Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 7
Registered: ‎08-13-2009

ServerIron SNMP queryin

Hi

I've had to take over a Foundry ServerIron 400 and 4G, and I'm uploading its config via tftp, but I get these errors when uploading:

Error:  Group already exists.

Error:  Access Entry already exists.

Error:  Group already exists.

Error:  Access Entry already exists.



I've traced them to this command:

snmp-server community 1 <some hash> ro 30

the access-group 30 is defined later in the config as:

access-list 30 permit host 192.168.yyy.x

So it seems that the ServerIron already has a community defined, but the access-list is empty before the config file is uploaded, so I can't see that the access group being a problem

Can I ignore this error, and how do I view the communities and the access lists they are assigned?

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron SNMP queryin

I doubt this is related to the access-list entry you have mentioned. I guess your SNMP configuration is SNMP v3 style. I do remember that the message "Error:  Access Entry already exists." is related to the command:


snmp-server group snmpadmin v3 auth read all write all


You do see it in case the config you are trying to copy to the ServerIron includes an snmp group which is defined at the ServerIron already. It is therefore not able to add it again.


The message (not shown in your example below) "Error:  User already exists." is related to SNMP user accounts. Would you please be so kind to share your SNMP config? It should be pretty easy to find the reason for the other message looking at your SNMP config. Keep in mind that the intention behind copy'ing something over the running config is to change ACLs:

ServerIron 4G#copy tftp
  flash            To code image in flash memory
  running-config   To running config file (for ACL only)
  startup-config   To startup config file

Each of the messages coming up implies that the ServerIron was not able to put the command into the running configuration because there was a problem with something which was configured already.

Copy'ing something over the startup config does not have these problem but it requires a reload to activate the changes.

Occasional Contributor
Posts: 7
Registered: ‎08-13-2009

Re: ServerIron SNMP querying

This is all the commands I have in relation to snmp:

snmp-server

snmp-server community 1 <hashA> ro 30

snmp-server contact "SysAdmin <sysadmin@host.com>

snmp-server location "SF"

snmp-server host 192.168.156.8 1 <hashA>

snmp-client 203.xxx.yyy.zzz

snmp-client 192.168.156.8



I don't get any error about "existing users" when I upload the file into running config.  I tried uploading the config into the startup config and reloading, which seems to not bring up the snmp errors, but I get other errors of:

No client public key present   (not sure if this is important or not)



Log message from slot 1 cpu 1:

Error 3 configuring 63.xxx.yy.1:443


Log message from slot 1 cpu 1:

Error 3 configuring 63.xxx.yy.2:443



I suspect the last two errors are from the incomplete ssl setup I have here. I'm moving the config from a ServerIron 450 to a ServerIron 4G-SSL-PREM, and I think I have to copy over the keys and certs over to the new ServerIron before the ssl will work properly.

Sorry for all the questions, but this is very new to me, and I've been dumped in the deep end .

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron SNMP querying

It looks like the messages you got are all SSL related except the first one which looks like SSH and you do have to copy your keys and certificates to the new box. Try to recreate the SSH key as well using:

crypto key generate dsa

and check all SSH related settings in your configuration.You might have key authentication enabled looking for locally stored client key.

It might make sense to move the configuration step by step using cut & paste - this is what I am doing most of the time migrating to a new system. This ensures you do see what is actually happening. Otherwise you start looking for reason why a few lines out of hundres or thousands do not work and you do not even know which lines. It can not take more than 15 minutes to cut & paste such a config block by block.

It is always a good idea to raise a ticket if you do not help with problems you can not locate.

I hope the software release at the 4G-SSL-PREM is a current one. I would suggest a late 10.2.01 patch release.

Occasional Contributor
Posts: 7
Registered: ‎08-13-2009

Re: ServerIron SNMP querying

Do i need a current support license for the latest firmware?  I think they told me we don't have support anymore for these boxes. The versions are I think 9.5 firmwares, and I can't seem to access the downloads section in my.brocade.com at the moment, so I can't see if new firmware is there...

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron SNMP querying

It is unfortunately necessary to have a support contract to download firmware images. 9.5.02 is as well OK as long as it is not one of the initial releases - I do prefer later patch releases. You should think about renewing your support contract. Application Delivery Controller are normally a quite important part of your network and I would not use them without having support from the vendor behind them.

Occasional Contributor
Posts: 7
Registered: ‎08-13-2009

Re: ServerIron SNMP querying

My local testing one is   SW: Version 09.5.02aTI4 Copyright (c) 1996-2003 Foundry Networks, Inc.

I'm not sure of the remote version, but I suspect its the same. I'll have to talk to management/accounts about renewing the support license

Super Contributor
Posts: 316
Registered: ‎05-01-2009

Re: ServerIron SNMP querying

9.5.02a was the first release supporting the ServerIron 4G - out of the release notes:

Release 09.5.02a is the first release for ServerIron 4G series. The ServerIron 4G series introduces two new
stackable switches: ServerIron 4G and ServerIron 4G-SSL.

Do you have important stuff running at the ServerIron? If so: yep - talk to your management .

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook