: CE6800 fails to establish connection with NMS via SNMP

Publication Date:  2016-10-31 Views:  283 Downloads:  0
Issue Description
Cloud Engine device is configured with SNMP v2c, but fails to establish the connection with SNMP. From display logbuffer it seems that the IP of the SNMP
is being blocked, even though his IP is permitted by ACL.
Alarm Information

<ssc-dcacc-ph-22>dis logb

Logging buffer configuration and contents :enabled

Allowed max buffer size : 10240

Actual buffer size : 512

Channel number : 4 , Channel name : logbuffer

Dropped messages : 0

Overwritten messages : 1244

Current messages : 512

Sep  5 2016 12:44:17+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/SNMP_BLACKLIST_UNBLOCK(s):CID=0x80d50408;User IPAddress = 10.12.208.23 unblocked.

Sep  5 2016 12:39:16+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/SNMP_BLACKLIST(s):CID=0x80d50408;User IPAddress = 10.12.208.23 blocked.

Sep  5 2016 12:39:16+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/AUTHENTICATIONFAILURE(s):CID=0x80d50408;Failed to login through SNMP.(IPAddress=10.12.208.23, ReasonInfo=Community is incorrect.)

Sep  5 2016 12:39:13+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/SNMP_BLACKLIST_UNBLOCK(s):CID=0x80d50408;User IPAddress = 10.12.208.23 unblocked.

Sep  5 2016 12:34:16+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/SNMP_BLACKLIST(s):CID=0x80d50408;User IPAddress = 10.12.208.23 blocked.

Sep  5 2016 12:34:13+02:00 DST
ssc-dcacc-ph-22 %%01SNMP/4/AUTHENTICATIONFAILURE(s):CID=0x80d50408;Failed to login through SNMP.(IPAddress=10.12.208.23, ReasonInfo=Community is incorrect.)

Sep  5 2016 12:33:01+02:00 DST ssc-dcacc-ph-22
%%01SNMP/4/SNMP_BLACKLIST_UNBLOCK(s):CID=0x80d50408;User IPAddress = 10.12.208.23 unblocked.



Handling Process

After analyzing the output from display logbuffer, it can be noticed a few log entries with error message “Community is incorrect”.

Next step , double check and confirm that the community is correct.

Next step, check the SNMP configuration on device.

snmp-agent acl 2000

snmp-agent local-engineid 800007DB0368A82823A7A1

snmp-agent community read cipher %@%@*

snmp-agent community write cipher %@%@

snmp-agent sys-info contact ABC

snmp-agent sys-info location MER1-PH (Kast 15)

snmp-agent sys-info version v2c v3

snmp-agent target-host trap address
udp-domain 10.12.208.23 source Vlanif1980 params securityname cipher @% v2c

snmp-agent target-host trap address
udp-domain 10.12.216.15 source Vlanif1980 params securityname cipher @% v2c


The SNMP configuration is correct.

Next step: analyze SNMP packets captured on NMS.


From this packets we can notice different SNMP packets, originated from NMS, with different Community strings.  
  
  
  
  
  
  
  
  
 

 
 

 



Root Cause
From this packets we can notice different SNMP packets, originated from NMS, with different Community strings.
Solution

Check the SNMP setting on NMS to find why the server is sending SNMP packets to the switch with different Community strings.



END