-SMI::enterprises.9.7.265
SNMPv2-MIB::sysORID.4 = OID: SNMPv2-SMI::enterprises.9.7.112
SNMPv2-MIB::sysORID.5 = OID: SNMPv2-SMI::enterprises.9.7.106
SNMPv2-MIB::sysORID.6 = OID: SNMPv2-SMI::enterprises.9.7.47
SNMPv2-MIB::sysORID.7 = OID: SNMPv2-SMI::enterprises.9.7.122
SNMPv2-MIB::sysORID.8 = OID: SNMPv2-SMI::enterprises.9.7.135
SNMPv2-MIB::sysORID.9 = OID: SNMPv2-SMI::enterprises.9.7.43
SNMPv2-MIB::sysORID.10 = OID: SNMPv2-SMI::enterprises.9.7.37
SNMPv2-MIB::sysORID.11 = OID: SNMPv2-SMI::enterprises.9.7.92
SNMPv2-MIB::sysORID.12 = OID: SNMPv2-SMI::enterprises.9.7.53
SNMPv2-MIB::sysORID.13 = OID: SNMPv2-SMI::enterprises.9.7.54
SNMPv2-MIB::sysORID.14 = OID: SNMPv2-SMI::enterprises.9.7.52
SNMPv2-MIB::sysORID.15 = OID: SNMPv2-SMI::enterprises.9.7.93
SNMPv2-MIB::sysORID.16 = OID: SNMPv2-SMI::enterprises.9.7.186
SNMPv2-MIB::sysORID.17 = OID: SNMPv2-SMI::enterprises.9.7.128
SNMPv2-MIB::sysORID.18 = OID: SNMPv2-SMI::enterprises.9.7.121
SNMPv2-MIB::sysORID.19 = OID: SNMPv2-SMI::enterprises.9.7.44
SNMPv2-MIB::sysORID.20 = OID: SNMPv2-SMI::enterprises.9.7.99999
SNMPv2-MIB::sysORID.21 = OID: SNMPv2-SMI::enterprises.9.7.350
SNMPv2-MIB::sysORID.22 = OID: SNMPv2-SMI::enterprises.9.7.33
SNMPv2-MIB::sysORID.23 = OID: SNMPv2-SMI::enterprises.9.7.130
SNMPv2-MIB::sysORID.24 = OID: SNMPv2-SMI::enterprises.9.7.116
[...]

and the walk stop/pause at this point :

[...]
SNMPv2-MIB::sysORUpTime.73 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.74 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.75 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.76 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.77 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.78 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.79 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.80 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.81 = Timeticks: (0) 0:00:00.00
SNMPv2-MIB::sysORUpTime.82 = Timeticks: (0) 0:00:00.00

And after a wait of about 30s, the SNMP Walk go on very slowly :

[...]
IF-MIB::ifSpeed.10109 = Gauge32: 10000000
IF-MIB::ifSpeed.10110 = Gauge32: 10000000
IF-MIB::ifSpeed.10111 = Gauge32: 1000000000
IF-MIB::ifSpeed.10112 = Gauge32: 1000000000
[...]

When the Add/Sync process is in progress into prime, I can go to Monitor > Network Device and see some SNMP information (interface, vlan spanning-tree, uptime, ...).

I don't know if this setting is correct regarding my hardware & software :

snmp-server engineID local 8000000903000009E8432381

What I read is that any change on this setting implie to recreat my SNMP v3 group & user.

ssambourg · ‎09-18-2019

Hi Guys,

Finally I find a solution after reading details on local EngineID.

I found this here :

https://www.cisco.com/assets/sol/sb/SG220_Emulators/SG220_Emulator_v1-0-0-18_20140626/help/SNMP05.html

The Engine ID is only used by SNMPv3 entities to uniquely identify them. An SNMP agent is considered an authoritative SNMP engine. This means that the agent responds to incoming messages (Get, GetNext, GetBulk, Set), and sends trap messages to a manager.

After suppressing snmp-server engineID local.

Modifying the local engineID means to suppress and recreat SNMP v3 user and group.

Configuration example :

conf t
no snmp-server user Pr1meSnMp-RW prime-group v3
no snmp-server group prime-group v3 priv
no snmp-server engineID local 
no snmp mib community-map public engineid
snmp-server group prime-group v3 priv access acl-snmp 
snmp-server user Pr1meSnMp-RW prime-group v3 auth md5 ****** priv aes 128 ******

Then the show snmp user show my user with the new unique local engineID.

After doing this modification, I sync the devices and the issue is resolved.

HTH

View solution in original post

ssambourg · ‎09-18-2019