Network Management

last person joined: 13 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

This thread has been viewed 14 times

  • 1.  ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 16, 2018 04:15 AM

    Hello,

     

    I've a doubt with regards to sending SNMPv3 traps via mgmt VRF.

     

    Background:

     

    • I'm using HPE IMC 7.3 E0605P06 as NMS.
    • I've two Aruba 8320 running ArubaOS-CX 10.01.0030 (VSX)
    • Aruba 8320 are already registered on HPE IMC (monitoring works, partially)

    I've configured:

     

    Aruba-8320-1(config)# no snmp-server vrf default
Aruba-8320-1(config)# snmp-server vrf mgmt

    And, actually (HPE IMC IP Address and SNMPv3 User redacted):

     

    snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user
snmp-server host HPE_IMC_IP_Address trap version v3 user mysnmpv3user

    Now - reading the Aruba 8320 Monitoring Guide for ArubaOS-CX 10.01 (November 2018, 5th edition) at page 61 - I've read this statement:

     

    SNMP traps enable an agent to notify the management station of significant events by way of an unsolicited SNMP message. Enable SNMP traps by entering the snmp-server host command:

switch(config)# snmp-server host 10.10.10.10 trap version v2c vrf default

SNMP traps cannot be forwarded from ArubaOS-CX 10.00 switches that have the VRF configured as mgmt.
Later versions of ArubaOS-CX support SNMP trap forwarding even when the VRF is configured as default or mgmt.

    So I'm asking if - running latest ArubaOS-CX 10.01.0030 - I should (or I could) specify to use mgmt VRF for SNMPv3 Traps to be sure HPE IMC 7.3 will be able to receive Traps, this way:

     

    Aruba-8320-1(config)# snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user vrf mgmt

    with respect what is actually configured.

     

    But when I try to specify the VRF I want to use to send Traps...this is the output the command returns:

     

     

    Aruba-8320-1(config)# snmp-server host HPE_IMC_IP_Address inform version v3 user mysnmpv3user vrf mgmt
Only default is supported

    So now the questions are:

     

    • are the very first pair of SNMP commands listed above (the no snmp-server vrf default and the snmp-server vrf mgmt) doing something useful or not with regards to using mgmt VRF?
    • The restriction above still applies so sending SNMPv3 Traps via mgmt VRF is not implemented yet?

    Am I missing something? ...or, in other terms, how can I verify that SNMPv3 configuration is correctly set to send SNMPv3 Traps to HPE IMC 7.3 NMS (considering that Aruba 8320 are already both correctly registered/monitored on IMC)? my doubts are about Traps...



  • 2.  RE: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 25, 2018 03:48 AM

    do you have look 10.01.0040, there is a some change about this...



  • 3.  RE: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 25, 2018 10:47 AM

    Well, yes I've read about 10.01.0040 but I decided to temporarily suspend our Aruba 8320 VSX0's update roadmap until we fix an issue - not due to our Aruba VSX - we discovered during the latest update from ArubaOS-CX 10.01.0020 to 10.01.0030; basically we discovered we have a Server's LACP which isn't gracefully reacting - it goes in total ethernet failure! - when I apply VSX nodes' sequenced update...basically when a VSX LAG interface goes down (the Total Ethernet Failure happens randomly: it happened between 10.01.0020 to 0030 update procedure but not between 10.01.0011 to 0020 update procedure)...so first we need to fix it (it's a software device driver update and it will require us to reboot but it's almost impossible to find a proper time window to perform that on that Server) before considering to update to ArubaOS-CX 10.01.0040...in the meantime I was able to see that CPU Load on VSX decremented on both nodes - no other changes were made - from 0020 to 0030...thanks to IMC monitoring (I'll post about that).



  • 4.  RE: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 27, 2018 10:39 AM

    ...and indeed this is the actual state:

    *********************************
Command : show snmp trap
*********************************
---------------------------------------------------------------------------------------------
Host                     Port  Type      Version Community-Name/User-Name        vrf                             
---------------------------------------------------------------------------------------------
HPE_IMC_IP_Address       162   inform    v3      mysnmpv3user                    default
HPE_IMC_IP_Address       162   trap      v3      mysnmpv3user                    default

    that shows that the restriction about VRF mgmt is still valid. Any news about that?



  • 5.  RE: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 27, 2018 10:44 AM

    What release ?



  • 6.  RE: ArubaOS-CX 10.01: doubts about SNMPv3 Traps via mgmt VRF

    MVP GURU
    Posted Nov 27, 2018 11:11 AM

    ArubaOS-CX 10.01.0030.

     

    I've extensively read ArubaOS-CX 10.01.0040 Release Notes but I feel that there is nothing new related to my doubts about SNMPv3(Trap/Informs)&LLDP over OoBM (VRF mgmt)...apart some fixes related to SNMPv3 and LLDP (decontextualized from OoBM and/or VRF mgmt).

     

    Our HPE IMC 7.3 E0605P06 shows both Aruba 8320 nodes standalone simply not uplinked to our VSF (instead they are: OoBM of both Aruba 8320 nodes is connected back to our VSF on a interface member of our managemnt VLAN...as all the other switches we manage) and this topology issue is a clear sign that LLDP over OoBM is not operating/advertising correctly (or at all) on Aruba 8320 side.