Page 1 of 3
Port status not showing on Cisco switch using SNMPv3
Posted: Tue Jun 17, 2014 8:22 am
by riyasbasheer
Hi,
We have a Nagios XI 2014R1.0 server running on Cent OS 6.5 64 bit server. We wanted to monitor our Cisco switches over SNMPv3 and the port bandwidth checks are working fine - it is shows bandwidth graphs for all ports, but Nagios is not able to read the status of the ports.
Please see the output when I run the command manually:
[root@nagios ~]# /usr/local/nagios/libexec/check_ifoperstatnag 10502 -v3 -u snmprouser -A \SnMp@Gd! 192.168.13.14
Error in packet.
Reason: authorizationError (access denied to that object)
UNKNOWN - No info is being retrieved
The credentials are correct because Nagios is able to get the port bandwidth information using the same username and password.
What could be wrong here? Is it a configuration issue on the switch itself?
I have attached the snmpwalk output file I from the following command:
snmpwalk -v3 -u snmprouser -l AuthPriv -a md5 -A SnMp@Gd\! -x des -X SnMp@Gd\! 192.168.13.14 > snmpwalk.txt
Thanks!
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Tue Jun 17, 2014 9:23 am
by slansing
Can you show how you have these port status checks defined in XI? CCM > Services > "Service name" (click the diskette icon next to it in the list, and copy it's definition out of the new tab that opens and paste it here in code wraps please).
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Tue Jun 17, 2014 12:54 pm
by riyasbasheer
I just used the wizard so whatever is in the was created by the it. I will paste the command for you soon.
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Thu Jun 19, 2014 2:55 am
by riyasbasheer
Please find the service definition for both status and bandwidth below:
Code: Select all
define service {
host_name 192.168.13.14
service_description FastEthernet0 Status
use xiwizard_switch_port_status_service
check_command check_xi_service_ifoperstatusnag!10502!-v3 -u snmprouser -A SnMp@Gd! -x DES -X SnMp@Gd! -a MD5 -l authPriv
max_check_attempts 5
check_interval 5
retry_interval 1
check_period xi_timeperiod_24x7
notification_interval 60
notification_period xi_timeperiod_24x7
contacts nagiosadmin
_xiwizard switch
register 1
}
define service {
host_name 192.168.13.14
service_description FastEthernet0 Bandwidth
use xiwizard_switch_port_bandwidth_service
check_command check_xi_service_mrtgtraf!192.168.13.14_10502.rrd!50,50!80,80!M
max_check_attempts 5
check_interval 5
retry_interval 1
check_period xi_timeperiod_24x7
notification_interval 60
notification_period xi_timeperiod_24x7
contacts nagiosadmin
_xiwizard switch
register 1
}
We just upgraded Nagios to 2014R1.1 but same result with these checks. I have also attached a screenshot.
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Thu Jun 19, 2014 1:07 pm
by sreinhardt
Which version of the switch wizard are you using presently? Admin->Manage Wizards.
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Sun Jun 22, 2014 2:06 pm
by riyasbasheer
Network Switch/Router Wizard version is 2.0.5.
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Mon Jun 23, 2014 9:48 am
by tmcdonald
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Mon Jun 23, 2014 1:17 pm
by riyasbasheer
Thanks, I will try and let you know.
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Mon Jun 23, 2014 1:25 pm
by riyasbasheer
I will only get access to the Nagios server tomorrow. Meanwhile do you fix for the following command? If I can get it running from the command line, at least I know it's not a configuration issue on the switch.
If I can't get it running on the command line, the wizard is not going to work either, isn't it?
[root@nagios ~]# /usr/local/nagios/libexec/check_ifoperstatnag 10502 -v3 -u snmprouser -A \SnMp@Gd! 192.168.13.14
Error in packet.
Reason: authorizationError (access denied to that object)
UNKNOWN - No info is being retrieved
Re: Port status not showing on Cisco switch using SNMPv3
Posted: Mon Jun 23, 2014 3:13 pm
by sreinhardt
While not technically illegal, I would highly suggest staying away from @ symbols in community strings. Is it possible to change this on one device and test without it? Considering all your errors to this point are for authorization issues, let's start there.