Nagios xi Unable to monitor HP/Aruba Switches with routing

TorqueSteer · Post by **TorqueSteer** » Wed Jan 10, 2018 10:18 am

Hi everyone,

Having trouble monitoring some of our HP Procurve/Aruba 2920 Switches.

The 2920's that are just setup as standard Layer 3 switches, with a couple of VLANS added etc can be picked up fine using the configuration wizard.

For the 2920's that are setup with routing enabled, Nagios just can't get any SNMP response. and prompts me to try: /usr/bin/cfgmaker --show-op-down --noreversedns --zero-speed '100000000' 'mcmpublic@10.69.15.5:161::::2'

If I use SNMPWALK on my machine (on the same subnet as my nagios server) I can get a response.

Any help or tips would be much appreciated!

Post by **tgriep** » Wed Jan 10, 2018 2:57 pm

Couple of things to look at.
Check the settings on the HP Switch and see it there is any restrictions on which IP address can poll it with SNMP.
Run this on it to display the settings.

Code: Select all

show snmp-server

Can you run the same snmpwalk command in a shell on the Nagios server and does it return valid data?

In the xi GUI, make sure you are running the latest wizards by going to the Admin > Manage Config Wizards menu, click the Chec for Updates button and update the wizards if needed.

Any more questions, post them here.

Post by **cdienger** » Wed Jan 10, 2018 2:58 pm

Does running the same snmpwalk on the Nagios side give you any more details? It sounds like Nagios and your client machine are on the same subnet and the SNMP device's interface is on another, correct? Is ping enabled and if so is Nagios able to ping it? Is there anything preventing outbound traffic from Nagios? An iptables -L would show you current ip filtering rules.

TorqueSteer · Post by **TorqueSteer** » Fri Jan 12, 2018 6:53 am

Hi, thanks for the replies,

OK so my desktop machine and Nagios xi server are on the same subnet, one of the problem 2920's is on a different Subnet. Nagios is able to ping the Switch no problem. When I run a SNMPWALK query on my Windows desktop and Windows box running the Nagios Server (Hyper V) I get a response.

When I run the SNMPWALK query in a Nagios xi Shell I get a 'No response from 10.69.15.5' error.

All my Config wizards are up to date, so is Nagios xi.

If it helps, here is the SNMP query I ran from the Nagios xi shell: snmpwalk -v 2c -c mycommunitystring 10.69.15.5

Post by **lmiltchev** » Fri Jan 12, 2018 11:45 am

Have you checked the settings on the HP Switch to see it there is any restrictions on which IP address can poll it with SNMP? Have you verified that port 161 is open? Run the following command on the Nagios xi server, and show the output:

Code: Select all

nmap -sU 10.69.15.5 -p 161

TorqueSteer · Post by **TorqueSteer** » Fri Jan 12, 2018 12:14 pm

It looks like the port is open:

Here is my SNMP settings on the switch:

Post by **lmiltchev** » Fri Jan 12, 2018 2:26 pm

We don't have a switch in the office, so we are not able to test it. At this point, I am speculating but it is still possible that this is firewall/configuration issue. When I scan the UDP port 161 on one of my SNMP-enabled devices, I see this:

# nmap -sU x.x.x.x -p 161

Starting Nmap 6.47 ( http://nmap.org ) at 2018-01-12 12:37 CST
Nmap scan report for mytestbox (x.x.x.x)
Host is up (0.00022s latency).
PORT STATE SERVICE
161/udp open snmp

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

In the screenshot you showed us, the port is described as "open|fitered"... This state is described in the nmap documentation:

Occasionally, a service will respond with a UDP packet, proving that it is open. If no response is received after retransmissions, the port is classified as open|filtered.
This means that the port could be open, or perhaps packet filters are blocking the communication. Version detection (-sV) can be used to help differentiate the truly open
ports from the filtered ones.

Maybe you could try:

Code: Select all

nmap -sUV 10.69.15.5 -p 161

and/or use tcpdump or wireshark to determine what is going on.

Is the switch configured for "active" snmp polling or just for traps? Can you scan the UDP port via nmap and show the output?

Code: Select all

nmap -sU 10.69.15.5 -p 162

TorqueSteer · Post by **TorqueSteer** » Mon Jan 15, 2018 4:00 am

I think you may be onto something,

Different subnet, but I have two of the same model of switches.

One is just a Layer 3 routing not enabled - 10.69.132.3 Nagios picks this up fine.

the other has routing enabled - 10.69.132.1 - Nagios returns nothing from it.

So there could be something in the HP 2920's firmware that when routing is enabled, is applying some sort of filtering onto it's snmp?

TorqueSteer · Post by **TorqueSteer** » Mon Jan 15, 2018 5:37 am

Here is the result for the -sUV :

Post by **tgriep** » Mon Jan 15, 2018 1:41 pm

I think you are correct about a filter / firewall being enabled on the device that has routing enabled.
Whenever you see the State of the nmap command showing open|filtered for UDP port, that usually means that it is firewalled so check it to see if there is an access control list that has to be changed to allow the Nagios server to poll it.

Nagios Support Forum

Nagios xi Unable to monitor HP/Aruba Switches with routing

Nagios xi Unable to monitor HP/Aruba Switches with routing

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi

Re: Nagios xi Unable to monitor HP/Aruba Switches with routi