SNMPv3 (SNMP v3) Troubleshooting

PROBLEM:

SNMPv3 tests that are in an unknown state unexpectedly

 

RESOLUTION:

When troubleshooting SNMPv3 tests that are in an unknown state unexpectedly, the following information should help you get started.

 

  • SNMP Query Optimization

Please review https://kaseya.zendesk.com/entries/94073587 and determine if turning off SNMP query optimization resolves the issue

 

  • Unique EngineID

A limitation of monitoring multiple SNMPv3 devices by the same poller (DGE or DGE-X) is that each individual SNMPv3 device will require a unique engineID. There is currently no reliable way to monitor two SNMPv3 devices that share an engineid due to the nature of the "handshake" and how SNMPv3 encryption works. A symptom of this is that one or more of the devices tests that share the same engineid will start to time out because results are then thrown away/rejected. Please review the engineID across all SNMPv3 devices provisioned on a specific DGE(-X) to make sure they are all unique.

 

Please note failover/redundant devices tend to share engineIDs.

Additional information

https://supportforums.cisco.com/thread/2141288

https://supportforums.cisco.com/discussion/11596656/snmp-does-not-work-standby-asa-firewalls

 

Assigning an engineID based on the MAC address is recommended. For LINUX servers using the net-snmp agent, setting 'engineIDType 3' may accomplish this.

http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html

 

  • Traverse MIB Browser

Confirm that one of the tests' OID responds to an snmpget within the Traverse MIB Browser. 

  • Make note of the OID or copy and paste it from the test settings page
  • Navigate to STATUS > DEVICES
  • Highlight the device in question by left-clicking the device row (not the hyperlink)
  • A gear icon to the right should now be visible
  • Left-click the gear icon and select 'Additional Tools'
  • Click on 'go' under SNMP MIB Browser
  • Paste the OID and into the OID field and select 'Get' as the operation. Click Go to confirm a result is retrieved

 

  • Time Settings

Please review the system' time settings on the SNMPv3 device to make sure it is accurate

 

  • System Utilization

Please review the device's system utilization or if any SNMP "low priority" configuration may be in place. This would be more relevant, but not limited to servers. If the SNMPv3 device may be having low system resources, SNMP queries may be ignored or slow to respond, leading to tests timing out.

 

  • AES 256

Unfortunately, Traverse's java library/stack only supports AES-128.

 

APPLIES TO:

All versions of Traverse

Have more questions?

Contact us

Was this article helpful?
1 out of 1 found this helpful

Provide feedback for the Documentation team!

Browse this section