SNMP Troubleshooting for PE Devices
This guide provides a comprehensive, step-by-step approach to troubleshooting SNMP configuration issues on PE (Provider Edge) devices. It covers verifying cloud and local configurations, checking service status, and running SNMP walk tests to help you quickly identify and resolve most connectivity or configuration problems.
Troubleshooting Steps
- Cloud
- UCI
- Run-Time
- Testing
- Log
Cloud Configuration Verification
These commands help verify the SNMP configuration as seen by the cloud service.
Access the PE Terminal
Log into the PE device and gain root access:
sudo su -
Check Last Configuration Response
Run the following command to check the last configuration response from the cloud. This command displays the SNMP configuration settings that were last received.
cat /tmp/last_config_response.json | jq .'service.snmp'
Example Response:
{
"hostName": "myhost.com",
"location": "Nadiad",
"version": "v3",
"community": null,
"port": 161,
"description": "system",
"contact": "apex_connected.ltd1@gmail.com",
"enable": true,
"username": "sharad",
"authProtocol": "SHA",
"authPassword": "sharad24",
"privacyPassword": null,
"privacyProtocol": null,
"securityLevel": "auth"
}
Verify SNMP Daemon Configuration File
Use cat /etc/config/snmpd to view the SNMP service configuration file. This is crucial for confirming that SNMP is configured correctly on the device itself.
cat /etc/config/snmpd
Example Response:
config agent
option agentaddress 'UDP:161'
config agentx
option agentxsocket '/var/run/agentx.sock'
config com2sec 'public'
option secname 'ro'
option source 'default'
config com2sec6 'public6'
option secname 'ro'
option source 'default'
option community 'public'
config com2sec6 'private6'
option secname 'rw'
option source 'localhost'
option community 'private'
config group 'public_v1'
option group 'public'
option version 'v1'
option secname 'ro'
config group 'public_v2c'
option group 'public'
option version 'v2c'
option secname 'ro'
config view 'all'
option viewname 'all'
option type 'included'
option oid '.1'
config access 'public_access'
option group 'public'
option context 'none'
option version 'any'
option level 'noauth'
option prefix 'exact'
option read 'all'
option write 'none'
option notify 'none'
config system
option sysLocation 'Nadiad'
option sysContact 'apex_connected.ltd1@gmail.com'
option sysName 'myhost.com'
option sysDescr 'system'
config exec
option name 'filedescriptors'
option prog '/bin/cat'
option args '/proc/sys/fs/file-nr'
config engineid
option engineidtype '3'
option engineidnic 'eth0'
config snmpd 'general'
option enabled '1'
config user 'sharad'
option name 'sharad'
option sec_level 'auth'
option auth_proto 'SHA'
option auth_pass 'sharad24'
option user_type 'rouser'
Q:1 How to check how SNMP access levels are configured?
Q:2 How to know if SNMP service is enabled or not?
UCI Configuration Verification
This section focuses on checking the UCI (Unified Configuration Interface) settings for SNMP on the PE device.
Show UCI SNMP Configuration
The uci show snmp command displays all SNMP-related configuration settings, providing a clear overview of the current setup. This is a quick way to verify that SNMP is enabled and configured as expected.
