issue with add LAN (SWITCH CISCO Nexus)

Ahmed

hi All,

When I try to add a Cisco LAN switch to stor2RRD as a configuration below, I can't add them

The stor2rrd user I used (read-only in Sw) also used r/w privilege and had the same issue.

When I made test connectivity appear,

API host network connection: UDP connection to 10.157.32.148:161 is OK

Crontab test: OK

API authorization: NOK

Thu Aug 24 13:34:15 2023: Got Timeout querying 10.157.32.148:161 with public for sysName. /home/stor2rrd/stor2rrd/bin/SNMP_lib.pm:1331 : 
/usr/bin/snmpwalk -v 3 -u stor2rrd -l authPriv -A <auth_pass> -X <priv_pass> -a MD5 -x DES 10.157.32.148 1.3.6.1.2.1.1.5
SNMP version  : 3
Port          : 161 (default)
Timeout       : 5 seconds
SecName       : stor2rrd
SecLevel      : authPriv
AuthProto     : MD5
PrivProto     : DES
STATE         : NOT CONNECTED!

Pavel

basically this cmd must work:

/usr/bin/snmpwalk -v 3 -u stor2rrd -l authPriv -A <auth_pass> -X <priv_pass> -a MD5 -x DES 10.157.32.148 1.3.6.1.2.1.1.5

• ask network admins what is wrong with that
• is SNMP v2c enabled there? If so, try it
• most of problems are caused by network filtering of that traffic on firewalls, make 100% sure that this is not an issue

Ahmed

https://forum.xorux.com/discussion/comment/5811#Comment_5811

the command CMD run on xorux appliance? Right!

SNMP v2c >> This version is already enabled on SW!!

Now we are enabling SNMP v3 with user stor2rrd and password stor2rrd as mentioned before.

Pavel

yep, on the stor2rrd hosted server.

So does snmp v2 work fine?

Just s=v3 does not work?

Ask switch admin how to make a proper query v3 connection (passwords etc)

Ahmed

https://forum.xorux.com/discussion/comment/5813#Comment_5813

I think we need to enable the API Feature on the SW itself. for collecting the data? right !!

Pavel

no, SNMP is enabled by default, jusat configure SNMP v3 on the switch

Ahmed

Dear,

After running the command below, I get the output TIMEOUT."

[root@xorux bin]# snmpwalk -v 3 -u stor2rrd -l authPriv -A stor2rrd -X stor2rrd -a MD5 -x DES 10.157.32.148 1.3.6.1.2.1.1.5

snmpwalk: Timeout

I Changed DES TO AES, the same as before.

Pavel

2 reasons

1. there is not enabled network connectivity, check on the firewall that packets are not discarded
2. misconfiguration on the switch, check with your switch vendor how to make it work

Ahmed

same issue could you please help if need a remote connection !!!!!!

API host network connection: UDP connection to 10.157.32.55:161 is OK

Crontab test: OK

API authorization: NOK

Tue Sep  5 14:07:21 2023: Got Timeout querying 10.157.32.55:161 with public for sysName. /home/stor2rrd/stor2rrd/bin/SNMP_lib.pm:1331 : 
/usr/bin/snmpwalk -v 3 -u stor2rrd -l noAuthNoPriv -A <auth_pass> -X <priv_pass> -a MD5 -x DES 10.157.32.55 1.3.6.1.2.1.1.5
SNMP version  : 3
Port          : 161 (default)
Timeout       : 5 seconds
SecName       : stor2rrd
SecLevel      : noAuthNoPriv
AuthProto     : MD5
PrivProto     : DES
STATE         : NOT CONNECTED!

Pavel

if snmpwalk does not work, we do nothing. There is no any setting on the switches we are aware of.

Are you sure that nework is open for SNMP UDP 161 traffic?

Can you see udp packats from stor2rrd to the switch in the firewall? Does the switch answering anyhow?

Check it with your LAN admins, they definitley must know how to either enable or make snmp working.

Ahmed

What does it mean that the connection between server XORUX and the LAN (SWITCH) is OK, he can see the SW right ? As mentioned below:

API host network connection: UDP connection to 10.157.32.55:161 is OK

API host network connection: UDP connection to 10.157.32.148:161 is OK

Pavel

this is a test, but it definitelly cannot exclude that firewall answering instead of the end device.

Pls, really check it with the security team, make sure that there is conection on the network lelev.

99% osf such issues are caused by firewalls.

Ahmed

thank you for your assistance