SNMP v3 Migration
I need to implement SNMP v3 across a large estate ~ 400 devices, primarily so that these devices can be managed by CW Prime LMS 4.2. I have tested this manually and I'm getting LMS talking to the test device ok so I'm getting to grips with things. However it has only recently become apparent to me that each device needs to have a unique engineID so this could take some time if I have to enter each engineID manually into the CW credential database!
Is there any way I can automate this process using LMS 4.2? If not has anybody else who has had to migrate from snmp v1/2 able to suggest any solutions for making this process quicker?
Thanks in advance.
An SNMP engine ID is generated automatically but is not displayed or stored in the running configuration. You can display the default or configured engine ID by using the show snmp engineID command.
Changing the value of snmpEngineID has important side-effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the local engine ID. The command line password is then destroyed, as required by RFC 2274. Because of this deletion, if the local value of engineID changes, the security digests of SNMPv3 users will be invalid, and the users will have to be reconfigured.
Similar restrictions require the reconfiguration of community strings when the engine ID changes. A remote engine ID is required when an SNMPv3 inform is configured. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.
It is not mandatory to configure snmpEngineID, as it is default generated in IOS. In case you configure it, it will make an already complicated SNMP v3 config even more.
In LMS, it is not possible to configure all devices for snmpEngineID, as each value has to be unique and NetConfig job would not be able to do so.
There can be script to do so, which can be devised, which may add/increment engineID with some fixed value.
-Thanks
Similar Messages
-
Migrating IOS to NX-OS equivalent command snmp-server enable traps config
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hello,
I am trying to figure out what is the equivalent command to configure the IOS "snmp-server enable traps config" on a Nexus 5020 running NX-OS version 4.2.1.N2.1 ,can someone please help me with this problem.
Also I would like to know if there is a cisco howto document or tool to migrate from IOS to NX-OS ?
Any help is greatly appreciated
Thanks
FrankHello,
both Nexus 5k are not generating a trap after a config change, because on both Nexus running same NX-OS version show up the snmp-server enable traps config command. This is really strange behavior, because we are using the same software version for the Nexus 5k devices it doesn't make sense to me. In the meantime I checked the command line guide for this software version but the command wasnt showing up.
nx5k-mt-2# show snmp trap | grep config
nx5k-mt-2#
nx5k-mt-2# show snmp trap
Trap type Enabled
entity : entity_mib_change Yes
entity : entity_module_status_change Yes
entity : entity_power_status_change Yes
entity : entity_module_inserted Yes
entity : entity_module_removed Yes
entity : entity_unrecognised_module Yes
entity : entity_fan_status_change Yes
link : linkDown Yes
link : linkUp Yes
link : extended-linkDown Yes
link : extended-linkUp Yes
link : cieLinkDown Yes
link : cieLinkUp Yes
link : connUnitPortStatusChange Yes
link : fcTrunkIfUpNotify Yes
link : fcTrunkIfDownNotify Yes
link : delayed-link-state-change Yes
link : fcot-inserted Yes
link : fcot-removed Yes
callhome : event-notify Yes
callhome : smtp-send-fail Yes
cfs : state-change-notif Yes
cfs : merge-failure Yes
fcdomain : dmNewPrincipalSwitchNotify Yes
fcdomain : dmDomainIdNotAssignedNotify Yes
fcdomain : dmFabricChangeNotify Yes
rf : redundancy_framework Yes
aaa : server-state-change Yes
license : notify-license-expiry Yes
license : notify-no-license-for-feature Yes
license : notify-licensefile-missing Yes
license : notify-license-expiry-warning Yes
scsi : scsi-disc-complete Yes
fcns : reject-reg-req Yes
fcns : local-entry-change Yes
fcns : db-full Yes
fcns : remote-entry-change Yes
rscn : rscnElsRejectReqNotify Yes
rscn : rscnIlsRejectReqNotify Yes
rscn : rscnElsRxRejectReqNotify Yes
rscn : rscnIlsRxRejectReqNotify Yes
fcs : request-reject Yes
fcs : discovery-complete Yes
fctrace : route Yes
zone : request-reject1 Yes
zone : merge-success Yes
zone : merge-failure Yes
zone : default-zone-behavior-change Yes
zone : unsupp-mem Yes
vsan : vsanStatusChange Yes
vsan : vsanPortMembershipChange Yes
fspf : fspfNbrStateChangeNotify Yes
upgrade : UpgradeOpNotifyOnCompletion Yes
upgrade : UpgradeJobStatusNotify Yes
feature-control : FeatureOpStatusChange Yes
snmp : authentication Yes
nx5k-mt-2#
nx5k-mt-2# -
Migrating from UCD snmp to SUN snmp
Hi, Can anyone tell me if there is an easy way to migrate from UCD snmp we currently use to SUN snmp. Basically we currently have a config file snmpd.conf and use it for monitoring. We'd like to migrate as seamlessly to SUN snmp as possible. Any help is appreciated. Thank you.
