FC5022 SAN Switch issue - Unsupported security level
Hello,
For a month I've been testing out your system with a few V3700 storages, and just now started to import our SAN Switch.
So far everything has run very very smooth, untill I try to add additional switches from more-up-to-date SAN Switch firmware versions. The ones failing are running 8.0.1.
All the switches are configured exactly the same, but it seems the two last ones are experiencing issues because of newer firmware versions.
I can't seem to figure out what unsupported security levels it's referring to, perhaps you can assist me.
Let me know if you need any logs.
Below contains first the one failing, and another snippet of one working, on earlier firmware.
***************************************************************************************************
For a month I've been testing out your system with a few V3700 storages, and just now started to import our SAN Switch.
So far everything has run very very smooth, untill I try to add additional switches from more-up-to-date SAN Switch firmware versions. The ones failing are running 8.0.1.
All the switches are configured exactly the same, but it seems the two last ones are experiencing issues because of newer firmware versions.
I can't seem to figure out what unsupported security levels it's referring to, perhaps you can assist me.
Let me know if you need any logs.
Below contains first the one failing, and another snippet of one working, on earlier firmware.
***************************************************************************************************
test snmpwalk:
snmpwalk -v 3 -u snmpadmin3 10.149.x.x 1.3.6.1.2.1.1.5
snmpwalk: Unsupported security level
snmpwalk cmd : failed!
san_verify.pl:
Fri Jun 8 10:51:30 2018: Got Unsupported security level querying 10.149.x.x for sysDescr. No such file or directory/home/stor2rrd/stor2rrd/bin/san_verify.pl:160 : No such file or directory
Type : BRCD
DestHost : 10.149.x.x
Version SNMP : 3
SecName : snmpadmin3
SNMP port : not defined! Used SNMP default port "161"!
connection failed!!
Check network connectivity and user access
***************************************************************************************************
***************************************************************************************************
***************************************************************************************************
***************************************************************************************************
=========================
SWITCH: 10.149.x.x
=========================
test snmpwalk:
snmpwalk -v 3 -u snmpadmin3 10.149.x.x 1.3.6.1.2.1.1.5
iso.3.6.1.2.1.1.5.0 = STRING: "Flexxx_Switchxx"
snmpwalk cmd : ok
san_verify.pl:
Type : BRCD
DestHost : 10.149.x.x
Version SNMP : 3
SecName : snmpadmin3
SNMP port : not defined! Used SNMP default port "161"!
Switch name : Flexxx_Switchxx
STATE : CONNECTED!
connection ok
***************************************************************************************************
***************************************************************************************************
Comments
-
Hello,
open an SSH session for the FC5022 switch.Run the following command:snmpconfig --show snmpv3If you do not want to share the content here, you can send it by email.
support@stor2rrd.com
-
Hello,
I'll just post it here, may be educational for others as well.
The setup in san-list is the same for the other working switches, output at the bottom.
Output from the switch (Trap Entry 3 IP is that of the STOR2RRD Server)SNMP Informs = 0 (OFF)SNMPv3 USM configuration:User 1 (rw): mmv3_mgrAuth Protocol: SHAPriv Protocol: AES128User 2 (rw): snmpadmin2Auth Protocol: SHAPriv Protocol: DESUser 3 (rw): snmpadmin3Auth Protocol: SHAPriv Protocol: DESUser 4 (ro): DirectorServerSNMPv3UserAuth Protocol: SHAPriv Protocol: DESUser 5 (ro): snmpuser2Auth Protocol: SHAPriv Protocol: DESUser 6 (ro): snmpuser3Auth Protocol: SHAPriv Protocol: DESUser 7 (ro):Auth Protocol: SHAPriv Protocol: DESSNMPv3 Trap/Informs configuration:Trap Entry 1: FE80::0211:25FF:FEC3:xxxxTrap Port: 162Trap User: mmv3_mgrTrap recipient Severity level: 0Notify Type: TRAP(1)Trap Entry 2: No trap recipient configured yetNotify Type: TRAP(1)Trap Entry 3: 10.149.x.xTrap Port: 162Trap User: snmpadmin3Trap recipient Severity level: 5Notify Type: TRAP(1)Trap Entry 4: No trap recipient configured yetNotify Type: TRAP(1)Trap Entry 5: No trap recipient configured yetNotify Type: TRAP(1)Trap Entry 6: No trap recipient configured yetNotify Type: TRAP(1)Trap Entry 7: No trap recipient configured yetNotify Type: TRAP(1)
san-list.cfg is the following:
10.149.x.x:snmpadmin3:BRCD:Flexxx_Switchxx -
Hello,
we do not use snmp Traps.
You should use the user with read-only rights (ro) and without authorization, for example snmpuser2.switch:admin> snmpconfig --set snmpv3
...
User (ro): [snmpuser2]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2]
...
Here is an example from our lab:
brocade01:admin> snmpconfig --show snmpv3
...
User 5 (ro): snmpuser2
Auth Protocol: noAuth
Priv Protocol: noPriv
...snmpwalk -v 3 -u snmpuser2 192.168.X.X 1.3.6.1.2.1.1.5
SNMPv2-MIB::sysName.0 = STRING: brocade01 -
Hello,I finally had some time to sit down and look into it.Because of different versions in the firmware, I opted to enable SNMPv1 in the SAN switches, using a mixed v3 og v1 on our different devices.So in a sense, my issue is solved. To properly correct it I may have to set up a proper set of users for the v3 to pull information from, as I have been unable to pull them from any pre-defined RO users, like snmpuser2I can't put in any information in the Access lists, as this blocks other connections. This makes our XClarity freak out and autocreate a case for a dead CMM.So for now it's solved by enabling snmpv1
Howdy, Stranger!
Categories
- 1.6K All Categories
- 41 XORMON NG
- 25 XORMON
- 149 LPAR2RRD
- 13 VMware
- 16 IBM i
- 2 oVirt / RHV
- 4 MS Windows and Hyper-V
- Solaris / OracleVM
- XenServer / Citrix
- Nutanix
- 6 Database
- 2 Cloud
- 10 Kubernetes / OpenShift / Docker
- 122 STOR2RRD
- 19 SAN
- 7 LAN
- 17 IBM
- 3 EMC
- 12 Hitachi
- 5 NetApp
- 15 HPE
- Lenovo
- 1 Huawei
- 1 Dell
- Fujitsu
- 2 DataCore
- INFINIDAT
- 3 Pure Storage
- Oracle