Wireless Access

Reply
Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Not receiving snmp inform messages from a variety of aruba controllers.

[ Edited ]

Hello All,

I've been struggling with getting snmp informs working with airwave. Airwave shows all devices as up and using snmpv3 for polling and i can manually snmpwalk the controllers in question from the airwave cli. However, all of the controllers are overflowing their trap queue limit and i'm not getting any event type information in airwave. No failed radius authentications, etc. I've defined my snmpv3 user under the inform section of device communication (which i think is hidden away nicely). Any advice is appreciated.

 

airwave snmp informs.jpg

 

Airwave 7.4

3x 200 controllers running AOS 5.0.4.0

3200 controller running 6.1.2.3

650 controller running 6.1.2.5

 

Airwave cli returns list of mibs from command, looks to be ok...

snmpwalk 10.0.0.1 -v 3 -a SHA -A XXX -x AES -X XXX -u AMP -l authPriv

 

Aruba CLI outputs...

 

(3200) (config) #show running-config | include snmp

snmp-server user "AMP" auth-prot sha XXX priv-prot aes XXX 
snmp-server enable trap
snmp-server host 10.0.13.210 version 3 AMP inform engine-id 80001f8880909a614df6bdca udp-port 162

 

(3200) (config) #show snmp trap-hosts

SNMP TRAP HOSTS
---------------
HOST VERSION SECURITY NAME PORT TYPE TIMEOUT RETRY
---- ------- ------------- ---- ---- ------- -----
10.0.13.210 SNMPv3 AMP 162 Inform 60 3

 

(3200) (config) #show snmp trap-queue | include Total

Total traps in the queue : 250
Total traps generated on the controller : 82253

 

Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Re: Not receiving snmp inform messages from a variety of aruba controllers.

digging in a bit more, i've tried creating a different v3 user using sha/des but have the same results. Log file is reporting this message over and over...

 

(3200) (config) #show log all 1 | include snmp

Nov 30 11:41:03 snmp[608]: <301134> <WARN> |snmp| SNMP V3 Message parse error: Not in life time window failure: Possible Privacy password mismatch. 663

 

I've repasted my passwords multiple times into both airwave and controller and i'm now even using simple passwords (12 characters all lowercase alphabetical), and i've also checked to make sure the clocks were in sync between airwave and controller.

 

[root@amp mercury]# clock
Wed 30 Nov 2011 01:07:33 PM MST -0.655223 seconds

 

(3200) (config) #show clock

Wed Nov 30 13:07:49 MST 2011

 

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Not receiving snmp inform messages from a variety of aruba controllers.

The controller doesn't clear the queue when it sends traps.  The trap queue will always show the last 250 traps generated.

 

I noticed that you don't have a trap host defined.  You specified "inform" in the snmp-server host command,

 

Shouldn't you have:

 

snmp-server host 10.0.13.210 version 3 AMP

 

that will send the traps instead of informs.

 

Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Re: Not receiving snmp inform messages from a variety of aruba controllers.

Applying your command, i am prompted for the "engine-id". What is the significance of the "engine-id"? Does it need to be unique per controller, or is unique to all controllers?

 

Also, i could have sworn that i've seen controllers have their value for "total traps in the queue" be at 0. I thought since theirs were being delivered and mine weren't that would be a clue.

 

as it is, i'm applying the default engine-id "8000052301A9FEA484" to see if i get anything on amp.

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Not receiving snmp inform messages from a variety of aruba controllers.

I have always seen the queue filled up with traps.  If you use informs, you can do the command "show snmp inform stats" and you should see a 0 balance.  The difference is that traps are unacknowledged, so you have no clue whether the receiver actually got them.  Informs are ack'd, so you can resend if needed.

 

Let us know if you start to see events in AMP after changing the snmp type to traps.

Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Re: Not receiving snmp inform messages from a variety of aruba controllers.

nope, no events using traps.

 

went back to informs to check the queues and i also forced some eap radius failures. got no notifications on amp, controller doesn't even look like it's trying...

 

Nov 30 14:06:53 station-up * 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 - - wpa2 aes
Nov 30 14:06:53 eap-id-req <- 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 3 5
Nov 30 14:06:53 eap-id-resp -> 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 3 20 AMPTest
Nov 30 14:06:53 rad-req -> 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 60 197
Nov 30 14:06:53 rad-reject <- 00:26:08:fd:38:eb 00:1a:1e:16:df:f3/dc1 60 44
Nov 30 14:06:53 eap-failure <- 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 3 4 server rejected
Nov 30 14:06:53 station-down * 00:26:08:fd:38:eb 00:1a:1e:16:df:f3 - -

 

(3200) #show snmp inform stats

Inform queue size is 250

SNMP INFORM STATS
-----------------
HOST PORT INFORMS-INQUEUE OVERFLOW TOTAL INFORMS
---- ---- --------------- -------- -------------
10.0.13.210 162 0 FALSE 0

(3200) #

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Not receiving snmp inform messages from a variety of aruba controllers.

Do "show snmp trap-list" and see if you have the traps you want sent enabled.

Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Re: Not receiving snmp inform messages from a variety of aruba controllers.

everything is on. i would think amp would be getting all kinds of messages if everything was configured correctly.

Regular Contributor I
Posts: 179
Registered: ‎04-15-2009

Re: Not receiving snmp inform messages from a variety of aruba controllers.

AirWave only supports informs when you're using SNMP v3, not traps. Traps are supported if you're using v2c. 

 

If you're not able to get this working, please don't hesitate to open a TAC case. 

Frequent Contributor I
Posts: 70
Registered: ‎04-06-2007

Re: Not receiving snmp inform messages from a variety of aruba controllers.

i only enabled traps with v3 when it was suggested above, but informs sure dont seem to be working either.

Search Airheads
Showing results for 
Search instead for 
Did you mean: