Network Management

Reply
Highlighted
MVP Expert

ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

Hello,

 

I've a doubt with regards to sending SNMPv3 traps via mgmt VRF.

 

Background:

 

  • I'm using HPE IMC 7.3 E0605P06 as NMS.
  • I've two Aruba 8320 running ArubaOS-CX 10.01.0030 (VSX)
  • Aruba 8320 are already registered on HPE IMC (monitoring works, partially)

I've configured:

 

Aruba-8320-1(config)# no snmp-server vrf default
Aruba-8320-1(config)# snmp-server vrf mgmt

And, actually (HPE IMC IP Address and SNMPv3 User redacted):

 

snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user
snmp-server host HPE_IMC_IP_Address trap version v3 user mysnmpv3user

Now - reading the Aruba 8320 Monitoring Guide for ArubaOS-CX 10.01 (November 2018, 5th edition) at page 61 - I've read this statement:

 

SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. Enable SNMP traps by entering the snmp-server host command:

switch(config)# snmp-server host 10.10.10.10 trap version v2c vrf default

SNMP traps cannot be forwarded from ArubaOS-CX 10.00 switches that have the VRF configured as mgmt.
Later versions of ArubaOS-CX support SNMP trap forwarding even when the VRF is configured as default or mgmt.

So I'm asking if - running latest ArubaOS-CX 10.01.0030 - I should (or I could) specify to use mgmt VRF for SNMPv3 Traps to be sure HPE IMC 7.3 will be able to receive Traps, this way:

 

Aruba-8320-1(config)# snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user vrf mgmt

with respect what is actually configured.

 

But when I try to specify the VRF I want to use to send Traps...this is the output the command returns:

 

 

Aruba-8320-1(config)# snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user vrf mgmt
Only default is supported

So now the questions are:

 

  • are the very first pair of SNMP commands listed above (the no snmp-server vrf default and the snmp-server vrf mgmt) doing something useful or not with regards to using mgmt VRF?
  • The restriction above still applies so sending SNMPv3 Traps via mgmt VRF is not implemented yet?

Am I missing something? ...or, in other terms, how can I verify that SNMPv3 configuration is correctly set to send SNMPv3 Traps to HPE IMC 7.3 NMS (considering that Aruba 8320 are already both correctly registered/monitored on IMC)? my doubts are about Traps...

MVP Expert

Re: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

do you have look 10.01.0040, there is a some change about this...




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
MVP Expert

Re: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

Well, yes I've read about 10.01.0040 but I decided to temporarily suspend our Aruba 8320 VSX0's update roadmap until we fix an issue - not due to our Aruba VSX - we discovered during the latest update from ArubaOS-CX 10.01.0020 to 10.01.0030; basically we discovered we have a Server's LACP which isn't gracefully reacting - it goes in total ethernet failure! - when I apply VSX nodes' sequenced update...basically when a VSX LAG interface goes down (the Total Ethernet Failure happens randomly: it happened between 10.01.0020 to 0030 update procedure but not between 10.01.0011 to 0020 update procedure)...so first we need to fix it (it's a software device driver update and it will require us to reboot but it's almost impossible to find a proper time window to perform that on that Server) before considering to update to ArubaOS-CX 10.01.0040...in the meantime I was able to see that CPU Load on VSX decremented on both nodes - no other changes were made - from 0020 to 0030...thanks to IMC monitoring (I'll post about that).

MVP Expert

Re: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

...and indeed this is the actual state:

*********************************
Command : show snmp trap
*********************************
---------------------------------------------------------------------------------------------
Host                     Port  Type      Version Community-Name/User-Name        vrf                             
---------------------------------------------------------------------------------------------
HPE_IMC_IP_Address       162   inform    v3      mysnmpv3user                    default
HPE_IMC_IP_Address       162   trap      v3      mysnmpv3user                    default

that shows that the restriction about VRF mgmt is still valid. Any news about that?

MVP Expert

Re: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

What release ?




PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info


PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info


PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)


PowerArubaIAP: Powershell Module to use Aruba Instant AP




ACMP 6.4 / ACMX #107 / ACCP 6.5
MVP Expert

Re: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

ArubaOS-CX 10.01.0030.

 

I've extensively read ArubaOS-CX 10.01.0040 Release Notes but I feel that there is nothing new related to my doubts about SNMPv3(Trap/Informs)&LLDP over OoBM (VRF mgmt)...apart some fixes related to SNMPv3 and LLDP (decontextualized from OoBM and/or VRF mgmt).

 

Our HPE IMC 7.3 E0605P06 shows both Aruba 8320 nodes standalone simply not uplinked to our VSF (instead they are: OoBM of both Aruba 8320 nodes is connected back to our VSF on a interface member of our managemnt VLAN...as all the other switches we manage) and this topology issue is a clear sign that LLDP over OoBM is not operating/advertising correctly (or at all) on Aruba 8320 side.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: