Question: How can I troubleshoot SNMP and MMS configuration push and import?
Product and Software: This article applies to all Aruba controllers, ArubaOS 3.1.x and later, and MMS 2.1.x and later.
Troubleshooting SNMP and Traps (v3 Informs)
1) The mobility manager command should be set on the controller, which creates the snmp user and trap host and sets the auth and privacy protocols and passwords correctly to work with MMS SNMP v3.
2) SNMP set, get, and inform messages will not work if the SNMP user and password on the switch does not match what is configured on the MMS for that switch.
3) If the same SNMP user name is used on more than one controller in a network managed by MMS, it must be associated with the same identical SNMP password on all the controllers where it is used. This is not due to a bug, but rather, is a requirement on any network that uses SNMP v3 inform messages between the SNMP Manager and SNMP Agents.
4) If the switch IP address (issue a 'show switch ip' command) on the controller is not the same as the IP address with which the controller was added in the MMS, then inform messages will not work. If the IP addresses cannot be the same, then the 'snmp-server trap source' command must be used on the controller to set the trap source IP address to the IP address used by MMS.
5) Because time is integral to the SNMP v3 protocol, NTP should be used to ensure that the time on the controllers and the MMS server remains synchronized. If time does not remain in sync, SNMP will stop working when the clocks drift apart enough (+/-150 seconds).
6) The active interface between the MMS and the controller(s) is expected to be eth0. If it is not, SNMP requests and inform messages, among other things, will not work properly.
7) SNMP v3 may stop working if the:
- Time is changed on the MMS or the controller.
- MMS hardware is changed.
- MMS IP address is changed.
You may need to restart the mmgr application from the MMS command line using the '/etc/init.d/mmgr restart' command, and restart the snmpd task on the controller using the 'process restart snmpd' command.
In ArubaOS 18.104.22.168 and later releases, instead of restarting snmpd, you should be able to remove the mobility manager from the controller and add it back again to reset the v3 remote engine v3 credentials.
8) SNMP traffic on ports 161 and 162 must be allowed through the network between the MMS and the controllers. Config import also uses https, which means port 443 must also be allowed. Use tcpdump and/or WireShark/Ethereal to verify that packets are getting through.
9) In the controller CLI, when you issue the 'show snmp inform stats' command, if the number of informs in the queue is > 0 and is either growing or has already reached the max (250), then the v3 inform messages are not being received and/or acknowledged by the MMS.
Troubleshooting MMS Configuration Push and Import
1) Config push relies on SNMP set as well as SNMP informs to work properly.
2) Config import uses SNMP set and HTTPS to transfer the imported config file.
3) SNMP traffic on ports 161 and 162 and HTTPS traffic on port 443 must be allowed through the network between the MMS and the controllers. Use tcpdump and/or WireShark/Ethereal to verify that packets are getting through.
4) If a config push fails, right-click the controller, select Properties, and look at the Fail Reason field. If the reason is Time Out, then the most likely cause is that the inform messages are not being received by the MMS, and you need to troubleshoot the inform problem as detailed earlier. If the reason is SNMP Set failed, try restarting the mmgr application from the MMS command line using the '/etc/init.d/mmgr restart' command. (There was a bug that causes SNMP set to fail after the SNMP password is changed. It is fixed in 22.214.171.124). If the mmgr application restart does not work, try restarting the snmpd process on the controller via CLI using the 'process restart snmpd' command.
5) If config import is failing, look for the import failure reason in the log: /opt/apache-tomcat-5/logs/mms.log). If the failure is due to SNMP Set failure, try restarting the mmgr application from the MMS command line using the '/etc/init.d/mmgr restart' command. (There was a bug that causes SNMP set to fail after the SNMP password is changed. It is fixed in ArubaOS 126.96.36.199). If the mmgr application restart does not work, try restarting the snmpd process on the controller using the 'process restart snmpd' command.