Hi Jeff,
This is definitely OS/DB migration. since the binary codes are different between Sparc and AMD CPUs. You will need certified migration specialist to perform it. That is required from SAP for support reason.
I've done few migrations. It is complex process and it's duration depends of your dictionary and size of cluster tables.
Good luck,
Savo -
10g to 11g migration - problem with JhsCollectionModel
I'm trying to migrate a JHS app from Jdev 10.1.3.4 to 11.1.1.2. The only thing worthy of note about the app is that it uses Custom authentication and authorization. Steps I went thru are below. Note that I haven't installed the latest release posted today.
In Jdev 10.1.3.4:
Create a new app with only one entity/VO.
Enable JHS, do app definition with no changes other than selecting Custom authentication and authorization. Run app generator.
Validate app runs successfully.
In Jdev 11.1.1.2:
Open app.
Use ADF migration wizard as is - no changing of any defaults.
Get migration successful messages. There were some errors about the .vm templates and some warnings but nothing significant.
Reenable JHs for this project, select Overwrite for all and answer yes to question Do you want to migrate the Application Structure file from version 10.1.3 to 11.1.1?
Run application generator with below result.
Error: Unable to find the jar file on the source or class path...\path\jhsadfrt-11.1.1.jar....Would you like to add? Answered yes
Get one error: JAG-00149 [ TamJhsModule ] Main Controller Config file cannot be named faces-config.xml.
Modified application definition and changed name for faces-config.xml file
Run application generator again. This time it finishes successfully - just a couple of warnings about the optimistic locking mode and menu model file not being generated.
Make all and get one error:
Error(19,8): com.guideworks.tv.model.client.TamJhsModuleClient is not abstract and does not override abstract method applyBindParams(java.lang.String,java.util.HashMap,java.lang.Boolean) in oracle.jheadstart.model.adfbc.v2.JhsApplicationModule
Fix error by adding an empty override method for the applyBindParams
Make all with no errors.
Try to run application and get errors (after dashed line below). Cause appears to be missing class.
Caused By: java.lang.ClassNotFoundException: oracle.jheadstart.controller.jsf.bean.JhsCollectionModel
Looking in jhsadfrt-11.1.1.jar, I see that the class doesn't exist.
=====================================================
Errors from run of application.
*** Using port 7101 ***
"C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\bin\startWebLogic.cmd"
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\oracle\MIDDLE~3\patch_wls1032\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~3\patch_jdev1111\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\oracle\MIDDLE~3\JDK160~1.5-3\lib\tools.jar;C:\oracle\MIDDLE~3\utils\config\10.3\config-launch.jar;C:\oracle\MIDDLE~3\WLSERV~1.3\server\lib\weblogic_sp.jar;C:\oracle\MIDDLE~3\WLSERV~1.3\server\lib\weblogic.jar;C:\oracle\MIDDLE~3\modules\features\weblogic.server.modules_10.3.2.0.jar;C:\oracle\MIDDLE~3\WLSERV~1.3\server\lib\webservices.jar;C:\oracle\MIDDLE~3\modules\ORGAPA~1.0/lib/ant-all.jar;C:\oracle\MIDDLE~3\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\oracle\MIDDLE~3\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\oracle\MIDDLE~3\WLSERV~1.3\common\eval\pointbase\lib\pbclient57.jar;C:\oracle\MIDDLE~3\WLSERV~1.3\server\lib\xqrl.jar
PATH=C:\oracle\MIDDLE~3\patch_wls1032\profiles\default\native;C:\oracle\MIDDLE~3\patch_jdev1111\profiles\default\native;C:\oracle\MIDDLE~3\WLSERV~1.3\server\native\win\32;C:\oracle\MIDDLE~3\WLSERV~1.3\server\bin;C:\oracle\MIDDLE~3\modules\ORGAPA~1.0\bin;C:\oracle\MIDDLE~3\JDK160~1.5-3\jre\bin;C:\oracle\MIDDLE~3\JDK160~1.5-3\bin;C:\orant\bin;C:\oracle\product\10.2.0\client_1\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\orant\jdk\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\Windows Imaging\;C:\oracle\MIDDLE~3\WLSERV~1.3\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode)
Starting WLS with line:
C:\oracle\MIDDLE~3\JDK160~1.5-3\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\oracle\MIDDLE~3\WLSERV~1.3\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\oracle\MiddlewareR2\wlserver_10.3\server\lib\DemoTrust.jks -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -da -Dplatform.home=C:\oracle\MIDDLE~3\WLSERV~1.3 -Dwls.home=C:\oracle\MIDDLE~3\WLSERV~1.3\server -Dweblogic.home=C:\oracle\MIDDLE~3\WLSERV~1.3\server -Djps.app.credential.overwrite.allowed=true -Ddomain.home=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1 -Dcommon.components.home=C:\oracle\MIDDLE~3\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Djrockit.optfile=C:\oracle\MIDDLE~3\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.domain.config.dir=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\config\FMWCON~1 -Doracle.server.config.dir=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.security.jps.config=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\config\fmwconfig\jps-config.xml -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Digf.arisidbeans.carmlloc=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\config\FMWCON~1\arisidprovider -Dweblogic.alternateTypesDirectory=\modules\oracle.ossoiap_11.1.1,\modules\oracle.oamprovider_11.1.1 -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\DOCUME~1\TOSBOR~1\APPLIC~1\JDEVEL~1\SYSTEM~1.36\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\oracle\MIDDLE~3\patch_wls1032\profiles\default\sysext_manifest_classpath;C:\oracle\MIDDLE~3\patch_jdev1111\profiles\default\sysext_manifest_classpath weblogic.Server
