SNMP v2 not working on Alcatel OS6850

Post Reply
sparskter

SNMP v2 not working on Alcatel OS6850

Post by sparskter »

Hello there,

I am trying to get SNMP v2 working on my Alcatel OS6850. Bellow is attached the current configuration. I created a user "monitor" and mapped it with the community string "monitor". I enabled SNMP for this user and configure it to work with no authentication.

What did I miss? Thanks!



Code: Select all

-> write terminal 
! Stack Manager :
! Chassis :
system name vxTarget
system daylight savings time disable
! Configuration:
! VLAN :
vlan 1 enable name "VLAN 1"
vlan 500 enable name "VLAN 500 - Servidores VOIP"
vlan 500 port default 1/3
vlan 500 port default 1/4
vlan 500 port default 1/5
vlan 500 port default 1/15
vlan 500 port default 1/17
vlan 500 port default 1/18
vlan 501 enable name "VLAN 501 - Telefonia VOIP"
vlan 501 port default 1/1
vlan 502 enable name "VLAN 502"
vlan 503 enable name "VLAN 503 - VOIP"
vlan 1000 enable name "VLAN 1000 - Srv. Dominio PMO1"
vlan 1000 port default 1/2
vlan 1000 port default 1/6
vlan 1000 port default 1/7
vlan 1000 port default 1/8
vlan 1000 port default 1/11
vlan 1000 port default 1/12
vlan 1000 port default 1/13
vlan 1000 port default 1/14
vlan 1000 port default 1/19
vlan 1500 enable name "VLAN 1500 - VOIP Capelinha"
vlan 2544 enable name "WAN-VOIP"
! VLAN SL:
! IP :
ip service all
ip interface "default" address 172.20.7.100 mask 255.255.248.0 vlan 1 ifindex 2
ip interface "vlan 500" address 192.168.64.1 mask 255.255.255.192 vlan 500 ifindex 3
ip interface "vlan 501" address 192.168.65.1 mask 255.255.255.128 vlan 501 ifindex 4
ip interface "vlan 1000" address 172.19.1.254 mask 255.255.255.0 vlan 1000 ifindex 5
ip interface "WAN-VOIP" address 192.168.73.2 mask 255.255.255.252 vlan 2544 ifindex 6
ip interface "vlan 502" address 192.168.65.129 mask 255.255.255.128 vlan 502 ifindex 7
ip interface "vlan 503" address 192.168.66.1 mask 255.255.255.128 vlan 503 ifindex 8
! IPX :
! IPMS :
! AAA :
aaa authentication console "local" 
aaa authentication telnet "local" 
aaa authentication http "local" 
aaa authentication snmp "local" 
! PARTM :
! AVLAN :
! 802.1x :
! QOS :
! Policy manager :
! Session manager :
! SNMP :
snmp security no security
snmp authentication trap enable
snmp community map "monitor" user "monitor" on
snmp station 172.20.7.200 10050  v3 enable
! RIP :
! OSPF :
! BFD-STD :
! ISIS :
! IPv6 :
! IPSec :
! IP multicast :
ip static-route 0.0.0.0/0 gateway 172.20.0.254 metric 1
ip static-route 192.168.72.0/24 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.8/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.12/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.16/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.20/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.24/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.28/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.32/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.36/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.73.40/30 gateway 192.168.73.1 metric 1
ip static-route 192.168.74.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.76.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.78.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.80.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.82.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.84.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.86.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.88.0/23 gateway 192.168.73.1 metric 1
ip static-route 192.168.94.128/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.94.160/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.94.192/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.94.224/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.95.0/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.95.32/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.95.64/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.95.96/27 gateway 192.168.73.1 metric 1
ip static-route 192.168.95.128/27 gateway 192.168.73.1 metric 1
! RIPng :
! OSPF3 :
! BGP :
! Health monitor :
health threshold temperature 78
! Interface :
interfaces 1/9 alias "UpLink_Telefonia"
interfaces 1/10 alias "UpLink_Contabilidade"
interfaces 1/16 alias "UpLink-6850-Core"
interfaces 1/16 duplex full
interfaces 1/16 speed 1000
interfaces 1/20 alias "Up-Link-Anexo"
interfaces 1/21 alias "UpLinp_DTI"
interfaces 1/22 alias "Up-Link-GabinetePrefeito"
interfaces 1/23 alias "Up-link-Praca-At"
interfaces 1/24 alias "UpLink_ISS"
! Udld :
! Netsec :
! Link Aggregate :
! Port Mapping :
! VLAN AGG:
! 802.1Q :
vlan 500 802.1q 1/1 "TAG PORT 1/1 VLAN 500"
vlan 1500 802.1q 1/1 "TAG PORT 1/1 VLAN 1500"
vlan 2544 802.1q 1/1 "TAG PORT 1/1 VLAN 2544"
vlan 500 802.1q 1/9 "TAG PORT 1/9 VLAN 500"
vlan 501 802.1q 1/9 "TAG PORT 1/9 VLAN 501"
vlan 502 802.1q 1/9 "TAG PORT 1/9 vlan 502"
vlan 501 802.1q 1/10 "TAG PORT 1/10 VLAN 501"
vlan 500 802.1q 1/16 "TAG PORT 1/16 VLAN 500"
vlan 501 802.1q 1/16 "TAG PORT 1/16 VLAN 501"
vlan 501 802.1q 1/20 "TAG PORT 1/20 VLAN 501"
vlan 500 802.1q 1/21 "TAG PORT 1/21 VLAN 500"
vlan 501 802.1q 1/21 "TAG PORT 1/21 VLAN 501"
vlan 503 802.1q 1/22 "TAG PORT 1/22 VLAN 503"
vlan 501 802.1q 1/23 "TAG PORT 1/23 VLAN 501"
vlan 500 802.1q 1/24 "TAG PORT 1/24 VLAN 500"
vlan 501 802.1q 1/24 "TAG PORT 1/24 VLAN 501"
! Spanning tree :
bridge mode 1x1 
! Bridging :
! Bridging :
! Port mirroring :
! UDP Relay :
ip helper per-vlan only  
ip helper address 192.168.64.10 vlan 501 
ip helper address 192.168.64.10 vlan 502 
ip helper address 192.168.64.10 vlan 503 
! Server load balance :
! System service :
swlog console level info
! SSH :
! VRRP :
! Web :
! AMAP :
! Lan  Power :
! NTP :
! RDP :
! VLAN STACKING:
! Ethernet-OAM :
! EFM-OAM :
! ERP :
! SAA :
! DHCP Server :
! WCCP :
ip wccp admin-state enable
! LLDP :
! Link-fault-propagation :
! DHL :
-> 
-> 
->
You do not have the required permissions to view the files attached to this post.
Top
devnull

