SNMP on IPV6 Network

book

Article ID: 186075

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

I'm trying to use SNMP on my network

After I put my secret credentials in, I get this error when i try to run sn snmpget:
    No log handling enabled - using stderr logging snmpget: Timeout

Cause

SA SNMP is unable to communicate over IPV6 network.

All SA hosts are using IPV6 and customer networks are all IPV6.

Configuration needs to be changed to allow this type of traffic from SA SNMP.
 

Environment

Release : 8.1.1 and previous to 7.3

Component : SNMP Interface

Customer is utilizing IPV6 for all TCP/IP traffic.

Resolution

Change SNMP UI settings page on SA box;

       
        Add an IPv6 firewall rule to allow inbound udp port 161
traffic. (MAKE SURE this new rule is not last in the list of rules as

        displayed in the UI -- i.e. below the "DROP ALL" rule -- or else the new rule will have no effect. In other words, after adding the new

        rule, drag it above the "DROP ALL" rule and make sure to save the settings with the rules in the correct order.)


The new ipv6 firewall rule should have the following attributes:

  Interface: eth0

  Protocol: udp

  Source Address: ANY

  Source Port: ANY

  Destination Address: ANY

  Destination Port: 161

  Policy: ACCEPT

 



Edit /etc/sysconfig/snmpd;
       
       # snmpd command line options

       # '-f' is implicitly added by snmpd systemd unit file

       # OPTIONS="-LS0-6d"

       OPTIONS="-LS0-6d 161: udp6:161"

 

Thank you Chris Clark