<Jun 3, 2010 1:14:27 PM MDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 14.0-b16 from Sun Microsystems Inc.>
<Jun 3, 2010 1:14:27 PM MDT> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.2.0 Tue Oct 20 12:16:15 PDT 2009 1267925 >
<Jun 3, 2010 1:14:29 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 3, 2010 1:14:29 PM MDT> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<Jun 3, 2010 1:14:29 PM MDT> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Jun 3, 2010 1:14:29 PM MDT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00031. Log messages will continue to be logged in C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<Jun 3, 2010 1:14:29 PM MDT> <Notice> <Log Management> <BEA-170019> <The server log file C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
<Jun 3, 2010 1:14:35 PM MDT> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<Jun 3, 2010 1:14:46 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<Jun 3, 2010 1:14:46 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<Jun 3, 2010 1:14:57 PM MDT> <Notice> <LoggingService> <BEA-320400> <The log file C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms like Windows.>
<Jun 3, 2010 1:14:57 PM MDT> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log00028. Log messages will continue to be logged in C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\DefaultDomain\servers\DefaultServer\logs\DefaultDomain.log.>
<Jun 3, 2010 1:14:57 PM MDT> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <Server> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7101 for protocols iiop, t3, ldap, snmp, http.>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 10.210.2.26:7101 for protocols iiop, t3, ldap, snmp, http.>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <WebLogicServer> <BEA-000331> <Started WebLogic Admin Server "DefaultServer" for domain "DefaultDomain" running in Development Mode>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<Jun 3, 2010 1:15:00 PM MDT> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
IntegratedWebLogicServer startup time: 36845 ms.
IntegratedWebLogicServer started.
[Running application tamjhssec on Server Instance IntegratedWebLogicServer...]
[01:15:04 PM] ---- Deployment started. ----
[01:15:04 PM] Target platform is (Weblogic 10.3).
[01:15:05 PM] Retrieving existing application information
[01:15:06 PM] Running dependency analysis...
[01:15:06 PM] Deploying 2 profiles...
[01:15:11 PM] Wrote Web Application Module to C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\o.j2ee\drs\tamjhssec\ViewControllerWebApp.war
[01:15:12 PM] Wrote Enterprise Application Module to C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\o.j2ee\drs\tamjhssec
[01:15:13 PM] Deploying Application...
<Jun 3, 2010 1:15:14 PM MDT> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application tamjhssec is not versioned.>
<Jun 3, 2010 1:15:23 PM MDT> <Error> <HTTP> <BEA-101371> <There was a failure when processing annotations for application C:\Documents and Settings\tosbor001\Application Data\JDeveloper\system11.1.1.2.36.55.36\o.j2ee\drs\tamjhssec\ViewControllerWebApp.war. Please make sure that the annotations are valid. The error is oracle.jheadstart.controller.jsf.bean.JhsCollectionModel>
<Jun 3, 2010 1:15:24 PM MDT> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1275592513661' for task '0'. Error is: 'weblogic.application.ModuleException: Failed to load webapp: 'tamjhssec-ViewController-context-root''
weblogic.application.ModuleException: Failed to load webapp: 'tamjhssec-ViewController-context-root'
at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:378)
at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:391)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:83)
Truncated. see log file for complete stacktrace
Caused By: java.lang.ClassNotFoundException: oracle.jheadstart.controller.jsf.bean.JhsCollectionModel
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:296)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:269)
at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
Truncated. see log file for complete stacktrace
>
<Jun 3, 2010 1:15:25 PM MDT> <Warning> <Deployer> <BEA-149004> <Failures were detected while initiating deploy task for application 'tamjhssec'.>
<Jun 3, 2010 1:15:25 PM MDT> <Warning> <Deployer> <BEA-149078> <Stack trace for message 149004
weblogic.application.ModuleException: Failed to load webapp: 'tamjhssec-ViewController-context-root'
at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:378)
at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:176)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:391)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:83)
Truncated. see log file for complete stacktrace
Caused By: java.lang.ClassNotFoundException: oracle.jheadstart.controller.jsf.bean.JhsCollectionModel
at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:296)
at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:269)
at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:56)
at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
Truncated. see log file for complete stacktrace
>
[01:15:26 PM] #### Deployment incomplete. ####
[01:15:26 PM] Remote deployment failed (oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer)
