We have an SNMPv3 device that is continuously losing contact with Spectrum. We can reach this device every time with an snmpwalk even when Spectrum cannot communicate.
How can we troubleshoot this further?
SNMP query works from server CLI but device is not responding to discovery from the OneClick UI.
Attempting to update device to SNMPv3 in Spectrum. Device responds to original SNMPv2 credentials. Device fails IP discovery. ICMP responds but SNMPv3 does not.
Attempt to test through MIB Tool -> Contact Criteria seems to hang, never responds to either SNMPv2 nor SNMPv3.
From server command line, SNMPv3 responds using the sapwalk2 command and the same SNMPv3 credentials set in Spectrum.
All supported DX NetOps Spectrum releases
In SNMPv3 all Engine ID´s must be unique, from the Engine ID Spectrum will store the Engine Time which cannot exceed 150 seconds and the Engine Boots which can never decrease in value.
When another device on the network has the same Engine ID the Engine Time and Engine Boots will not match and this causes the problem.
To determine if the is the problem take the following steps.
The Engine Boots cannot be a lower number and the Engine Time has to be less then 150 seconds difference. If either of these are present, then most likely there are devices with duplicate SNMPv3 EngineID values.
If you have any further doubts or questions, please provide the packet capture, VNM.OUT logs and the SNMPv3 cache dump to Support for further analysis. To analyze the data we'll need the SNMPv3 community string to decode the encrypted packets in the packet capture data.
When reviewing packet capture data if we see an SNMPv3 Report being sent from the device using OID 1.3.6.1.6.3.15.1.1.5.0 (wrong Digest) this indicates the credentials used are incorrect. If the credentials are correct ensure the default SNMPV3 settings for protocols match what is being sent from the device. See these values in the $SPECROOT/SS/.vnmrc file.
For example if these settings are set but the device is using SHA and 3DES then you have to prefix the community string between the password as follows in this sample.
KB Article: Troubleshooting Devices configure SNMPv3 SHA/AES
KB Article: Unsupported characters for SNMPv3 community strings
Troubleshoot SNMPv3 Communication Issues documentation topic