ALU SNMPWALK using VPRN ip address

[Gilles]

Hello all,
I would need to poll (cacti) a 7750 SR-12 which has a lot of VPRNs (vrf) configured.
i cannot use the ALU system ip address (loopback) as it is not in my routing table. But I can ping a VPRN WAN ip address.
When I run a snmpwalk against this VPRN ip address, I have no answer.

My question is : Do I have to use the system ip address to poll the device or I can use a VPRN ip address but the snmp part is wrongly configured.

Any help is welcomed
Thanks
Regards,
Gilles

[mivens]

Do you have the following configured?

/configure service vprn <id> snmp access
/configure service vprn <id> snmp community

Before 13.0R1, these commands were

/configure service vprn <id> snmp-access
/configure service vprn <id> snmp-community

See Per-VPRN Logs and SNMP Access in the System Management Guide and the Layer 3 Services Guide

Bear in mind there's a default restrictive snmp view for vprn access that you might want to change.

[Gilles]

I have read the links.
It seems that it is not configured.
I see a lot of statements like :

Code: Select all

vprn xxxx customer yyyy create
            snmp-community "blablabla" hash2 version both

but it doesn't exist for my vprn.
To explain a little it more, my team doesn't manage the ALU, but we are asked to graph our vprn. The team who manages the ALU tells me : "you have to poll the system ip add". The ALU system ip address is not in the management routing table so cannot be used as is . It may require some import/export between the vrfs.
I know the snmp Cisco commands, biut not the AlU ones.

Could you help me giving me the statements that I should ask to be configured?
There is a pack of statements which describe our vprn:

Code: Select all

vprn 7861 customer 5625 create
...
interface "Port 3/1/4:10:113" create
address C.C.C.C/30 
...
sap 3/1/4:10.113 create
...
bgp
...
exit

If I want the vprn ip address(C.C.C.C) to be polled by the ip address D.D.D.D, what should be the statements to add to the ALU? Let's say snmp V2 and read-only will be enough to poll and graph the bandwidth utilisation.

Thanks in advance.

[mivens]

I think it's pretty much the same as the example you gave:

Code: Select all

/configure service vprn 7861 snmp-community "blablabla" version v2c

[Gilles]

I have asked the team to add this statement customized with our vprn parameters.
I will update the tickets as soon as I receive their feedback.
Thanks
Gilles

[Gilles]

The team has finally added the missing statement, but the ALU doesn't answer to the snmp requests: here is the statement which has been added:

Code: Select all

hpe01# configure service vprn 7861                   
hpe01>config>service>vprn# snmp-community TCL4NHP version both  

hpe01# configure service vprn 7861            
hpe01>config>service>vprn# info 
----------------------------------------------
            description "GVPN"
            snmp-community "arm1bTNiiOHcqDGCS8cOF." hash2 version both
            vrf-import "VPRN-IMPORT_8242"
            vrf-export "VPRN-EXPORT_8242"
            autonomous-system xxxx
            route-distinguisher xxxx:509335

and it appears encrypted in the "service" list:

Code: Select all

        vprn 7861 customer 5625 create
            snmp-community "arm1bTNiiOHcqDGCS8cOF." hash2 version both

netvertheless, there is no answer to the snmpwalk:
snmpwalk -v 2c -c TCL4NHP 10.94.20.9
i habe also tried with the encrypted community string:
snmpwalk -v 2c -c arm1bTNiiOHcqDGCS8cOF 10.94.20.9

the device is pingable
ping 10.94.20.9
PING 10.94.20.9 (10.94.20.9) 56(84) bytes of data.
64 bytes from 10.94.20.9: icmp_seq=1 ttl=63 time=111 ms
64 bytes from 10.94.20.9: icmp_seq=2 ttl=63 time=110 ms

any idea ?

Thanks
Gilles

[Gilles]

I am confused as our expert teams think that only the AU system ("loopback" ) ip address can be polled and that we cannot poll "our" interface using its WAN ip address configured in a VPRN, even if it is pingable. What do you think?

Regards,
Gilles

[mivens]

Try adding the "snmp access" command in the vprn:

Code: Select all

/configure service vprn 7861 snmp-access

Description of the command from the L3 Services Guide which you could show to your colleagues:

[no] access
Context: config>service>vprn>snmp
"This command enables/disables SNMP access on the VPRN interface. This command allows SNMP queries destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router."

If it still doesn't work, you could check there isn't a IP Filter, CPM Filter or Management Access Filter that is blocking the polls.