#### Cannot run application tamjhssec due to error deploying to IntegratedWebLogicServer.
[Application tamjhssec stopped and undeployed from Server Instance IntegratedWebLogicServer]
Edited by: Tammy Osborn on Jun 3, 2010 1:16 PMTammy,
JhsCollectionModel no longer exists in release 11. It is replaced by the TableBean class.
If you generate your application with the default templates, there should be no reference to JhsCollectionModel anymore.
May be you are using a custom template that uses a managed bean that still references this class?
If you search your ViewController project for JhsCollectionModel, what entries do you find?
Steven Davelaar,
JHeadstart Team. -
Hi,
I'm trying very hard to set up a Sun Fire V245 to send SNMP traps when certain hardware or software related events occur. I've been looking at sma_snmp (net-snmp) and the Fault Management Daemon (SUNWfmd) but they seem to be very limited in their capabilities. I have manged to get some traps sent for filesystem fill-ups and high load averages but that is about it.
Most of all I would like the system to send traps when there is a HW failure such as a faulty FRU or if there are disk failures.
If anyone can point me to some documentation about this, I would be most grateful.
/MikaelMikael,
I struggled through the same thing with a Netra 240 recently. The Sun docs are garbage when it comes to this. I opened a ticket with Sun and after 3 days and 6 hours on the phone I finally got hold of someone who knew how to spell SNMP. Yes, it was that bad!
Here's the scoop. In Solaris 10 you run Net-SNMP, a.k.a. SMA, snmpd. The old snmpdx is obsoleted and you shouldn't configure it at all.
Now to get the hardware related traps for the Sunfire and Netra series servers... (what you are really looking for).
You have to load and configure an additional SNMP daemon for the hardware specific traps.
(The first doc is rather old, the last one 819-7978-12 is pretty new and is somewhat more relevant.)
Sun� SNMP Management Agent for Sun Fire� and Netra� Systems: Sun Doc number 817-2559-13
Sun� SNMP Management Agent Addendum for the Netra� 240 Server: Sun Doc Number 817-6238-10
Sun� SNMP Management Agent Administration Guide for Sun Blade� /Sun Fire�/Sun SPARC� Enterprise/Netra� Servers: Sun Doc Number 819-7978-12
And finally the SMA/net-snmp/snmpd guide for the standard Solaris related traps:
Solaris System Management Agent Administration Guide: Sun Doc Number 817�3000�11
There are problems with all of the above documents. None of the Netra/Sunfire docs specifically talk about Solaris 10 so read them with caution. They also talk about configuring and running snmpdx and never reference SMA/net-snmp. This is odd because the instructions I got from Sun (finally) were not to run snmpdx, only to run sma/snmpd and additionally run the sunfire/netra snmpd agent.
The SMA document (817-3000-11) has an undocumented bug, which Sun knows about and is working on but will not reveal to the public. In the section titled "Migration From the Sun Fire Management Agent" it references using a script called masfcnv to convert the sunfire/netra specific snmp config and daemon to work with and through SMA. Since they all use the same ports (161/162) there is some conflict and the masfcnv is script is meant to resolve this by making sma/snmpd a proxy agent to requests toward the sunfire/netra specific hardware daemon.
The problem is the masfcnv script doesn't work properly. In fact, if you run the script you will destroy your other snmp configurations and may have to uninstall and reinstall the packages to clean everything up. This script hasn't ever worked and Sun is working on a fix but they neglect to mention this in the document which is IMO gross negligence and is a reflection of Sun's overall state of affairs (but that's another ranting thread).
So what you must do is configure SMA/net-snmp (or whatever you want to call it), and also configure the sunfire/netra specific snmp (after downloading and installing that package).
Since traps are sent to the remote trapsink using destination port 162, both net-snmp and the netra specific snmp daemons can co-exist here (port 162 is not an open listening port on the machine).
Port 161 is used for receiving SNMP Get requests and can only be bound to one daemon at a time. So either it is used by net-snmp or the netra snmp daemon, but not both. Since my boxes have not been fully integrated still I can't figure out which daemon 161 is bound to. At any rate, in my application the customer is only interested in receiving traps so the outcome here isn't that important.
