SNMP 'read/write community' and 'SNMPv3 user' fails to set Syslocation and Syscontact on the ProxySG

book

Article ID: 166922

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

  • When configuring Solarwinds for SNMP to the ProxySG, the 'test' button fails for a 'read/write community' or 'SNMPv3 read/write users'
  • SNMP set-request fails for sysContact (1.3.6.1.2.1.1.4.0) and sysLocation (1.3.6.1.2.1.1.6.0) which causes test/configuration failure in Solarwinds, a SNMP management tool.
  • You are trying to use SNMP to 'set' SysLocation and SysContact but it fails.
  • Disable read/write community string and use 'read only' allows configuration of Solarwinds to complete.

Resolution

As part of the initial set-up of Solarwinds when defining a read/write community or read/write SNMPv3 user, Solarwinds sends a SNMP set-request for OID: sysContact (1.3.6.1.2.1.1.4.0) as a test.

Syscontact and Syslocation are configured as non-writeable OID's on the ProxySG for security reasons and has been set like this by design.

For this reason, attempting to 'test' a read/write community or read/write SNMPv3 user will fail. Solarwinds does not provide the reason for the failure, but a packetcapture will show that the OID is returned as being nonWriteable.

This behavior is verified using the snmpset command:

>snmpset -c ross123 -v2c 10.91.14.1 system.sysContact.0 s ross
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: SNMPv2-MIB::sysContact.0

>snmpset -c ross123 -v2c 10.91.14.1 system.sysLocation.0 s ross
Error in packet.
Reason: notWritable (That object does not support modification)
Failed object: SNMPv2-MIB::sysLocation.0

The only resolution is to remove the 'read/write' community/user and instead use a 'read' community/user in the Solarwinds configuration.

 

The only writable OID is 'snmpSetSerialNo' (1.3.6.1.6.3.1.1.6.1.0) left for purposes of testing the read-write attribute. All other OID's are set to 'read' only by design for security reasons.

You can only set 'snmpSetSerialNo' to the existing value. Conformation that this has worked will result in the Integer increasing by one:

Example:

1) View what the current value for 'snmpSetSerialNo':

>snmpget -c ross123 -v2c 10.91.14.1 1.3.6.1.6.3.1.1.6.1.0
iso.3.6.1.6.3.1.1.6.1.0 = INTEGER: 47190

2) Set the value to the current value (you shouldn't recieve any errors if that has worked)

>snmpset -c ross123 -v2c 10.91.14.1 1.3.6.1.6.3.1.1.6.1.0 i 47190
iso.3.6.1.6.3.1.1.6.1.0 = INTEGER: 47190

3) Check the new value of 'snmpSetSerialNo' and you should see it has increase by '1'

>snmpget -c ross123 -v2c 10.91.14.1 1.3.6.1.6.3.1.1.6.1.0
iso.3.6.1.6.3.1.1.6.1.0 = INTEGER: 47191