No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NMS can't get SNMP information from USG6300

Publication Date:  2017-09-21 Views:  439 Downloads:  0
Issue Description

NMS can’t get SNMP message from USG6300.

Alarm Information

HRP_M<MAG-OFD-FW-1>debugging snmp-agent event

HRP_M<MAG-OFD-FW-1>debugging snmp-server error  (+B)

HRP_M<MAG-OFD-FW-1>terminal monitor

Info: Current terminal monitor is on.

HRP_M<MAG-OFD-FW-1>terminal debugging

Info: Current terminal debugging is on.

HRP_M<MAG-OFD-FW-1>undo debugging all

Info: All possible debugging has been turned off.

HRP_M<MAG-OFD-FW-1>undo t m

Info: Current terminal monitor is off.

HRP_M<MAG-OFD-FW-1>undo t d

Info: Current terminal debugging is off.

HRP_M<MAG-OFD-FW-1> 

HRP_M[MAG-OFD-FW-1]display snmp-agent statistics

2017-08-28 15:40:41.100 +03:00

  0 Messages delivered to the SNMP entity

  0 Messages which were for an unsupported version

  0 Messages which used a SNMP community name not known

  0 Messages which represented an illegal operation for the community supplied

  0 ASN.1 or BER errors in the process of decoding

  0 Messages passed from the SNMP entity

  0 SNMP PDUs which had badValue error-status

  0 SNMP PDUs which had genErr error-status

  0 SNMP PDUs which had noSuchName error-status

  0 SNMP PDUs which had tooBig error-status

  0 MIB objects retrieved successfully

  0 MIB objects altered successfully

  0 GetRequest-PDU accepted and processed

  0 GetNextRequest-PDU accepted and processed

  0 GetResponse-PDU accepted and processed

  0 SetRequest-PDU accepted and processed

  0 Trap-PDU accepted and processed

  0 Inform-PDU sent

  0 Inform ACK PDUs failed to be processed

  0 Inform ACK PDUs successfully processed

Handling Process
1. Tested to ping from USG6300 to NMS, it is successful.
2. Checked the SNMP confiugration, it is no problem.
3. Configured the SNMP community again, the password is right.
4. Checked the firewall security-policy, it already permit SNMP packets.
  

rule name snmp

  source-zone local

  source-zone dmz

  destination-zone local

  destination-zone dmz

  action permit

5. From the debugging result, there is nothing displayed. It seems the packet dropped by firewall. 
HRP_M<MAG-OFD-FW-1>debugging snmp-agent event

HRP_M<MAG-OFD-FW-1>debugging snmp-server error  (+B)

HRP_M<MAG-OFD-FW-1>terminal monitor

Info: Current terminal monitor is on.

HRP_M<MAG-OFD-FW-1>terminal debugging

Info: Current terminal debugging is on.

HRP_M<MAG-OFD-FW-1>undo debugging all

Info: All possible debugging has been turned off.

HRP_M<MAG-OFD-FW-1>undo t m

Info: Current terminal monitor is off.

HRP_M<MAG-OFD-FW-1>undo t d

Info: Current terminal debugging is off.

HRP_M<MAG-OFD-FW-1>

6. Checked the interface configuration, there is no "service-manage snmp permit" configuration.

  

interface GigabitEthernet1/0/2

undo shutdown

ip address 10.8.x.x 255.255.255.192

service-manage http permit

service-manage https permit

service-manage ping permit

service-manage ssh permit

Root Cause


Solution

Enable SNMP service at G1/0/2.

interface GigabitEthernet1/0/2

service-manage snmp permit

Suggestions

For USG SNMP issue, you can refer to the follow steps to check.

1. Test to ping from USG6300 to NMS.

2. Check the SNMP confiugration, make sure it is no problem.

3. Configure the SNMP community again, make sure the password is right.
4. Check the firewall security-policy, permit SNMP packets.
5. Check whether it have command "service-manage snmp enable" below interface.
6. debugging snmp-agent event & debugging snmp-agent error

END