I realize this isn't complete but I'm no expert here and haven't worked through all the test scenarios on a fully configured system. Hopefully though this will help clear some of the confusion propogated through Sun's stupid documents. Good luck!
/Frank -
%SW_DAI-4-DHCP_SNOOPING_DENY after dhcp server migration
Hello,
Some weeks ago, we migrated our DHCP server (from windows 2003 to windows 2012 with the new failover features in active/passive mode).
On our switches ; we have both arp inspection & dhcp snooping enabled. Since the migration, arp inspection is not working correctly : as soon as i activate the arp inspection on our client vlan (96) ; we get errors like : "Sep 1 11:50:39: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/29, vlan 96.([d4c9.efdf.710e/10.0.96.89/0000.0c07.ac60/10.0.127.254/11:50:39 GMT+1 Mon Sep 1 2014])
Sep 1 11:50:40: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Fa0/7, vlan 96.([d485.64b4.0068/10.0.97.214/0000.0000.0000/10.0.127.254/11:50:40 GMT+1 Mon Sep 1 2014])
If i have a look on the dhcp snooping binding table on the same switch :
NUKUH052#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
18:A9:05:F5:28:2B 10.0.97.101 418236 dhcp-snooping 96 FastEthernet0/40
6C:3B:E5:0D:B3:B2 10.0.96.184 2936 dhcp-snooping 96 FastEthernet0/36
10:60:4B:7C:A3:14 10.0.97.17 678739 dhcp-snooping 96 FastEthernet0/42
00:1F:29:02:AA:6B 10.0.98.53 678938 dhcp-snooping 96 FastEthernet0/37
88:51:FB:80:1B:E1 10.0.97.252 680212 dhcp-snooping 96 FastEthernet0/3
64:31:50:A3:F8:52 10.0.96.96 341484 dhcp-snooping 96 FastEthernet0/20
64:31:50:A3:D7:5A 10.0.97.209 677205 dhcp-snooping 96 FastEthernet0/6
6C:3B:E5:1A:8D:05 10.0.96.255 677165 dhcp-snooping 96 FastEthernet0/8
00:1F:29:02:AA:EF 10.0.96.207 678365 dhcp-snooping 96 FastEthernet0/1
00:23:7D:2F:72:E7 10.0.98.152 680376 dhcp-snooping 96 FastEthernet0/16
Total number of bindings: 10
Strange, interface FastEthernet0/7 is not in the table !!! and that s the same case for a lot of computers. (of course it s dhcp and not static ip address).
Extract of the switch configuration :
Standard port configuration
interface FastEthernet0/7
switchport access vlan 96
switchport mode access
switchport nonegotiate
switchport voice vlan 192
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security violation restrict
ip arp inspection limit rate 256 burst interval 10
no logging event link-status
mls qos trust dscp
no snmp trap link-status
storm-control broadcast level bps 1m
storm-control multicast level bps 1m
storm-control action shutdown
spanning-tree portfast
spanning-tree bpduguard enable
General switch settings
ip dhcp snooping vlan 96
ip dhcp snooping information option allow-untrusted
no ip dhcp snooping information option
ip dhcp snooping
>> ip arp inspection vlan 96 : as soon as i had this command i have the error messages.
I already :
* tested several software version
* only enabled a single dhcp server in the helper address
But i don't find the issue... the problem came when we started up the 2 new dhcp server (with the new 2012 dhcp failover feature). We have the same issue on all the switches of this LAN (the same config is running fine on the other factory we own).
Can you help me to solve that issue ?Hi,
I just attached the file containing the filtered caps ; taken simultaneously on both dhcp servers. As we are using HSRP ; it looks like the dhcp messages are not doubled, but quadruplet.
Below the HSRP configuration on one of our both core switches :
interface Vlan96
ip address 10.0.127.252 255.255.224.0
ip helper-address 10.0.9.33
ip helper-address 10.0.9.32
no ip redirects
standby 96 ip 10.0.127.254
standby 96 timers 1 4
standby 96 priority 80
standby 96 preempt
arp timeout 720
And i also discovered that there are some microsoft bugs related to dhcp failover. Links here :
http://blogs.technet.com/b/teamdhcp/archive/2014/02/26/dhcp-failover-patch-to-address-a-reservation-issue-and-another-issue-related-to-failover-partner-not-accepting-state-transition-from-bad-address-gt-active-has-been-released.aspx
and
http://support.microsoft.com/kb/2831920
And the active dhcp windows server has not been updated since january 2013.... (so the update are not applied). I ll discuss with my colleague in charge of server to update it asap... -
ATM to Gigabit Ethernet Migration
Hi,
How do you migrate from ATM to GE running a parallel backbone, from ELAN TO VLANS ?
