Network Management

 View Only
  • 1.  Issue with HPE IMC Configuration for VSX Switches

    Posted Feb 27, 2024 08:47 AM

    Hello,

    I am encountering an issue with configuring HPE IMC for VSX switches and I am seeking assistance from the community to resolve it.

    The problem arises specifically with the VSX pairs. Currently, I am only able to identify the primary switch using the IP address of the active gateway (the shared one). However, I am unable to add both VSX switches to HPE IMC as shown in the configuration described in this blog:

    https://community.hpe.com/t5/imc/hpe-imc-7-3-e0605p4-and-aruba-8320-vsx-isl-lag-and-isl-keepalive/td-p/7014592

    Could someone please provide detailed steps or instructions on how to correctly configure HPE IMC for VSX switches?

    I suspect there might be a missing component in the SNMP configuration that is preventing both switches from being recognized by HPE IMC. Could anyone provide insights or guidance on how to correctly configure SNMP for VSX switches in HPE IMC to ensure both switches are properly added and managed within the system?

    Thank you!


    Configuration:

    PRIMARY SWITCHA *

    interface vlan 9
        vsx-sync active-gateways
        ip address 10.10.230.68/26
        active-gateway ip mac 15:01:00:00:01:00
        active-gateway ip 10.10.230.67
    snmp-server vrf default
    snmp-server community MYCOMUNITYA
        access-level rw
    snmp-server community MYCOMUNITYB
    snmp-server host 10.10.230.9 trap version v2c community MYCOMUNITYB
    vsx
        system-mac 02:01:00:00:01:00
        inter-switch-link lag 256
        role primary
        vsx-sync copp-policy dns snmp ssh static-routes time vsx-global

    ip route 0.0.0.0/0 10.10.230.65

    BACKUP SWITCHB*

    interface vlan 9
        vsx-sync active-gateways
        ip address 10.10.230.69/26
        active-gateway ip mac 15:01:00:00:01:00
        active-gateway ip 10.10.230.67
    snmp-server vrf default
    snmp-server community MYCOMUNITYA
        access-level rw
    snmp-server community MYCOMUNITYB
    snmp-server host 10.10.230.9 trap version v2c community MYCOMUNITYB
    vsx
        system-mac 02:01:00:00:01:00
        inter-switch-link lag 256
        role secondary
        vsx-sync copp-policy dns snmp ssh static-routes time vsx-global
    ip route 0.0.0.0/0 10.10.230.65

    vsx status

    VSX Operational State
    ---------------------
      ISL channel             : In-Sync
      ISL mgmt channel        : operational
      Config Sync Status      : In-Sync
      NAE                     : peer_reachable
      HTTPS Server            : peer_reachable

    Attribute           Local               Peer
    ------------        --------            --------
    ISL link            lag256              lag256
    ISL version         2                   2
    System MAC          02:01:00:00:01:00   02:01:00:00:01:00
    Platform            6410                6410
    Software Version    FL.10.13.0005       FL.10.13.0005
    Device Role         primary             secondary






  • 2.  RE: Issue with HPE IMC Configuration for VSX Switches
    Best Answer

    Posted Feb 27, 2024 10:48 AM

    Hi Roberto, you should first check this document (HPE iMC 7.3 and ArubaOS-CX Switches Configuration Guide for IMC 7.3 E0710 edition) then, if I were you, I would setup the SNMPv3 on each VSX member (instead of SNMPv2):

    snmp-server vrf mgmt <--- supposing you reach the HPE IMC through mgmt VRF
    snmp-server system-description <your-system-description-here>
    snmp-server system-location <your-system-location-here>
    snmp-server system-contact <your-system-contact-here>
    snmpv3 user <your-snmp-user-here> auth sha auth-pass ciphertext <your-auth-pass-here> priv aes priv-pass ciphertext <your-priv-pass-here>
    snmp-server host <your-HPE-IMC-ip-address-here> inform version v3 user <your-snmp-user-here>
    snmp-server host <your-HPE-IMC-ip-address-here> trap version v3 user <your-snmp-user-here>

    and add the snmp synchronization into the VSX context:

    vsx-sync snmp




  • 3.  RE: Issue with HPE IMC Configuration for VSX Switches

    Posted Feb 28, 2024 06:02 AM

    Hi,

    Thank you for your response!

    So, since there aren't any VRFs in my setup (it's all in the "default" VRF), do I really need to configure SNMP in the "management" VRF? Just want to make sure I'm not missing out on any specific benefits or reasons for doing so.

    Also, regarding SNMP versions, I noticed that SNMPv2c is mentioned in the guide you shared. My current setup is already using SNMPv2c and seems to be doing the job well, except for detecting the two VSX switches separately. Any thoughts on why this might be happening, and any suggestions on how to address it?

    Appreciate you sharing the guide. I'll definitely give it a thorough read to see if there are any insights that could help with this issue.

    Thanks again!




  • 4.  RE: Issue with HPE IMC Configuration for VSX Switches

    Posted Feb 29, 2024 02:43 PM

    Ciao Roberto,

    "So, since there aren't any VRFs in my setup (it's all in the "default" VRF), do I really need to configure SNMP in the "management" VRF?"

    No, you really don't.

    It clearly depends on your specific network setup/scenario (indeed I added the note "supposing you reach the HPE IMC through mgmt VRF" after the snmp-server vrf mgmt command example): let me say that IF each Aruba CX 6410 has the OoBM interface connected and that interface can reach (and can be reached) by your monitoring system THEN that interface could be also used for SNMP by specifying the command snmp-server vrf mgmt instead of the snmp-server vrf default.

    "Just want to make sure I'm not missing out on any specific benefits or reasons for doing so."

    You're not missing anything. In my case I control VSX members through the OoBM interface and so I use it for monitoring them via SNMP too.

    "Also, regarding SNMP versions, I noticed that SNMPv2c is mentioned in the guide you shared. My current setup is already using SNMPv2c and seems to be doing the job well, except for detecting the two VSX switches separately. Any thoughts on why this might be happening, and any suggestions on how to address it?"

    I must admit I never tried SNMPv2 in my network because I preferred SNMPv3 (as a best practice) from the start, to be honest I entirely disabled SNMPv2 everywhere...but I don't think your issue is (or could be) directly related to selecting SNMPv2 versus SNMPv3 (provided that both are correctly configured).

    How it is your monitoring system configured to connect respectively (and separately) to each VSX member? are you using the VSX Primary IP and VSX Secondary IP addresses?

    "Appreciate you sharing the guide."

    Glad you found it interesting.

    Nel caso batti un colpo!

    Davide.