Troubleshoot SNMPv3 Support with StarOS

Available Languages

Download Options

  • PDF     (41.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (80.6 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (66.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:October 10, 2022
Document ID:218312

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes the Simple Network Management Protocol Version 3 (SNMPv3) support in StarOS with snmp-engine ID configuration.

    Problem

    Once the upgrade is complete, SNMPv3 encounters a problem due to which alarms and files are not pushed at the server end (for example, Prime Server).

    In versions earlier than 21.22.3, SNMPv3 worked without the creation of the snmp-engine ID. However, the same is not supported in later versions (series 21.22.x and 21.23.x). For this, you have to configure the snmp-engine ID.

    Solution

    Check all the SNMP configurations:

    [local]LAB# show snmp accesses 
    SNMP Usage Statistics:
      Get PDUs Received        : 0
      GetNext PDUs Received    : 0
      Set PDUs Received        : 0
      PduTooBig Errors         : 0
      NoSuchName Errors        : 0
      BadValue Errors          : 0
      GenError Errors          : 0
      Agent started            : Thursday April 07 15:27:51 IST 2022
    [local]LAB#

    [local]LAB# show snmp server
    SNMP Server Configuration:
      Server State             : enabled
      SNMP Port                : 161
      sysLocation              :
      sysContact               :
      authenticationFail traps : Disabled
      EngineID                 :                   ------------------ No Engine ID configured
      Runtime Debugging        : ON
      Runtime Debug Token      : |0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
      Alert Threshold          : 500 alerts in 300 seconds
      Alert Low Threshold      : 20 alerts in 300 seconds
    SNMP Agent Mib Configuration:
    STARENT-MIB : Enabled
    IF-MIB : Disabled
    ENTITY-MIB : Disabled
    ENTITY-STATE-MIB : Disabled
    ENTITY-SENSOR-MIB : Disabled
    HOST-RESOURCES-MIB : Disabled
    CISCO-MOBILE-WIRELESS-SERVICE-MIB : Disabled
    CISCO-ENTITY-DISPLAY-MIB : Disabled
    CISCO-ENTITY-EXTENSION-MIB : Disabled
    CISCO-ENTITY-FRU-CONTROL-MIB : Disabled
    CISCO-ENTITY-REDUNDANCY-MIB : Disabled
    CISCO-IP-LOCAL-POOL-MIB : Disabled
    CISCO-PROCESS-MIB : Disabled
    CISCO-FLASH-MIB : Disabled
    CISCO-SYSTEM-EXT-MIB : Disabled
    CISCO-IPSEC-FLOW-MONITOR-MIB : Disabled
    CISCO-ENHANCED-IPSEC-FLOW-MIB : Disabled
    CISCO-IF-EXTENSION-MIB : Disabled

    As the engine ID is not created, no engine file is found in flash as checked.

    [local]LAB# cli test-commands password xxxx
    [local]LAB# debug shell
    LAB:card1-cpu0# cd /flash
    LAB:card1-cpu0# ls -lart | grep .eng  ------ No engine file found in flash
    LAB:card1-cpu0#

    From the checks, you see that the snmp-engine ID is not configured. It is mandatory for SNMPv3 support. The snmp-engine ID is a unique ID which needs to be configured in the node. For a secure connection between each node and the server, it must be unique and cannot be the same as any other node.

    Workaround:

    For SNMPv3 support, the snmp-engine ID is mandatory. So, you need to have the engine-ID configured.

    Step 1. Configuration of snmp-engine ID.
    Step 2. Restart the SNMP process.

    The workaround is to be followed once the upgrade is complete in case SNMP stops for version 3 and is mostly observed in releases later than 21.22.x.

    Step 1. Configuration of snmp-engine ID

    Further to configure the snmp-engine ID, it is necessary to have at least a 10-digit or more snmp-engine ID. However, it depends on the operator of how they have configured their nodes.

    For example, SNMP Engine ID: 80001F88805928415C9FE07840

    Similarly, you need to configure snmp-engine ID which must be unique for every node and the same is applicable for both ASR5500 and VPC-DI nodes. For VPC-DI nodes typically HEX value strings are configured and for ASR5500 decimal 10 digits.

    CLI for snmp-engine ID creation

    [local]LAB# configure
    [local]LAB(config)# snmp engine-id local 80001F88805928415C9FE07841
    [local]LAB(config)# exit
    [local]LAB# show snmp server
    SNMP Server Configuration:
      Server State             : enabled
      SNMP Port                : 161
      sysLocation              :
      sysContact               :
      authenticationFail traps : Disabled
      EngineID                 : 80001F88805928415C9FE07841     -------- Engine ID configured
      Runtime Debugging        : ON
      Runtime Debug Token      : |0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|0|
      Alert Threshold          : 500 alerts in 300 seconds
      Alert Low Threshold      : 20 alerts in 300 seconds
    SNMP Agent Mib Configuration:

    [local]LAB# cli test-commands password xxxx
    [local]LAB# debug shell
    LAB:card1-cpu0# cd /flash
    LAB:card1-cpu0# ls -lrth | grep .eng
    LAB:card1-cpu0# 
    LAB:card1-cpu0# ls -lart | grep .eng
    -rw-rw-r-- 1 root root 30 Apr 19 09:07 .engineInfo   --------- Engine file created as engine ID is configured
    LAB:card1-cpu0#

    Step 2. Restart SNMP Process

    Once the configuration of the snmp-engine ID is complete, just restart the SNMP process once.

    [local]LAB# show task resources | grep snmp
     1/0 snmp             0 0.10%   65% 27.86M 90.00M   18 2000    --    -- -   good

    [local]LAB#

    [local]LAB# task kill facility snmp instance 0

    Lastly, check that logs/KPIs are pushed to the server, as a resolution to the issue.

    Revision History

    Revision Publish Date Comments
    1.0
    10-Oct-2022
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Bharati Choudhary
      Cisco TAC Engineer
    • Krishna Kishore D V
      Cisco Technical Leader

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products