The ATM switches are Madge switches and the GE switches are 6509s.
Any help is much appreciated.
Thanks,
PaulAn ATM Card in the 6509 would be a good way of doing this, but the BIG problem is that they are very expensive and wouldn't like to suggest that you buy an OC-12 card just for the migration. Maybe you could rent an OC-12 card for the period of the migration - I don't know whether this is possible.
The OC-12 ATM card configuration looks like this:-
interface ATM0
atm preferred phy A
atm pvc 1 0 5 qsaal
atm pvc 2 0 16 ilmi
no atm ilmi-keepalive
interface ATM0.1 multipoint
lane client ethernet 1 SNMP-ETH1
interface ATM0.2 multipoint
lane client ethernet 101 HUMETH1
interface ATM0.3 multipoint
lane client ethernet 102 EGEETH1
interface ATM0.4 multipoint
lane client ethernet 107 HUMETH2
I'm not sure how you map the ELANs to VLANs in the Madge config. Ours is based on IBM 8265 equipment with an MSS routing module.
Hope thats of some help.
Pete -
Hi There,
I'm migrating a load of devices from Cisco Works to Cisco Prime Infrastructure so need to update the SNMP configurations of the network devices.
I've notice that on the wireless access points some of them have ACL's for the SNMP and other AP's have no SNMP configurations.
They are all Light Weight AP's with 2x WLC running 7.2.111.3 and WCS 7.0.230.0
Firstly I'm trying to work out why some AP's have the ACL on the SNMP communities and why some don't.
Then try and configure them so they are all the same. There are approximately 90 AP's.
I've tried to find docs on how these ACL's are configured on the AP's but can't find anything.
Is it on the WCS, WLC's??
Any tips?
Thanks,
SiHi,
Yes you can do this
Rgds
PJD -
LMS 3.0.1 SNMP working.
Hi all.
After i upgraded my MDF to 1.50 the SNMP is not working.
I alread applied the fix to bug CSCsl00042-0 but still not working.
The SO is solaris 9.
Follow the package details.
1. CiscoWorks Common Services 3.1.1
2. CiscoView 6.1.7
3. LMS Portal 1.0.1
4. CiscoWorks Assistant 1.0.1
5 Resource Manager Essentials 4.1.1
root@AL-GR-SV-RL # cd /opt/CSCOpx/bin/
root@AL-GR-SV-RL # ls -lh
-rw-r--r-- 1 root other 7.3K May 27 17:09 CSCsl00042-0.pl
Thank you.Here is the information you are looking for:
CiscoWorks LAN Management Solution (WINDOWS OS) 3.2
https://cisco.mediuscorp.com/market/networkers/productView.se.work?/nxt/rcrs/proieidentity/=17651
Prerequisites
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/install/guide1/prereq.html
Data Migration Guide for LAN Management Solution 3.2
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/3.2/data_migration/guide/lms32_dmg.html -
Migration from Forefront TMG to Ironport c680
Hello,
We're planning to migrate replace Microsoft Forefront TMG with Cisco Ironport c680.
I am here to get an ideas for easy and smooth migration (change over).
Need experts advise to list down the tasks before migration / change over & important things to remember.
Best Regards,
JunedStandard it would be.
Port 25 SMTP -> Inbound and Outbound for mail delivery
Port 53 (TCP/UDP) DNS
Port 80 HTTP - GUI Access (for internal) and Updates/upgrades to download from internet
Port 443 HTTPS - (As above)
Port 22 SSH - CLI access (And possible for tunnel)
Port 23 Telnet - CLI access
A long list would be depending on required services:
Port Protocol In/Out Hostname Description
20/21 TCP In or Out AsyncOS IPs, FTP ServerFTP for aggregation of log files.
22 TCP In AsyncOS IPs SSH access to the CLI, aggregation of log files.
22 TCP Out SSH Server SSH aggregation of log files.
22 TCP Out SCP Server SCP Push to log server
23 Telnet In AsyncOS IPs Telnet access to the CLI, aggregation of log files.
23 Telnet Out Telnet Server Telnet upgrades, aggregation of log files
(not recommended).
25 TCP Out Any SMTP to send email.
25 TCP In AsyncOS IPs SMTP to receive bounced email or if injecting
email from outside firewall.
80 HTTP In AsyncOS IPs HTTP access to the GUI for system monitoring.
80 HTTP Out downloads.ironport.com Service updates, except for AsyncOS
upgrades and McAfee definitions.
80 HTTP Out updates.ironport.com AsyncOS upgrades and McAfee Anti-Virus
definitions.