Re: SNMP v2 not working on Alcatel OS6850

Post by devnull »

I think it should work..

What i always use:

Code: Select all

aaa authentication snmp local
snmp security authentication set
snmp community map "read4me" user "snmpv2user" on
snmp station 10.10.10.10 162 "SNMPV3" v3 enable

-> show snmp community map 
Community mode : enabled

status   community string                 user name
--------+--------------------------------+--------------------------------
enabled  read4me                         snmpv2user

-> show user

[..]
User name = SNMPV3,
  Password expiration     = None,
  Password allow to be modified date     = None,
  Account lockout     = None,
  Password bad attempts     = 0,
  Read Only for domains   = None,
  Read/Write for domains  = All ,
  Snmp allowed     = YES,
  Snmp authentication     = MD5,
  Snmp encryption     = DES,
  Console-Only    = Disabled
[..]
User name = snmpv2user,
  Password expiration     = None,
  Password allow to be modified date     = None,
  Account lockout     = None,
  Password bad attempts     = 0,
  Read Only for domains   = All ,
  Read/Write for domains  = None,
  Snmp allowed     = YES,
  Snmp authentication     = NONE,
  Snmp encryption     = NONE,
  Console-Only    = Disabled

->show snmp security 
snmp security = authentication set

Enables User SNMPV3 for read-write (Omnivista)
and has a read-only "read4me" community.

I always test with paessler snmp tester.

Please show the output (no pictures please) of "-> show snmp community map "

Which AOS are you working with?
Top
sparskter

Re: SNMP v2 not working on Alcatel OS6850

Post by sparskter »

Hello devnull!

AOS Version:

Code: Select all

-> show hardware info
CPU Type                          : Motorola MPC8248,
Flash Manufacturer                : CF 128MB                                ,
Flash size                        : 131203072 bytes (125 MB),
RAM Manufacturer                  : 0x00000000 - Other,
RAM size                          : 536870912 bytes (512 MB),
NVRAM Battery OK ?                : YES,
Uboot Version                     : 6.4.4.213.R01,
Miniboot Version                  : 6.4.4.213.R01,
Product ID Register               : ff
Hardware Revision Register        : 00
CPLD Revision Register            : 11
XFP Module ID                     : 02

Code: Select all

-> show snmp community map
Community mode : enabled

status   community string                 user name
--------+--------------------------------+--------------------------------
enabled  monitor                          monitor
I also tried paessler snmp tester with no success. I observed that in Webview -> SNMP -> Statistics -> SNMP

the parameter "In Bad Community Names" increases every time I perform a test with snmpwalk or paessler snmp.

Any idea?
Top
sparskter

Re: SNMP v2 not working on Alcatel OS6850

Post by sparskter »

devnull: thanks for your help! I saw your user config and found the solution! The problem was with the "Read Only for domains" parameter of the user. I enable read-only for the user "monitor" that I created and snmpwalk worked!

