Unable to poll SNMP for Management Center
search cancel

Unable to poll SNMP for Management Center

book

Article ID: 185079

calendar_today

Updated On:

Products

Management Center

Issue/Introduction

Community strings are already configured on Management Center (MC) and a packet capture shows that MC not responding to snmpget nor snmpwalk. 

You want to know how to configure configure SNMPv2 or SNMPv3 on Management Center to be polled by Network Management System (NMS) 

Environment

SNMP polling against Management Center running version 2.0 and above.

 

Cause

Missing SNMP configuration on management center and/or ACL not allowing SNMP poll. 

Resolution

Management Center follows VACM base for SNMPv2c (RFC3415) and USM based (RFC3414) for SNMPv3 for Simple Network Management Protocol configuration.

By default Management Center's access control list (ACL) blocks SNMP requests.

Here is an example on how to configure MC for SNMPv2c for access with the public community string:

configure terminal
snmp
agent version v2c
agent enable
community public
sec-name public
exit
vacm group bccm member public sec-model v2c
vacm view bcmc subtree 1.3 included
vacm group bccm access v2c no-auth-no-priv read-view bcmc
exit

Here is an example on how to configure MC for SNMPv3 giving access to a user named "sha-user":

configure terminal
snmp 
agent version v3
agent enable
vacm group BCCM member sha-user sec-model usm
vacm view bcmc subtree 1.3 included
vacm group BCCM access usm auth-priv read-view bcmc
usm local user sha-user auth sha password publicv3
usm local user sha-user priv aes password publicv3

To allow an IP to access MC via SNMP, here's an example for IP 172.16.1.170

configure terminal

acl
rule 172.16.1.170/32 SNMP
exit

 

Here are examples of using the commands snmpget and snmpwalk from a Unix or Linux

For SNMPv2c

nms@172.16.1.170$ snmpget -v2c -c public <IP.of.target.device> sysUpTimeInstance

nms@172.16.1.170$ snmpwalk -v2c -c public <IP.of.target.device>

 

For SNMPv3:

nms@172.16.1.170$ snmpget -v3  -l authPriv -u sha-user -a sha -A "publicv3"  -x AES -X "publicv3" <IP.of.target.device> hrSystemUptime

nms@172.16.1.170$ snmpwalk -v3  -l authPriv -u sha-user -a sha -A "publicv3"  -x AES -X "publicv3" <IP.of.target.device>

 

Here are example commands to remove and disable SNMPv2c configuration from MC

configure terminal
snmp
no vacm view bcmc subtree 1.3
no vacm group bccm 
no community public
no agent version v2c
agent disable

 

Here are example commands to remove and disable SNMPv3 configuration from MC

configure terminal
snmp 
no usm local user sha-user
no vacm view bcmc subtree 1.3
no vacm group BCCM
no agent version v3
agent disable

 

 

Additional Information

Further information for MC SNMP configuration and OIDs are available at Management Center SNMP Monitoring Best Practices .    

MC MIB files can be download at Broadcom software portal under Management Center product

 

Tip:  Identifying Management Center's  OIDs can be pulled using snmp net tools

E.g.  

snmpwalk -m all -v2c -c public <IP.of.target.device>
snmpwalk -On -m all -v2c -c public <IP.of.target.device>

"-m"     load given list of MIBs (ALL loads everything)

"-On"   print OIDs numerically

Note: Syntax may be different dependent on  Linux distributions and/or snmp net tool version.  Please refer to the snmp tools man page.