Ciao Roberto,
"So, since there aren't any VRFs in my setup (it's all in the "default" VRF), do I really need to configure SNMP in the "management" VRF?"
No, you really don't.
It clearly depends on your specific network setup/scenario (indeed I added the note "supposing you reach the HPE IMC through mgmt VRF" after the snmp-server vrf mgmt command example): let me say that IF each Aruba CX 6410 has the OoBM interface connected and that interface can reach (and can be reached) by your monitoring system THEN that interface could be also used for SNMP by specifying the command snmp-server vrf mgmt instead of the snmp-server vrf default.
"Just want to make sure I'm not missing out on any specific benefits or reasons for doing so."
You're not missing anything. In my case I control VSX members through the OoBM interface and so I use it for monitoring them via SNMP too.
"Also, regarding SNMP versions, I noticed that SNMPv2c is mentioned in the guide you shared. My current setup is already using SNMPv2c and seems to be doing the job well, except for detecting the two VSX switches separately. Any thoughts on why this might be happening, and any suggestions on how to address it?"
I must admit I never tried SNMPv2 in my network because I preferred SNMPv3 (as a best practice) from the start, to be honest I entirely disabled SNMPv2 everywhere...but I don't think your issue is (or could be) directly related to selecting SNMPv2 versus SNMPv3 (provided that both are correctly configured).
How it is your monitoring system configured to connect respectively (and separately) to each VSX member? are you using the VSX Primary IP and VSX Secondary IP addresses?
"Appreciate you sharing the guide."
Glad you found it interesting.
Nel caso batti un colpo!
Davide.
Original Message:
Sent: 2/28/2024 6:02:00 AM
From: Roberto Martin
Subject: RE: Issue with HPE IMC Configuration for VSX Switches
Hi,
Thank you for your response!
So, since there aren't any VRFs in my setup (it's all in the "default" VRF), do I really need to configure SNMP in the "management" VRF? Just want to make sure I'm not missing out on any specific benefits or reasons for doing so.
Also, regarding SNMP versions, I noticed that SNMPv2c is mentioned in the guide you shared. My current setup is already using SNMPv2c and seems to be doing the job well, except for detecting the two VSX switches separately. Any thoughts on why this might be happening, and any suggestions on how to address it?
Appreciate you sharing the guide. I'll definitely give it a thorough read to see if there are any insights that could help with this issue.
Thanks again!
Original Message:
Sent: Feb 27, 2024 10:48 AM
From: parnassus
Subject: Issue with HPE IMC Configuration for VSX Switches
Hi Roberto, you should first check this document (HPE iMC 7.3 and ArubaOS-CX Switches Configuration Guide for IMC 7.3 E0710 edition) then, if I were you, I would setup the SNMPv3 on each VSX member (instead of SNMPv2):
snmp-server vrf mgmt <--- supposing you reach the HPE IMC through mgmt VRF
snmp-server system-description <your-system-description-here>
snmp-server system-location <your-system-location-here>
snmp-server system-contact <your-system-contact-here>
snmpv3 user <your-snmp-user-here> auth sha auth-pass ciphertext <your-auth-pass-here> priv aes priv-pass ciphertext <your-priv-pass-here>
snmp-server host <your-HPE-IMC-ip-address-here> inform version v3 user <your-snmp-user-here>
snmp-server host <your-HPE-IMC-ip-address-here> trap version v3 user <your-snmp-user-here>
and add the snmp synchronization into the VSX context:
vsx-sync snmp
Original Message:
Sent: Feb 26, 2024 11:49 AM
From: Roberto Martin
Subject: Issue with HPE IMC Configuration for VSX Switches
Hello,
I am encountering an issue with configuring HPE IMC for VSX switches and I am seeking assistance from the community to resolve it.
The problem arises specifically with the VSX pairs. Currently, I am only able to identify the primary switch using the IP address of the active gateway (the shared one). However, I am unable to add both VSX switches to HPE IMC as shown in the configuration described in this blog:
https://community.hpe.com/t5/imc/hpe-imc-7-3-e0605p4-and-aruba-8320-vsx-isl-lag-and-isl-keepalive/td-p/7014592
Could someone please provide detailed steps or instructions on how to correctly configure HPE IMC for VSX switches?
I suspect there might be a missing component in the SNMP configuration that is preventing both switches from being recognized by HPE IMC. Could anyone provide insights or guidance on how to correctly configure SNMP for VSX switches in HPE IMC to ensure both switches are properly added and managed within the system?
Thank you!
Configuration:
PRIMARY SWITCHA *
interface vlan 9
vsx-sync active-gateways
ip address 10.10.230.68/26
active-gateway ip mac 15:01:00:00:01:00
active-gateway ip 10.10.230.67
snmp-server vrf default
snmp-server community MYCOMUNITYA
access-level rw
snmp-server community MYCOMUNITYB
snmp-server host 10.10.230.9 trap version v2c community MYCOMUNITYB
vsx
system-mac 02:01:00:00:01:00
inter-switch-link lag 256
role primary
vsx-sync copp-policy dns snmp ssh static-routes time vsx-global
ip route 0.0.0.0/0 10.10.230.65
BACKUP SWITCHB*
interface vlan 9
vsx-sync active-gateways
ip address 10.10.230.69/26
active-gateway ip mac 15:01:00:00:01:00
active-gateway ip 10.10.230.67
snmp-server vrf default
snmp-server community MYCOMUNITYA
access-level rw
snmp-server community MYCOMUNITYB
snmp-server host 10.10.230.9 trap version v2c community MYCOMUNITYB
vsx
system-mac 02:01:00:00:01:00
inter-switch-link lag 256
role secondary
vsx-sync copp-policy dns snmp ssh static-routes time vsx-global
ip route 0.0.0.0/0 10.10.230.65
vsx status
VSX Operational State
---------------------
ISL channel : In-Sync
ISL mgmt channel : operational
Config Sync Status : In-Sync
NAE : peer_reachable
HTTPS Server : peer_reachable
Attribute Local Peer
------------ -------- --------
ISL link lag256 lag256
ISL version 2 2
System MAC 02:01:00:00:01:00 02:01:00:00:01:00
Platform 6410 6410
Software Version FL.10.13.0005 FL.10.13.0005
Device Role primary secondary