Networking

Enable SNMPv3 on Summit XOS Switch configured with enhanced security

Recently, I ran into an issue connected an XOS switch to Netsight monitoring.  After looking at Netsight, the console simply said the status was “Contact Lost.”  From within Netsight however, I could ping the switch (simply right click the switch listed in the console tree and select Ping).

extreme_snmp00

As you can see above, I had ping responses which means at least at layer three I have network connectivity.  This pointed the problem towards SNMP configuration.  This switch when configured initially was setup in the “enhanced security” mode which basically turns off everything until it is explicitly turned back on in the initial setup.  On issuing a show config snmp the configuration looked like this:

extreme_snmp01

As seen above, you can see the reason that SNMP is not working correctly.  Also a show log revealed many entries with Access Denied messages and the sort for SNMP.  The following are the commands used to correct the issue with SNMP:

Adding the users back:

configure snmpv3 add user "admin" engine-id <your engine-id goes here>
configure snmpv3 add user "initial" engine-id <your engine-id goes here>
configure snmpv3 add user "initialmd5" engine-id <your engine-id goes here>
configure snmpv3 add user "initialsha" engine-id <your engine-id goes here>
configure snmpv3 add user "initialmd5Priv" engine-id <your engine-id goes here>
configure snmpv3 add user "initialshaPriv" engine-id <your engine-id goes here>

Enabling the communities:

configure snmp add community readonly public
configure snmp add community readwrite private

Enabling SNMP access:

enable snmp access vr "VR-Default"
enable snmp access vr "VR-Mgmt"
enable snmp access

Setting up the snmpuser:

configure snmpv3 add user yoursnmpuser authentication md5 privacy

Adding your SNMP user to the appropriate group:

conf snmpv3 add group admin user yoursnmpuser sec-model usm

After the appropriate configuration has been put in place on the switch side, we can now go into Netsight and test the configuration using the MIB Tools:

Right-click the device in question and then select MIB Tools

extreme_snmp02

You can then select the Profile dropdown to test SNMP versions 1-3.

extreme_snmp03

If the test is successful, you will see the Device Request: Contact was established message at the bottom of the MIB Tools window.

extreme_snmp04

Configuring SNMP on XOS switches is not a difficult task, however, depending on whether or not the switch was initially configured with the enhanced security option will definitely make a difference in how much configuration needs to be put in place on the switch to allow SNMP communication.

Back to top button