In this article we are going to go through different problems that can happen during SNMP installation and or usage.


First of all, in order to utilize the SNMP support in the netconfd-pro server it is required to install Net-SNMP server with the version 5.7.3 or higher.


In order to link Net-SNMP to netconfd-pro the Net-SNMP header files have to be installed on the system. Also, to run the netconfd-pro server with SNMP support both the snmpd and snmptrapd must be available. To test the SNMP support having the client (agent) tools provide by Net-SNMP, such as snmpget, snmpwalk, snmpbulkget, etc. would be useful to have installed.

The following instructions will install Net-SNMP and its client tools.


NOTE: there are many parameters for building Net-SNMP, this is only one of them. For other options please refer to http://www.net-snmp.org/


First download the version of Net-SNMP you wish to use. The following instructions use net-snmp-5.7.3 as an example. This will install the binaries and .h header files needed:


  tar -zxvf net-snmp-5.7.3.tar.gz
  cd net-snmp-5.7.3
  ./configure --with-defaults --disable-embedded-perl --without-perl-modules
  make
  sudo make install


In order to utilize YumaPro SNMP support you need to install yumapro-snmp-eval package rather than yumapro-eval package if you are evaluating YumaPro product. If you already installed regular eval package you can simply uninstall yumapro-eval and install yumapro-snmp-eval and you should be up and running.



If you have an access to the source code the following steps are required to build the server with SNMP support:


  sudo make EVERYTHING=1 WITH_SNMP=1 uninstall
  make EVERYTHING=1 WITH_SNMP=1 distclean
  make EVERYTHING=1 WITH_SNMP=1 
  sudo make EVERYTHING=1 WITH_SNMP=1 install


If you have an access to the source, to test the SNMP client features, GET, WALK, etc., the IF-MIB has been included and built as a Server Instrumentation Library (SIL) and you will need to build and install the IF-MIB SIL. From the top-level directory:


  cd libif-mib
  make
  sudo make install


Otherwise, the IF-MIB library will be included in your eval package installation and you do not have to install anything explicitly.


To run netconfd-pro server you should launch it with the parameters below to allow you to see the debug messages as the examples are running and also avoid any issues with existing configurations. The load-module command loads the IF-MIB SIL described previously:


sudo netconfd-pro with-snmp=true module=IF-MIB


NOTE: the server needs to be run at the root level as it uses restricted ports as part of the SNMP standard.

Troubleshooting 

1) When you start the netconfd-pro server and do not see the following output in the log:


...
SNMP initializing master ...
NET-SNMP version 5.9
...


Make sure that you installed Net-SNMP server. Also make sure that you are running yumapro-snmp-eval package or build the server with WITH_SNMP=1 flag if you have access to the source code.

2) When you start the netconfd-pro server and trying to send the snmpget or similar command to the server and do not get any response, for example:


> snmpget -v 2c -c public localhost 1.3.6.1.2.1.2.1.0
no response from local host


Make sure that you installed Net-SNMP server. Also make sure that you are running yumapro-snmp-eval package or build the server with WITH_SNMP=1 flag if you have access to the source code. 

Verify that you have the above logging output (1) in the server log to ensure that you have the server setup that supports SNMP protocol.


3) When you start the netconfd-pro server and trying to send the snmpget or similar command to the server and the following response, for example:


> snmpget -v 2c -c public localhost 1.3.6.1.2.1.2.1.0
Error: agt_ypsnmp_sec No security name found


Make sure that the snmpd.conf file exist and that it has proper setting for the security name that matches the security name in your request. Refer to the attached snmpd.conf file that exemplifies common settings.


Netconfd-pro implements NACM (NETCONF Access Control Model) to manage and control the access to YANG objects supported by the device. Since NACM already provides the authorization, VACM has to be disabled when processing SNMP v3 requests. More information about the configuration and management of Net-SNMP authentication is available on-line as part of Net-SNMP documentation.

Net-SNMP makes use of 2 configuration files to control its operation and the management information provided.

  1. /var/net-snmp/snmpd.conf – This file contains the SNMP v3 specific configuration related to allowed user names and passwords.

  2. /usr/local/share/snmp/snmpd.conf – This file contains generic configuration information including SNMP v1 and v2c related community strings that perform basic authentication. If not found in the path specified before, the configuration file may be found in the /etc/yumapro/snmpd.conf, move this file to the locations listed above to make this configuration file be active.


The location of snmpd.conf file is OS dependent and Net-SNMP installation dependent. The above paths examples are just common locations where the snmpd.conf file may be installed by default. Refer to the Net-SNMP documentation for more information regarding common and custom locations of snmpd.conf file.


4) SET operation does not work.

SET operations are not supported.

GET operations and SNMPv1 Traps are only supported operations.


5) How frequently Net-SNMP updates are provided by YumaWorks?


Never. YumaWorks does not provide net-snmp updates


6) In case the server was started successfully and you see Net-SNMP logging in the netconfd-pro log output but do not get replies from the server on any snmp requests, such as snmpget or snmpwalk and getting:


> snmpget -v 2c -c public localhost 1.3.6.1.2.1.2.1.0
IF-MIB::ifNumber.0 = No Such Object available on this agent at this OID


Make sure that the snmpd demon is not running in parallel and do not binding the socket, that was the netconf-pro server cannot bind to that socket since it is in use. In this case modify the snmpd.conf file and add debug logging into it:


...
rocommunity  public
...

[snmp]
doDebugging 1
debugTokens  netsnmp_udp_getSecName,sess_process_packet,netsnmp_udp,read_config

After that you can check the log of the netconfd-pro server and check if the socket is in use. Snippet from the netconfd-pro server log:

netsnmp_udpbase: set IP_PKTINFO
netsnmp_udpbase: binding socket: 5 to UDP: [0.0.0.0]:0->[0.0.0.0]:161
netsnmp_udpbase: failed to bind for clientaddr: 98 Address already in use
netsnmp_udp6: open local UDP/IPv6: [::]:161
netsnmp_udpbase: binding socket: 5 to UDP/IPv6: [::]:161

If you see that the socket is in use, stop the snmpd demon as follows and restart the netconfd-pro server:

> sudo service snmpd stop