No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Why Cannot a Device Connect to the NMS Through SNMP?

Why Cannot a Device Connect to the NMS Through SNMP?

If a reachable route exists between the device and NMS but the device cannot connect to the NMS, run the display logbuffer command in any view of the device to check the SNMP login failure log (SNMP/3/SNMP_AUTHEN_FAILED: Failed to login through SNMP). The failure reasons recorded in the log are as follows:

Table 22-72 Failure reasons and suggestions
Failure reason Description Suggestion
Version is incorrect The SNMP versions on the device and NMS are inconsistent.

Run the display snmp-agent sys-info version command in any view to check whether the SNMP versions on the device and NMS are the same. If not, run the snmp-agent sys-info version command in the system view to set the SNMP version on the device.

Packet is too large The size of an SNMP packet sent by the NMS exceeds the threshold set on the device.

Run the snmp-agent packet max-size command in the system view to increase the packet size threshold.

PDU decode error Decoding error. The possible causes are:
  • Reason 1: The SNMP engine IDs used by the NMS and device are different.
  • Reason 2: The SNMP packet is modified.
  • Reason 3: The time window of the SNMP packet is incorrect.
  • Reason 1:

    • If the SNMP engine ID has been configured on the NMS, run the display snmp-agent local-engineid command in any view to check whether the SNMP engine IDs on the NMS and device are the same. If not, run the snmp-agent local-engineid engineid command in the system view to set the local SNMP engine ID on the device or change the engine ID on the NMS to make them consistent.
    • If the SNMP engine ID is not configured on the NMS, run the display snmp-agent local-engineid command in any view to check the SNMP engine ID on the device. Obtain the SNMP packet header to check whether the SNMP engine ID in the packet is the same as the displayed local SNMP engine ID. If not, run the snmp-agent local-engineid engineid command in the system view to set the local SNMP engine ID on the device or wait until the NMS synchronizes the SNMP engine ID from the device.
  • Reason 2:

    The network is undergoing an attack. Find out the attack source, eliminate the attack, and connect the device to the NMS again.

  • Reason 3:

    The network is unstable and network delay is long. Connect the device to NMS again when the network is stable.

Community is incorrect The community names on the NMS and device are different.

The configured SNMP community name is stored in cipher text. The community name displayed by the display snmp-agent community command in any view is also in cipher text. If you have forgotten the community name, run the snmp-agent community { read | write } community-name command in the system view to configure a new read/write community name, which must be the same as that used on the NMS.

ACL denied The IP address used by the NMS to send SNMP request packets is denied by an ACL.

Run the display acl {acl-number | name acl-name | all } command in any view to check ACL configuration.

If the IP address used by the NMS to send requests is denied by the ACL, run the rule command in the corresponding ACL view to allow the NMS to access the device.

If the NMS is on a VPN but no VPN instance name is bound to the ACL rule, run the rule command in the corresponding ACL view to bind the ACL rule to the VPN instance.

UsmUser Name is incorrect The SNMPv3 USM user names or AAA local user names configured on the NMS and device are different.
  • If the device uses an SNMPv3 USM user name to communicate with the NMS, run the display snmp-agent usm-user command in any view to check whether the SNMPv3 USM user name is the same as that configured on the NMS. If not, modify the SNMPv3 USM user name on the NMS or device to make them consistent.

  • If the device uses an SNMPv3 AAA local user name to communicate with the NMS, run the display snmp-agent local-user command in any view to check whether the SNMPv3 AAA local user name is the same as that configured on the NMS. If not, modify the SNMPv3 AAA user name on the NMS or device to make them consistent.

Wrong Protocol Parameter The security level of the SNMPv3 user is lower than that of the SNMPv3 user group.

Run the display snmp-agent group and display snmp-agent usm-user commands in any view to check the security levels of the SNMPv3 user group and user. If the security level of the SNMPv3 user is lower than that of the user group, run the snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } command in the system view to set an authentication password for the SNMPv3 user and the snmp-agent usm-user v3 user-name privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } command in the system view to set an encryption password for the SNMPv3 user.

The SNMPv3 security levels in descending order are as follows:
  • Level 1: privacy (authentication and encryption)
  • Level 2: authentication (only authentication)
  • Level 3: noauthentication (no authentication, no encryption)

The security level of the SNMPv3 user cannot be lower than the security level of the user group; otherwise, the device cannot communicate with the NMS.

Context name is incorrect The contextname on the NMS is incorrect.

Set the contextname on the NMS to be empty.

Wrong Privacy Parameters for USM User The SNMPv3 USM encryption method or password configured on the NMS is different from that on the device.
  • If the encryption methods are different:

    Run the snmp-agent usm-user v3 user-name privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } command in the system view to set the SNMPv3 USM encryption method and password to be the same as those on the NMS.

  • If the encryption passwords are different:

    The SNMPv3 USM encryption password is stored in cipher text. If you have forgotten the SNMPv3 USM encryption password, run the snmp-agent usm-user v3 user-name privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } command in the system view to set the SNMPv3 USM encryption password to be the same as that on the NMS.

Wrong Authentication Parameters for USM User The SNMPv3 USM authentication method or password configured on the NMS is different from that on the device.
  • If the authentication methods are different:

    Run the snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } command in the system view to set the SNMPv3 USM authentication method and password to be the same as those on the NMS.

  • If the authentication passwords are different:

    The SNMPv3 USM authentication password is stored in cipher text. If you have forgotten the SNMPv3 USM authentication password, run the snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } command in the system view to set the SNMPv3 USM authentication password to be the same as that on the NMS.

Wrong Security level for USM User The SNMPv3 USM user security level on the NMS is higher than that on the device.
Run the display snmp-agent usm-user command in any view to check whether an authentication or encryption method is configured for the SNMPv3 USM user.
  • If no authentication or encryption method is configured for SNMPv3 USM user on the device, this indicates that the security level of the SNMPv3 USM user on the device is noauthentication. However, the security level of the SNMPv3 USM user on the NMS is authentication. Perform the following operations:
    • Run the snmp-agent usm-user v3 user-name authentication-mode { md5 | sha } command in the system view to set the SNMPv3 USM authentication password to be the same as that on the NMS.
    • Change the security level of SNMPv3 USM user on the NMS to be the same as that on the device.
  • If an authentication method is configured for the SNMPv3 USM user on the device, this indicates that the security level of SNMPv3 USM user on the device is authentication. However, the security level of the SNMPv3 USM user on the NMS is privacy. Perform the following operations:
    • Run the snmp-agent usm-user v3 user-name privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } command in the system view to set the SNMPv3 USM encryption password to be the same as that on the NMS.
    • Change the security level of SNMPv3 USM user on the NMS to be the same as that on the device.
Wrong Authentication Parameters for Local User The authentication password for AAA local user on the NMS is different from that on the device.

The authentication and encryption passwords for SNMPv3 AAA local user are stored in cipher text. If you have forgotten the authentication or encryption password for SNMPv3 AAA local user, run the snmp-agent local-user v3 user-name { authentication-mode { md5 | sha } privacy-mode { 3des168 | aes128 | aes192 | aes256 | des56 } command in the system view to set the authentication and encryption passwords for SNMPv3 AAA local user to be the same as those on the NMS.

Wrong Privacy Parameters for Local User The encryption password for AAA local user on the NMS is different from that on the device.

Pipeline is full

The NMS has sent too many SNMP request packets to congest the channel. Reduce the number of SNMP request packets sent by the NMS.
Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 615791

Downloads: 2965

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next