80 HTTP Out cdn-microupdates.cloudmark.com Used for updates to
third-party spam component in Intelligent MultiScan. Appliance must also
connect to CIDR range 208.83.136.0/22 for third-party phone home updates.
82 HTTP In AsyncOS IPs Used for viewing the Cisco IronPort Anti-Spam
quarantine.
83 HTTPS In AsyncOS IPs Used for viewing the Cisco IronPort Anti-Spam
quarantine.
53 UDP/TCP In & Out DNS Servers DNS if configured to use Internet root
servers or other DNS servers outside the firewall. Also for SenderBase
queries.
110 TCP Out POP Server POP authentication for end users for Cisco
IronPort Spam Quarantine
123 UDP In & Out NTP Server NTP if time servers are outside firewall.
143 TCP Out IMAP Server IMAP authentication for end users for Cisco
IronPort Spam Quarantine
161 UDP In AsyncOS IPs SNMP Queries
162 UDP Out Management Station SNMP Traps
389 LDAP Out LDAP Servers LDAP if LDAP directory servers are outside
firewall. LDAP authentication for Cisco IronPort Spam Quarantine
3268 LDAP Out LDAP Servers LDAP if LDAP directory servers are outside
firewall. LDAP authentication for Cisco IronPort Spam Quarantine
636 LDAPS Out LDAPS LDAPS ActiveDirectory Global Catalog Server
3269 LDAPS Out LDAPS LDAPS ActiveDirectory Global Catalog Server
443 TCP In AsyncOS IPs Secure HTTP (https) access to the GUI for system
monitoring.
443 TCP Out res.cisco.com Cisco Registered Envelope Service
443 TCP Out updates-static.ironport.com Verify the latest files for the
update server.
443 TCP Out phonehome.senderbase.org Receive/Send Outbreak Filters
514 UDP/TCP Out Syslog Server Syslog logging
628 TCP In AsyncOS IPs QMQP if injecting email from outside firewall.
2222 CCS In & Out AsyncOS IPs Cluster Communication Service (for
Centralized Management).
6025 TCP Out AsyncOS IPs Cisco IronPort Spam Quarantine
7025 TCP Out AsyncOS IPs Cisco Policy Virus Outbreak Quarantine. -
LMS 3.2 with SNMP v3 not working
Hi ,
My network is currently running with SNMP v2 configured in easch devices. With snmp v2 our LMS 3.2 server is working fine. However we have planned to migrate our network to snmp v3 . I have configured my few devices for SNMP v3 and added them to my LMS server.
Except DFM module these new SNMP v3 devices are working fine in all other modules. In DFM these devices are reflecting under "snmp timeout" group.
I checked with device center -> management station to device; where the SNMP v3 connections are showing "okey"
following are tyhe configuration i have done in my devices.
snmp-server group v3g v3 priv read testr write testw
snmp-server user v3u v3g v3 auth md5 test123
snmp-server view testr iso in
snmp-server view testw iso in
snmp-server host 10.X.X.38 version 3 priv v3u
snmp-server user v3u v3g v3 auth md5 test1234 priv des56 test4321
snmp-server group v3g v3 priv read testr write testw
snmp-server user v3u v3g v3 auth md5 test123
snmp-server view testr iso in
snmp-server view testw iso in
snmp-server host 10.X.X.38 version 3 priv v3u
snmp-server user v3u v3g v3 auth md5 test1234 priv des56 test4321
followinfg are my module details.
LMS : 3.2
CM : 5.2
CV :6.1.9
CS :3.3.0
DFM : 3.2.0
IPM : 4.2.0
RME : 4.3.0DFM behaves different than the other modules.
DES56 is not a supported privacy algorithm for DFM. You can use DES or AES128.
Supported Algorithms in DFM
The details of the algorithms supported in DFM are:
•AuthNoPriv Mode — Supported Auth Algorithm: MD5 and SHA
•AuthPriv Mode
–Supported Auth Algorithm: MD5 and SHA
–Supported Privacy Algorithm: DES and AES128
–Unsupported Privacy Algorithm: 3DES, AES192, and AES256
For more details check :
http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_device_fault_manager/3.2/user/guide/useDevMg.html#wp1483766
-Thanks
Vinod -
SCOM receiving SNMP traps from HP IMC
Hi all,
I've been tasked with creating SCOM alerts from SNMP traps which are forwarded from HP IMC. Each SNMP trap will arrive at SCOM from a single source (IMC server) but each will contain different information. Can someone suggest the best way for me to generate
individual alerts from this? I'd also appreciate any comments on alternative ways to do this (apart from simply using both systems separately!).
The environment is SCOM 2007 R2 on a 2003 R2 server.
