This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
Enterprise products, solutions & services
Publication Date: 2020-07-16 | Views: 517 | Downloads: 0 | Author: i84076405 | Document ID: EKB1100052633
Background:
CISCO core SW has been replaced by a HUAWEI CE1 Switch.
The network is monitored by a NMS through SNMP v2c.
Issue:
After migration, the network management system could not monitor the network.
The configuration of SNMP V2c configured on CE1 is a standard one:
Snmp-agent
Snmp-agent sys-info version v2c v3
Snmp-agent community read cipher “test” acl SNMP
Snmp-agent trap enable
The NMS in configured to perform an SNMP GET using “test” community, but there is no answer from CE1.
Here are the checks performed on the CE1:
1. The SNMP version has been checked in order to be the same on the NMS and CE1.
2. The SNMP community has been checked in order to be the same on the NMS and CE1.
3. The ACL SNMP has been checked: only the IP address of NMS is permitted.
In the CE1 logbuffer we can see that authentication failed due to incorrect community.
Source IP = NMS IP_address
IP= CE1 IP_address
We double check the community name configured and it was the same as the NMS.
The customer decided stop the NMS application. We started a debug on the CE1.: the switch still receive packets from the NMS server IP address, even the NMS is shutdown.
After checking the server, another application on the server is using SNMP ( with other community configured on it) , so for this reason CE1 is receiving a lot of packets from Server IP address(the same as NMS) and CE1 LOCKs the IP address(login failure).
Solution:
1. Change the community of the NMS to be the same with the community configured on the other application and on the CE1.
2. Use this command “snmp-agent blacklist ip-block disable” to disable the IP address blacklist.
