Page 1 of 1
ALU SNMPWALK using VPRN ip address
Posted: 09 Nov 2016 11:30
by Gilles
Hello all,
I would need to poll (cacti) a 7750 SR-12 which has a lot of VPRNs (vrf) configured.
i cannot use the ALU system ip address (loopback) as it is not in my routing table. But I can ping a VPRN WAN ip address.
When I run a snmpwalk against this VPRN ip address, I have no answer.
My question is : Do I have to use the system ip address to poll the device or I can use a VPRN ip address but the snmp part is wrongly configured.
Any help is welcomed
Thanks
Regards,
Gilles
Re: ALU SNMPWALK using VPRN ip address
Posted: 10 Nov 2016 07:38
by mivens
Do you have the following configured?
/configure service vprn <id> snmp access
/configure service vprn <id> snmp community
Before 13.0R1, these commands were
/configure service vprn <id> snmp-access
/configure service vprn <id> snmp-community
See
Per-VPRN Logs and SNMP Access in the System Management Guide and the
Layer 3 Services Guide
Bear in mind there's a default restrictive snmp view for vprn access that you might want to change.
Re: ALU SNMPWALK using VPRN ip address
Posted: 10 Nov 2016 08:54
by Gilles
I have read the links.
It seems that it is not configured.
I see a lot of statements like :
Code: Select all
vprn xxxx customer yyyy create
snmp-community "blablabla" hash2 version both
but it doesn't exist for my vprn.
To explain a little it more, my team doesn't manage the ALU, but we are asked to graph our vprn. The team who manages the ALU tells me : "you have to poll the system ip add". The ALU system ip address is not in the management routing table so cannot be used as is . It may require some import/export between the vrfs.
I know the snmp Cisco commands, biut not the AlU ones.
Could you help me giving me the statements that I should ask to be configured?
There is a pack of statements which describe our vprn:
Code: Select all
vprn 7861 customer 5625 create
...
interface "Port 3/1/4:10:113" create
address C.C.C.C/30
...
sap 3/1/4:10.113 create
...
bgp
...
exit
If I want the vprn ip address(C.C.C.C) to be polled by the ip address D.D.D.D, what should be the statements to add to the ALU? Let's say snmp V2 and read-only will be enough to poll and graph the bandwidth utilisation.
Thanks in advance.
Re: ALU SNMPWALK using VPRN ip address
Posted: 11 Nov 2016 06:43
by mivens
I think it's pretty much the same as the example you gave:
Code: Select all
/configure service vprn 7861 snmp-community "blablabla" version v2c
Re: ALU SNMPWALK using VPRN ip address
Posted: 14 Nov 2016 04:55
by Gilles
I have asked the team to add this statement customized with our vprn parameters.
I will update the tickets as soon as I receive their feedback.
Thanks
Gilles
Re: ALU SNMPWALK using VPRN ip address
Posted: 23 Dec 2016 04:13
by Gilles
The team has finally added the missing statement, but the ALU doesn't answer to the snmp requests: here is the statement which has been added:
Code: Select all
hpe01# configure service vprn 7861
hpe01>config>service>vprn# snmp-community TCL4NHP version both
hpe01# configure service vprn 7861
hpe01>config>service>vprn# info
----------------------------------------------
description "GVPN"
snmp-community "arm1bTNiiOHcqDGCS8cOF." hash2 version both
vrf-import "VPRN-IMPORT_8242"
vrf-export "VPRN-EXPORT_8242"
autonomous-system xxxx
route-distinguisher xxxx:509335
and it appears encrypted in the "service" list:
Code: Select all
vprn 7861 customer 5625 create
snmp-community "arm1bTNiiOHcqDGCS8cOF." hash2 version both
netvertheless, there is no answer to the snmpwalk:
snmpwalk -v 2c -c TCL4NHP 10.94.20.9
i habe also tried with the encrypted community string:
snmpwalk -v 2c -c arm1bTNiiOHcqDGCS8cOF 10.94.20.9
the device is pingable
ping 10.94.20.9
PING 10.94.20.9 (10.94.20.9) 56(84) bytes of data.
64 bytes from 10.94.20.9: icmp_seq=1 ttl=63 time=111 ms
64 bytes from 10.94.20.9: icmp_seq=2 ttl=63 time=110 ms
any idea ?
Thanks
Gilles
Re: ALU SNMPWALK using VPRN ip address
Posted: 23 Dec 2016 04:33
by Gilles
I am confused as our expert teams think that only the AU system ("loopback" ) ip address can be polled and that we cannot poll "our" interface using its WAN ip address configured in a VPRN, even if it is pingable. What do you think?
Regards,
Gilles
Re: ALU SNMPWALK using VPRN ip address
Posted: 23 Dec 2016 11:14
by mivens
Try adding the "snmp access" command in the vprn:
Code: Select all
/configure service vprn 7861 snmp-access
Description of the command from the
L3 Services Guide which you could show to your colleagues:
[no] access
Context: config>service>vprn>snmp
"This command enables/disables SNMP access on the VPRN interface. This command allows SNMP queries destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router."
If it still doesn't work, you could check there isn't a IP Filter, CPM Filter or Management Access Filter that is blocking the polls.