To enable it I did:

WEBView -> Security -> ASA -> Local Users -> User DB -> select user "monitor" -> View & Modify Family Privileges -> Enable Read Only to All Options -> DONE!

I think I created the user without the correct parameter. I think it should have been:

Code: Select all

user monitor password <pass> READ-ONLY all no auth

BEFORE:

Code: Select all

-> show user
User name = monitor,
  Password expiration     = None,
  Password allow to be modified date     = None,
  Account lockout     = None,
  Password bad attempts     = 0,
  Read Only for domains   = None ,
  Read/Write for domains  = None,
  Snmp allowed     = YES,
  Snmp authentication     = NONE,
  Snmp encryption     = NONE,
  Console-Only    = Disabled
AFTER:
User name = monitor,
Password expiration = None,
Password allow to be modified date = None,
Account lockout = None,
Password bad attempts = 0,
Read Only for domains = All ,
Read/Write for domains = None,
Snmp allowed = YES,
Snmp authentication = NONE,
Snmp encryption = NONE,
Console-Only = Disabled
Top
devnull

Re: SNMP v2 not working on Alcatel OS6850

Post by devnull »

Not really. Can you try adding another user e.g my example and test with that?
I can test on Monday earliest. But it should(?) work with community and user being the same I think.
Just try adding my example please.
Top
sparskter

Re: SNMP v2 not working on Alcatel OS6850

Post by sparskter »

devnull wrote:Not really. Can you try adding another user e.g my example and test with that?
I can test on Monday earliest. But it should(?) work with community and user being the same I think.
Just try adding my example please.
Hello devnull! I found the problem!

The solution was to enable "Read Only for domains = All,"; see the the attached screenshot. I saw your log and your user "snmpv2user" had it enabled
2013-04-12_114236_READ_ONLY_DOMAIN_ALL_USER_MONITOR.png

Code: Select all

->show user
User name = monitor,
  Password expiration     = None,
  Password allow to be modified date     = None,
  Account lockout     = None,
  Password bad attempts     = 0,
  Read Only for domains   = All ,
  Read/Write for domains  = None,
  Snmp allowed     = YES,
  Snmp authentication     = NONE,
  Snmp encryption     = NONE,
  Console-Only    = Disabled
My user was already created but I changed it permissions through: WEBVIEW -> Security -> ASA -> Local Users -> User DB -> select my user monitor -> View & Modify Family Privileges -> Enable Read Only to all services (Actually I think just SNMP should be fine!).

Now SNMPWALK works!
2013-04-12_115150_SNMP_WALK_172.20.7.100_OK.png
The following script is what I am using now and it works:

Code: Select all

!################################################################################
Create user "monitor" and enable SNMP v2 with community string "monitor"
!################################################################################
(1) AAA authentication:
aaa authentication snmp "local"

(2) Disable SNMP security settings::
snmp security no security

(3) Create user "monitor" and map its to community string "monitor":
user monitor password monitor123 READ-ONLY all no auth
snmp community map monitor user monitor on

(4) Save settings:
copy running-config working
copy working certified
That is it! Thank you very much for the help!
You do not have the required permissions to view the files attached to this post.
Top
devnull

Re: SNMP v2 not working on Alcatel OS6850

Post by devnull »

Just noticed: Your user has no read-write or read-only rights for anything, that does not work.

Can you test:
user monitor password willneveruse read-only all no auth

should work afterwards.

If you want to enable snmp sets (would not do that with insecure v2) you must use "read-write all"
Top
sparskter

Re: SNMP v2 not working on Alcatel OS6850

Post by sparskter »

devnull wrote:Just noticed: Your user has no read-write or read-only rights for anything, that does not work.

Can you test:
user monitor password willneveruse read-only all no auth

should work afterwards.

If you want to enable snmp sets (would not do that with insecure v2) you must use "read-write all"

Hello devnull! Thanks! I noticed this on Friday, 12/April/2013 and even replied this topic with the solution. But my post was not approved until now!

I am using the following script:

Code: Select all

#######################################################################
ENABLE SNMP V2 ON ALCATEL OS6850/OS6450
#######################################################################
(1) AAA authentication:
aaa authentication snmp "local"

(2) Disable SNMP security settings:
snmp security no security

(3) Create user "monitor" , enable all services as READ-ONLY:
user monitor password monitor123 READ-ONLY all no auth
snmp community map monitor user monitor on

(4) Save configurations:
copy running-config working
copy working certified
Top
devnull

Re: SNMP v2 not working on Alcatel OS6850

Post by devnull »

wow.. got missed all the stuff on my mobile phone..

edit: ahh not approved.. im not blind.. phew
glad it works.
Top
Post Reply

Return to “OmniSwitch 6850 / 6850E”