snmp-server user is configured correctly with authentication and privacy and still snmp is failing - no ACL blocking. The switch and the solarwinds server can ping each other. Anybody has any idea what this could be? Thanks for your help!
Hi @jaguemon,
Try the credentials with the SNMP Walk tool. If you’re receiving an SNMP error “Unknown user name”, but you’re certain that the username is correct, the other aspects that may be causing it are:
I’m not a Nexus guy, so I’m not fluent in configuration on those types of systems.
Beyond SNMP walk you could also decrypt the traffic in Wireshark. If you set up a capture filter for the one node you’re testing from the polling engine you’re attempting to add the node to, or run the walk from, you can also add the SNMP credentials in Wireshark and look at the responses to get an idea of the cause of the error.
Plain text responses on auth errors are:
If the packet returns encrypted but Wireshark couldn’t decrypt it, then there is a problem with the Privacy (aka Encryption) protocol or password.
@jaguemon
If it just spins and spins without saying the credentials are incorrect, it's a bug we have had to correct twice putting in a ticket with SolarWinds, only impacted our Cisco Nexus devices.- To solve this error message we followed this steps:Stop all Orion Services on the main server or the affected AWS.Copy the files from the path below:Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDCSolarWinds.Orion.DeviceContext.Strings.dll 8.1.0.135Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDC\deSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDC\jaSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135Paste the files to Inetpub/Solarwinds folder:Root Folder C:\InetPub\SolarWinds\bin\SolarWinds.Orion.DeviceContext.Strings.dll 8.1.0.135Root Folder C:\InetPub\SolarWinds\bin\deSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135Root Folder C:\InetPub\SolarWinds\bin\jaSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135Open command prompt (Run as Admin) then perform IISresetStart all the Solarwinds services.
Several issues come to mind since the statement seems a little broad to me, so tried to address 3 possible issues.
------------------------------------------------------------------
1. Are you familiar with the settings for Nexus compared to Cisco?Depending on your NX-OS Versions the commands below can be different, here is an obfuscated version of mine.
snmp-server user MYSNMPRO network-operator auth sha 0xHASH_REMOVED priv aes-128 0xHASH_REMOVED localizedkeysnmp-server user MYSNMPRW network-admin auth sha 0xHASH_REMOVED priv aes-128 0xHASH_REMOVED localizedkeysnmp-server user MYSNMPRO use-ipv4acl SNMPsnmp-server user MYSNMPRW use-ipv4acl SNMP
snmp-server host 10.x.x.x traps version 3 priv MYSNMPROsnmp-server host 10.x.x.x traps version 3 priv MYSNMPRO
tacacs-server host x.x.x.x key 7 "KEYREMOVED"
aaa group server tacacs+ ClearPassserver 10.x.x.x
ip access-list SNMP10 permit ip 10.x.x.x/32 any log20 permit ip 10.x.x.x/32 any log
I'm using the Mgmt/OoBM interface, if you are using an VLAN/SVI or L3 interface you will not need these.And since you said you can ping, you have a route so assume the below is not needed
vrf context managementip route 0.0.0.0/0 10.x.x.xsnmp-server source-interface traps mgmt0
2. Could be the way you have AAA setup or the AAA server.Ensure the AAA server sends the correct response level, older NXOS devices didn't understand a AAA response of Priv 15, and required Network-Admin, or Network-Operator, newer NXOS I think support both.
3. Is it actually saying incorrect credentials, or does it just spin and spin looking for resources, if the latter its a bug. Fix is below:
Stop all Orion Services on the main server or the affected AWS.Copy the files from the path below:Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDCSolarWinds.Orion.DeviceContext.Strings.dll 8.1.0.135
Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDC\deSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135
Root Folder C:\Program Files (x86)\SolarWinds\Orion\VDC\jaSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135
Paste the files to Inetpub/Solarwinds folder:Root Folder C:\InetPub\SolarWinds\bin\SolarWinds.Orion.DeviceContext.Strings.dll 8.1.0.135
Root Folder C:\InetPub\SolarWinds\bin\deSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135
Root Folder C:\InetPub\SolarWinds\bin\jaSolarWinds.Orion.DeviceContext.Strings.resources.dll 8.1.0.135Open command prompt (Run as Admin) then perform IISresetStart all the Solarwinds services.
Hope this helps.
I posted a long list of possibilities, but it disappeared twice. Instead of re-posting those possible issues, can we narrow down the issue some more.1. Are you familiar with setting up a NX-OS for SNMP communications, if not, I'll post all the config settings needed for current NX-OS.2. Is it actually saying it failed, or does it just spin and spin trying to find resources, if spinning, its a bug, I think my post kept getting deleted as I posted their fix for it, basically dll's need to be recopied.3. Is your NX-OS old, and are you using AAA; if old you may need to ensure that the AAA server is sending the correct responce, some old NX-OS want to see roles = Network-Operator or similar instead of Priv 15.Let us know.
The issue is now resolved. I removed the read/write SNMPv3 credentials and kept only SNMPv3 credentials and it worked. Thanks to ALL for your assistance.
Respectfully!