Thanks in advance for any suggestions.Hi
This comes up on the forums quite often so here are a summary of some of the best articles I’ve found on the net:
Configuring using the GUI:
The System Center Central team have a great series –
Part I,
Part II,
Part III, and
Part IV
David Allen has a good walkthrough here about creating
SNMP Probe based monitors.
Issues with using the GUI to create monitors with numeric expressions – see Raphael Burri’s
blog
SNMPVarBinds and the Alert Description Field –
http://blogs.msdn.com/b/rslaten/archive/2007/10/31/snmpvarbinds-and-the-alert-description-field-in-opsmgr-2007.aspx
oring Console:
Kris Bash at Operating Quadrant has some great articles on SNMP monitoring.
The only thing to be careful of before investing too much time in customisation for network devices on SCOM 2007 R2 is that when you move to SCOM 2012, you might well need to redo them as network monitoring has changed.
http://blogs.technet.com/b/momteam/archive/2011/10/24/migrating-operations-manager-2007-network-monitoring.aspx
Cheers
Graham
Regards Graham New System Center 2012 Blog! -
http://www.systemcentersolutions.co.uk
View OpsMgr tips and tricks at
http://systemcentersolutions.wordpress.com/ -
SolMan 7.1 Alerts to SNMP traps
Hi all,
We will start the process of implement SolMan 7.1 and with this we will migrate all the alerting that we have in SolMan/CCMS 7.0 using CCMS autoreactions methods to the new Alert infrastructre provided in SolMan 7.1. It is my understanding that in SolMan 7.1 only emails are sent in case of alerts.
Has somebody configured SolMan 7.1 alerting with SNMP traps?
It is my undestanding that there is some kind of custom development required for this.
Please help me to understand the effort and any tips
Thanks,
ZarehHello Karthik,
You only need an ABAP developer, if you want to use a custom BADI.
But instead you can also use the "standard" SNMP configuration.
see HOW-To guide:
Description: see page 8
3.2 [SAP-Standard] usage
Starting with Solution Manager 7.10 SP06, a [SAP-Standard] BAdI implementation is shipped:
Configuration: see page 15
4 [SAP-STANDARD] SNMP CONFIGURATION
As of Solution Manager 7.10 SP06, a dedicated User Interface has been implemented to configure the SNMP Traps.
Make sure in transaction SICF that the service “mai_snmp_trap_config” is active.
4.1 User Interface
http://<SolutionManagerHost>:<port>/sap/bc/webdynpro/sap/mai_snmp_trap_config?sap-language=EN
Best regards -
Airport network statistics (SNMP)
I'm having a heck of a time getting SNMP network monitoring working with my Airport network. I downloaded iNet from the App Store, which looks sweet. Too bad it needs to know the SNMP Community String. If you look at this image (/___sbsstatic___/migration-images/163/16325285-1.jpg) from another application's website, it shows an area under the two SNMP checkboxes where you can enter a string. That field is not there on my version of Airport Utility (5.5.3 on Lion). I tried entering the default 'public' and my wifi password which also didn't work.
I've attached both the image from that site, and a screenshot from my setup.
Help!
Thanks,
KeithI have the same issue here..
-
Dear All,
After migration SNMPv2 to SNMPv3, we are getting below error message in monitoring tool.
1) Agent Interface Up (linkUp Trap) on interface 10113
Can any one help on this.
Regards,
PrasadHi Prasad,
it should have nothing to do with the SNMP version.
trap is a linkup -link down trap configured on your device :
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/sm_snmp.html#wp1073931
if you don't see issue on the device then just re-add the device in your NMS .
make sure to put the correct "Credentials" (SNMP ..telnet\ssh )
Thanks-
Afroz
****Ratings Encourages Contributors ****
Maybe you are looking for
-
Can't open .xls files created by Numbers
All of a sudden, using Numbers '09 I can no longer open certain .xls files that I created in the first place by saving .numbers files as Excel files (using the "Save copy as Excel Document" checkbox in the Save As... dialog box). Some will open, but
-
How do you determine how much ram is on your iPad?
I can't seem to find anything that shows how much ram my iPad has. Also, similar to releasing or clearing cookies on my desktop, does the iPad also have this as something that needs to be cleared out occasionally?
-
My cooling fan won't stop kicking in on Mac Pro
Suddenly in the last week or so my cooling fan started kicking in while over the past 2+ years it has only run once or twice - now it won't stop! I thought that it may have been due to an increase in RAM from 7G to 24G (3, 8G matched sticks) but afte
-
Installation of Adobe without DVD Drive
I have purchased a new laptop with windows 7, this does not come with a DVD/CD player. How can I reinstall my Adobe Creative Suite 4. Due to the costs I do not wish to purchase another copy of this.
-
Quotation to have default valid to date
Hi Friends I have a requirement for SD quotation to have default valid to date =Todayu2019s date+14 days Could you please help Thanks Ravi