Network Management

Reply
Highlighted
Moderator

AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

When experiencing issues with SNMP in AirWave 8.2.6 or newer, here's a quick troubleshooting guide

 

1) Test creds
2) Check SNMP version
3) Check timeout and retries
4) Test timeout
5) Big hammer: Restart all services

 

 

:: Test Creds ::


Try doing SNMP walks from the AMPCLI to test the credentials in the database. To do this, you'll need to know the device's ID which is gotten from the URL when you view the device's monitor page.

 

Example URL:
https://airwave.lab.com/ap_monitoring?id=2421
The ID is 2421

 

In CLI: go to 'Enter Commands' (opt 11)
$ ?sw
sw <ap_id> args [-o fname ] ... - snmp walk protocol v1 - see 'man snmpbulkwalk'
sw2 <ap_id> args [-o fname ] ... - snmp walk protocol v2c - see 'man snmpwalk'
sw3 <ap_id> args [-o fname ] ... - snmp walk protocol v3 - see 'man snmpbulkwalk'
With '-o fname' the output will be saved in the CLI user directory.
$ sw2 2421 sysName
SNMPv2-MIB::sysName.0 = STRING: jamaica-test-aos65

 

If you get a valid output like above, then the credentials are correct. If you're on older code - it might just be easier to go to the device's management page and updating the creds with the correct creds.

 

 

:: Check SNMP version ::


Go to Groups -> select group -> Basics page


Under the specific supported Device type breakout - check that SNMP version used to communicate with your device is set to the right version.

 

 

:: Check timeout and retries ::


Go to Device Setup -> Communication
Check values for SNMP timeout and SNMP retries


Some devices require longer timeouts, especially if the tables are larger to gather or if the devices SNMP proto is slower like legacy Motorola controllers which require the max timeout.

 

 

:: Test timeout ::


From the AMPCLI again

 

In CLI: go to 'Enter Commands' (opt 11)
$ ?sw
sw <ap_id> args [-o fname ] ... - snmp walk protocol v1 - see 'man snmpbulkwalk'
sw2 <ap_id> args [-o fname ] ... - snmp walk protocol v2c - see 'man snmpwalk'
sw3 <ap_id> args [-o fname ] ... - snmp walk protocol v3 - see 'man snmpbulkwalk'
With '-o fname' the output will be saved in the CLI user directory.
$ sw2 2421 .1 -Cc

 

Running .1 is collecting the entire MIB table. You could also isolate to specific tables that are larger like the BSSID table (for Aruba controllers: wlsxWlanAPBssidTable) or client usage tables (for Aruba controllers: nUserName or nUser6Name). If you're seeing the timeout happening frequently even when at max setting, then open a support case for further debugging. Support may have to manually increase the timeout value beyond what the UI allows (but this makes the Device Communication page obsolete as any setting change would revert the timeout back to the max allowed).

 

 

:: Big Hammer - Restart of all AMP services ::


If you choose not to try to debug the cause and just want to see if the services are stalled, then you can go to System -> Status, at the bottom of the page is Restart AMP option.

 

AMPCLI also has a parallel option under the Advanced (8) -> Restart Application (1).


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

What if you get  see 'man snmpwalk'' is not allowed.

 

Or Sorry, 'snmp walk' is not allowed.

 

How do I get around this restriction ?

Moderator

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

What version of AirWave?  I just checked and it works on 8.2.6.1 and 8.2.7.

 

$ man snmpwalkmansnmp.png

 

 

Only cmds in the cmd whitelist will show man pages.  If the cmd isn't in the cmd whitelist, then we don't show it.

 

$ man passwd
Sorry, 'passwd' is not a command you can enter here
so no need to see the man page for it.

 

For snmpwalks, only snmpwalks to devices that have been added into AirWave database can be tested using these calls:

$ help sw
sw <ap_id> args [-o fname ] ... - snmp walk protocol v1 - see 'man snmpbulkwalk'
sw2 <ap_id> args [-o fname ] ... - snmp walk protocol v2c - see 'man snmpwalk'
sw3 <ap_id> args [-o fname ] ... - snmp walk protocol v3 - see 'man snmpbulkwalk'
With '-o fname' the output will be saved in the CLI user directory.

 

This ensures that the IP address, community string, v3 user/pass/auth/priv are correct in the database.  It also saves the user from having to remember the creds.  If you're finding this limitation too restricting, please file a feature request.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

8.2.5.1

 

So i just tried to upgrade to 8.2.6 and looked to be going ok before saying:

Upgrade Aborted

goldy: unrecognized service

 

Now it is dead - I will restore the checkpoint for the old version however I would like to get this upgraded

Moderator

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

Please open a support case.  The error that shows on the screen is often just after the actual crash that caused the upgrade to quit.  Support can help get to the /var/log/upgrade/*upgrade.log


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor I

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

This is the message I receive:

 

 

Running Upgrade OmniVista 3600 Air Manager

Enter desired version: 8.2.6
Running [/usr/local/airwave/bin/start_upgrade -f /var/ampcli/user -v 8.2.6]...
Upgrade script OV3600-8.2.6-amp_upgrade was not found in local cache.
Upgrade package found in local cache.
Validating the upgrade package...
Using upgrade script extracted from local package.
Upgrade package found in local cache.

Checking iptables.


Checking the database schema.

Validating the upgrade package...
Verifying authenticity of the upgrade package....
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
Verifying signature....
Good Signature....
Verifying checksum....
Upgrade package verified....
Upgrading OV3600 to version 8.2.6 from version 8.2.5.1...
Detailed log will be written to /var/log/upgrade/OV3600-8.2.6-upgrade.log

STEP 1: Moving old version aside.

STEP 2: Unpacking upgrade package.

STEP 3: Checking for compatibility.

STEP 4: Stopping OV3600 services.

STEP 5: Installing upgrade.
Stopping httpd: [ OK ]
make[3]: Leaving directory `/root/git/mercury/src/x86_64/rpms/CentOS-6'
make[2]: *** [postgresql] Error 2
make[2]: Leaving directory `/root/git/mercury/src'
make[1]: *** [src_install] Error 2
make[1]: Leaving directory `/root/git/mercury'
make: *** [upgrade] Error 2
make: Leaving directory `/root/git/mercury'
goldy: unrecognized service
Stopping nginx: [ OK ]
Stopping httpd: [ OK ]


Upgrade aborted.
Please contact Alcatel-Lucent Support at
support@ind.alcatel.com - http://service.esd.alcatel-lucent.com

Moderator

Re: AMP-Tip: 8.2.6 AMPCLI: Enter Commands #3: SNMP debugging

Would need to see the full content of /var/log/upgrade/OV3600-8.2.6-upgrade.log.  Due to the CLI locking, that log isn't available unless you have a backdoor user or through the support account.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: