No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Unable to add switch in NMS due of PDU decode error

Publication Date:  2016-08-28 Views:  179 Downloads:  0
Issue Description
S2700 switch series V100R006C05 can't be added to NMS due of PDU decode error. The system returns the error below.
Alarm Information
Aug 22 2016 09:15:10+10:00 xxxxxxx %%01SNMP/4/DECODE_ERR(l)[1]:Failed to login through SNMP, because of the decoded PDU error. (Ip=10.30.131.10, Times=2)
Aug 22 2016 09:11:01+10:00 xxxxxxx %%01SNMP/4/DECODE_ERR(l)[2]:Failed to login through SNMP, because of the decoded PDU error. (Ip=10.30.131.10, Times=1)
Aug 22 2016 09:10:57+10:00 xxxxxxx %%01SNMP/4/DECODE_ERR(l)[3]:Failed to login through SNMP, because of the decoded PDU error. (Ip=10.30.131.10, Times=6)
Handling Process

Decoding error could be caused by different reasons

1.  you must ensure that the local-engineID has an unique value, otherwise the conflicts might occur during decoding.

<R6_U26_S2700>dis current-configuration | i snmp                               
snmp-agent                                                                    
snmp-agent local-engineid 000007DB7F00000100000001        

You are advice to configure the local engine id taking into account the following requirements:

- The first four bytes in hexadecimal notation are the enterprise's private engine ID allocated by Internet Assigned Numbers Authority (IANA). The engine ID of Huawei devices is 2011 in decimal notation. The first binary digit has a fixed value 1. Therefore, the hexadecimal format of the first four bytes in a Huawei device's engine ID is 800007DB.
- The device information is configured manually. You are advised to use the IP address or MAC address of the device as device information to uniquely identify the device.    

Configure this parameter first otherwise SNMPv3 password for encryption and authentication become invalid. The password summary used by SNMPv3 users is calculated using MD5 or SHA based on the user password and engine ID of the local SNMP agent. If the engine ID of the local SNMP agent is changed, the generated password summary becomes invalid. As a result, a new password summary needs to be generated for SNMPv3 users.

2. you must ensure the authentication and encryption algorithms are consist between NMS and switch.

3. The security name should be the same with the user configured for SNMP v3 .

snmp-agent target-host trap address udp-domain 192.168.64.54 params securityname huawei v3 privacy                                                            
snmp-agent mib-view included iso iso                                          
snmp-agent usm-user v3 huawei huawei authentication-mode md5 %@%@]Z<VNqvyE;bEBk<Vg85-hX0E%@%@ privacy-mode des56 %@%@qeW!"^^DH(En[18gbroThX3.%@%@  



Root Cause

We follow all 3 requirements described above but the system was still not able to add switch into NMS. It must be related to encryption algorithm.

Solution

We change the configuration on the switch for encryption from AES128 to DES and we successfully add the equipment into NMS. It looks like NMS support only AES192 and AES256, while switch only AES128.

Here below you can find the whole configuration.

<R6_U26_S2700>dis current-configuration | i snmp                               
snmp-agent                                                                    
snmp-agent local-engineid 000007DB7F00000100000001                            
snmp-agent sys-info version  v3                                            
snmp-agent group v3 huawei authentication  read-view iso write-view iso notify-view iso                                                                       
snmp-agent target-host trap address udp-domain 192.168.64.54 params securityname huawei v3 privacy                                                            
snmp-agent mib-view included iso iso                                          
snmp-agent usm-user v3 huawei huawei authentication-mode md5 %@%@]Z<VNqvyE;bEBk<Vg85-hX0E%@%@ privacy-mode des56 %@%@qeW!"^^DH(En[18gbroThX3.%@%@             

Suggestions

It's necessary to assess the security requirements in advance in order to assure full interoperability with NMS, and check very closely the encryption algorithm key length, it must be consistent on both sides.

END