Troubleshooting SNMP v3 polling Issue

Table of Contents

1.1. SNMP server reachable From Overlay Network

1.2. SNMP server reachable from LAN Network

1.3: SNMP server reachable from underlay network

2. Check debug logs. 6

3. Check SNMP logs. 7

4. Check Developer logs 7

5. SNMP traps …………………………………………………………………………………….8

6. Contact Support 8

Purpose

The purpose of this document is to help troubleshoot the Simple Network Management Protocol (SNMP) version v3 configuration and basic SNMP troubleshooting.

Step:1: Validate the SNMPv3 configuration:

Kindly verify the SNMP configuration on the box and ensure all the sections are configured properly. Below KBs can help you understand the configuration part.

https://support.versa-networks.com/a/solutions/articles/23000017176

Note: Make sure that the VACM Groups "Member Name" is same as community "Security Name" *SNMP Server IP and source interface (tvi-0/*) are added in VNF Manager.

While validating the configuration please ensure that SNMP server address and branch local interface to reach the server are configured under system vnf-manager. By default, we only enable vnf-manager access to versa director only.

> show configuration system vnf-manager

admin@Branch> show configuration system vnf-manager

ip-addresses [ 10.10.1.1/32 10.10.1.10/32 10.10.10.10/32 10.10.30.10/32 ];

vnf-mgmt-interfaces [ tvi-0/3.0 vni-0/0.0 vni-0/2.0].

10.10.1.10/32 – overlay—First use case

10.10.30.10/32 -- LAN, and—Second use case

11.11.3.15/32 -- underlay, - Third use case

Step: 2: Versa SNMP V3 implementation scenarios and troubleshooting:

Case 1.1: SNMP server is reachable from Branch from Overlay:

** Please ensure SNMP server is reachable over IP from CPE to SNMP server via Overlay tunnel.

SNMP.Log:

When SNMP server start polling the branch, you can verify SNMP get-request coming to branch appliance. Simultaneously branch response can also be verified under the /var/log/versa/confd/snmp.log file.

We can also review devel.log file when you are unbale to perform SNMP polling on the branch. Log file can be accessed under /var/log/versa/confd/devel.log

In below example, SNMP request is discarded as it doesn’t have valid community string in the request.

Note: SNMP mib view on the branch can restricted to only certain Mibs hence please review SNMP configuration section and make sure SNMP VACM View is allowing to poll the MIB in question.

admin@Branch> show configuration snmp | display set

set snmp vacm view internet subtree 1.2 included

set snmp vacm view internet subtree 1.3 included

set snmp vacm view internet subtree 1.3.6.1 included

Case 2: SNMP server is reachable from LAN Network

In this use case, SNMP server is reachable from LAN interface. We can verify the SNMP request coming to branch by using tcp-dump utility on LAN interface.

Snmp.log and devel.log file can be checked for request response transaction from Versa appliance as explained in section 1.

Case 3: SNMP server is reachable from Underlay Network

There are use cases where SNMP servers are reachable via underlay network from Versa branch appliance. SNMP requests cab be verified on WAN interfaces directly by running tcp-dump utility as this communication will be unencrypted.