uci show snmp
Example Response:
snmpd.@agent[0]=agent
snmpd.@agent[0].agentaddress='UDP:161'
snmpd.@agentx[0]=agentx
snmpd.@agentx[0].agentxsocket='/var/run/agentx.sock'
snmpd.public=com2sec
snmpd.public.secname='ro'
snmpd.public.source='default'
snmpd.public6=com2sec6
snmpd.public6.secname='ro'
snmpd.public6.source='default'
snmpd.public6.community='public'
snmpd.private6=com2sec6
snmpd.private6.secname='rw'
snmpd.private6.source='localhost'
snmpd.private6.community='private'
snmpd.public_v1=group
snmpd.public_v1.group='public'
snmpd.public_v1.version='v1'
snmpd.public_v1.secname='ro'
snmpd.public_v2c=group
snmpd.public_v2c.group='public'
snmpd.public_v2c.version='v2c'
snmpd.public_v2c.secname='ro'
snmpd.all=view
snmpd.all.viewname='all'
snmpd.all.type='included'
snmpd.all.oid='.1'
snmpd.public_access=access
snmpd.public_access.group='public'
snmpd.public_access.context='none'
snmpd.public_access.version='any'
snmpd.public_access.level='noauth'
snmpd.public_access.prefix='exact'
snmpd.public_access.read='all'
snmpd.public_access.write='none'
snmpd.public_access.notify='none'
snmpd.@system[0]=system
snmpd.@system[0].sysLocation='Nadiad'
snmpd.@system[0].sysContact='apex_connected.ltd1@gmail.com'
snmpd.@system[0].sysName='myhost.com'
snmpd.@system[0].sysDescr='system'
snmpd.@exec[0]=exec
snmpd.@exec[0].name='filedescriptors'
snmpd.@exec[0].prog='/bin/cat'
snmpd.@exec[0].args='/proc/sys/fs/file-nr'
snmpd.@engineid[0]=engineid
snmpd.@engineid[0].engineidtype='3'
snmpd.@engineid[0].engineidnic='eth0'
snmpd.general=snmpd
snmpd.general.enabled='1'
snmpd.sharad=user
snmpd.sharad.name='sharad'
snmpd.sharad.sec_level='auth'
snmpd.sharad.auth_proto='SHA'
snmpd.sharad.auth_pass='sharad24'
snmpd.sharad.user_type='rouser'
Q:1 What is the community configuration for SNMPv1/v2c?
Q:2 What is the first step to verify SNMP configuration?
Q:3 What does snmpd.general.enabled indicate?
Run-Time Configuration Verification
This step involves checking the real-time status of the SNMP service on the PE device.
Check SNMP Service Status
The /etc/init.d/snmpd status command checks whether the SNMP service is currently running.
/etc/init.d/snmpd status
- If the service is not running, start it with the following command:
/etc/init.d/snmpd start
- To stop the SNMP service, use:
/etc/init.d/snmpd stop
Q:1 How to stop SNMP service?
Q:2 Can I view the status of the SNMP service in real-time?
Q:3 With what privilege is it necessary to run these commands on the PE device?
Testing and Verification
These commands are used on a client machine to test SNMP connectivity and data retrieval from the PE device.
SNMPv2c Walk Test
The snmpwalk -v2c -c <community string> <pe> command retrieves all SNMP information from a PE device using SNMP version 2c. This verifies that the SNMP service, community string, and network connectivity are all functioning correctly.
snmpwalk -v2c -c <community string> <pe>
Example Command:
snmpwalk -v2c -c private 34.93.45.2
Example Response:
iso.3.6.1.2.1.1.1.0 = STRING: "system"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
...
SNMPv3 Walk Tests
These commands are used to test SNMPv3 configuration, including security settings and authentication.
General SNMPv3 Command
This general command retrieves data from a device using SNMPv3 and is useful for checking security settings, authentication, and overall connectivity.
snmpwalk -v3 -l <sec level> -u <user> -a <auth proto> -A <auth pass> -x <privacy proto> -X <privacy pass> <pe>
Example Command:
snmpwalk -v3 -l authPriv -u sharad -a SHA -A sharad24 -x AES -X snmp12345 34.93.45.2
SNMPv3 with noAuthNoPriv
Use this command to test SNMPv3 reachability without authentication or encryption. This is a basic check to ensure the service is responsive.
snmpwalk -v3 -l noAuthNoPriv -u <user> <pe>
Example Command:
snmpwalk -v3 -l noAuthNoPriv -u sharad 34.93.45.2
SNMPv3 with authNoPriv
This command is used to verify SNMPv3 configuration with authentication but no privacy. It checks the username and password details for correctness.
snmpwalk -v3 -l authNoPriv -u <user> -a <auth proto> -A <auth pass> <pe>
Example Command:
snmpwalk -v3 -l authNoPriv -u sharad -a SHA -A sharad24 34.93.45.2
Q:1 How can I verify SNMPv3 configuration with authentication and encryption?
Q:2 How do I test SNMPv3 without authentication or encryption?
Q:3 What should I do if SNMP walk returns errors or no response?
Log Verification
Checking logs can help you diagnose specific issues, such as failed authentication attempts or service errors.
Filter SNMP Service Logs
The logread | grep snmpd command filters the device's system logs to show only entries related to the snmpd service. This is useful for identifying startup errors, service restarts, or specific SNMP request issues.
logread | grep snmpd
Example Response:
Jul 8 14:54:45 Apex-PE-London-1 hiclouds_config.sh[29901]: restarting snmpd