Ethernet Switches & Routers

Reply
Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Enable SNMP server - Management Port

Hello,

  I am having some difficulties with, yet again, something very simple.

1. How do I enable the SNMP-server ? do I have to specifically tell the router which port to use?

SSH@yuledge-1#show snmp server

       Status: Disabled

2. Can the mgmt port on the CER receive snmp queries? or must this be handled by the ethernet port?

SSH@yuledge-1(config)#snmp-server enable ethernet 2/1
SSH@yuledge-1(config)#^Z
SSH@yuledge-1#show snmp-server
Invalid input -> snmp-server
Type ? for a list
SSH@yuledge-1#show snmp server

       Status: Disabled

SSH@yuledge-1#sh int ether 2/1

10GigabitEthernet2/1 is up, line protocol is up

Thank-you kindly for your assistance,

~Chuck

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Enable SNMP server - Management Port

Hi Chuck,

     Ok, you  you just need to set the snmp host line.

e.g.

Brocade(config)# snmp-server host 2.2.2.2 version v2c mypublic port 200

Syntax: snmp-server host <ip-addr> version <string>

The <ip-addr> parameter specifies the IP address of the trap receiver.

The v1, v2c, or v3 parameter indicates which version of SNMP is used.

The <string> parameter specifies an SNMP community string configured on the Brocade device. It is not used to authenticate access to the trap host, but it is a useful method for filtering traps on the host. For example, if you configure each of your Brocade devices that use the trap host to send a different  community string, you can easily distinguish among the traps from the devices based on the community strings.

By default, <string> is encrypted. If you want <string> to be in clear text, insert a 0 preceding <string>.


Also optionaly you can set a single source on the Netirons

e.g.

Brocade(config)# snmp-server trap-source ethernet 4/11


Also note by default all traps are enabled - you do not neeed to enable snmp on a per port basis unless that is want you want.


Thanks

Michael.

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Enable SNMP server - Management Port

Hello Michael,

  Thank-you for your reply. Unfortunately it appears I was not as verbose as I should have been in my original post. Consequently, you did not have all the information available to you.

Here is the output of sh run | inc snmp (contact email and password filtered)

SSH@yuledge-1#sh run | inc snmp

snmp-server view yuledge iso  included

snmp-server community 2 ********************* ro

snmp-server contact ************************

snmp-server enable mib np-qos-stat

snmp-server enable mib tm-dest-qstat

snmp-server location Montreal

snmp-server host 10.3.21.222 version v2c 2 ****************************

SSH@yuledge-1

Here is the output of an ifconfig and snmpwalk atttempt from 10.3.21.222. Routable IP address, snmpcommunity and username have been filtered.

****@nayul-netutil:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 6a:4c:12:6c:9d:78
          inet addr:10.3.21.222  Bcast:10.3.21.255  Mask:255.255.254.0
          inet6 addr: fe80::684c:12ff:fe6c:9d78/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1747365454 errors:0 dropped:91316352 overruns:0 frame:0
          TX packets:18137172 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:436164396452 (436.1 GB)  TX bytes:3387775155 (3.3 GB)
          Interrupt:25

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6361636 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6361636 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2016378636 (2.0 GB)  TX bytes:2016378636 (2.0 GB)

****@nayul-netutil:~$ snmpwalk -Os -c ************* -v 2c xxx.xxx.96.17
Timeout: No Response from 162.211.96.17
****@nayul-netutil:~$ snmpwalk -Os -c ************* -v 2c 10.3.8.18
Timeout: No Response from 10.3.8.18
****@nayul-netutil:~$ snmpwalk -Os -c ************* -v 2c 10.3.8.18
Timeout: No Response from 10.3.8.18
****@nayul-netutil:~$ snmpwalk -Os -c ************ -v 2c 10.3.8.18
Timeout: No Response from 10.3.8.18
****@nayul-netutil:~$ snmpwalk -Os -c *********** -v 2c 10.3.8.18 system
Timeout: No Response from 10.3.8.18
******@nayul-netutil:~$ ping 10.3.8.18
PING 10.3.8.18 (10.3.8.18) 56(84) bytes of data.
64 bytes from 10.3.8.18: icmp_req=1 ttl=63 time=0.692 ms
^C
--- 10.3.8.18 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.692/0.692/0.692/0.000 ms
*****@nayul-netutil:~$ snmpwalk -Os -c ************** -v 2c xxx.xxx.96.17 system
Timeout: No Response from 162.211.96.17

*****@nayul-netutil:~$

originally I had thought that maybe the mgmt port did not accept SNMP requests. However, you will note that I also attempted using a different interface. In my case ethernet 2/1.

SSH@yuledge-1#sh run int ethernet 2/1
interface ethernet 2/1
port-name "FW-2"
enable
ip address xxx.xxx.96.17/28
ip vrrp vrid 1
  owner
  ip-address xxx.xxx.96.17
  exit
!

SSH@yuledge-1

sh run int mana 1

Invalid input -> mana   1

Type ? for a list

SSH@yuledge-1#sh run int manage

Unrecognized command

SSH@yuledge-1

!

interface management 1

ip address 10.3.8.18/24

enable

!

There are no access-list in play at this point except for those that are used for BGP. I figure this is most defintely syntax related and I am missing something very simple. I had "debug all" turned on when I was attempting to connect and nothing printed up in the logs.

access-list 3 remark ADVERTISE_BGP_SUBNETS

access-list 3 deny 127.0.0.0 0.255.255.255

access-list 3 deny 192.0.2.0 0.0.0.255

access-list 3 deny 10.0.0.0 0.255.255.255

access-list 3 deny 172.16.0.0 0.15.255.255

access-list 3 deny 192.168.0.0 0.0.255.255

access-list 3 deny 169.254.0.0 0.0.255.255

access-list 3 permit xxx.xxx.96.0 0.0.7.255

!

access-list 4 remark SSH SERVER

access-list 4 permit 10.0.0.0 0.0.255.255

!

route-map EXPORT_V4_SUBNET_PUBLIC permit 1

match ip address 3

!

Is there a command that lets me run a pcap so I can see what's happening? Also, does the mgmt port accept SNMP requests?

Cheers,

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Enable SNMP server - Management Port

Also,

  Saw a problem with "snmp-server host" command that I had previous inputted. It defaults to port 162 which is for traps - I changed it to snmp-server host 10.3.21.222 version v2c <communityhere> port 161

Unfortunately no change and snmp server still shows as disabled

SSH@yuledge-1#sh snmp server

       Status: Disabled

Trap-Receiver IP-Address       Version   Port-Number Comm-or-Security

     1        10.3.21.222      v2c           161     $Nm9eMlVzLWc2UyI4bw==

SSH@yuledge-1#

Another thing I also noticed after changing the port from 162 to 161, I noticed that the header states "Trap-Receiver IP-Address" - So now I'm wondering if the line "snmp-server host xxx.xxx.xxx.xxx version xyz <community>" isn't for sending traps vs allowing a box to snmpwalk/get on the device.

Cheers,

Occasional Contributor
Posts: 17
Registered: ‎08-09-2013

Re: Enable SNMP server - Management Port

The answer is easy!!!!

once everything is configure and you are happy with it, type the following:
!
conf t
!
snmp-server
!

SSH@yuledge-1#show snmp server

       Status: Enabled

VOILA!

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook