- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: net-snmp on HP-UX 11.31
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2013 02:59 AM
04-29-2013 02:59 AM
Re: net-snmp on HP-UX 11.31
Warning: no access control information configured.
(Config search path: /opt/iexpress/net-snmp/etc/snmp:/opt/iexpress/net-snmp/share/snmp:/opt/iexpress/net-snmp/lib/snmp://.snmp)
It's unlikely this agent can serve any useful purpose in this state.
Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for this agent.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-29-2013 10:19 AM
04-29-2013 10:19 AM
Re: net-snmp on HP-UX 11.31
>Warning: no access control information configured.
If there is nothing else in the log, then the snmpd is not reading the configuration file at all???
Wait... the command in my previous reply was supposed to be a single long line. If you typed it as two separate commands, that might explain this error.
>(Config search path: /opt/iexpress/net-snmp/etc/snmp:/opt/iexpress/net-snmp/share/snmp:/opt/iexpress/net-snmp/lib/snmp://.snmp)
According to this, you should probably put your snmpd.conf file to /opt/iexpress/net-snmp/etc/snmp/ directory. If the directory does not exist, create it. Then you should not need to explicitly tell snmpd the configuration file location with the -c option.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2013 07:40 AM
05-07-2013 07:40 AM
Re: net-snmp on HP-UX 11.31
Hi Matti,
Thank you for your patience, still doesnt work
I have snmp(HP's) running on udp 161 and net-snmp on 1161
HPUX-root-:/#>lsof -i udp:1161
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
snmpd 14558 root 6u IPv4 0xe00000036a2ba100 0t0 UDP *:netsnmp (Idle)
HPUX-root-:/#>lsof -i udp:161
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
snmpdm 14986 root 6u IPv4 0xe00000038ead7080 0t0 UDP *:snmp (Idle)
/opt/iexpress/net-snmp/bin/snmpwalk -m ALL -v 2c -c FusAfiL2IQs 172.16.184.34:1161 .1
Does not work
/opt/iexpress/net-snmp/bin/snmpwalk -m ALL -v 2c -c FusAfiL2IQs 172.16.184.34:161 .1
Works
/opt/iexpress/net-snmp/bin/snmpwalk -m ALL -v 2c -c public localhost:1161 .1
Works
Any idea's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2013 12:12 AM
05-08-2013 12:12 AM
Re: net-snmp on HP-UX 11.31
> /opt/iexpress/net-snmp/bin/snmpwalk -m ALL -v 2c -c FusAfiL2IQs 172.16.184.34:1161 .1
> Does not work
What is the error message? Is it "Timeout: No Response from 172.16.184.34:1161" or something else?
If you do this with snmpd debug logging enabled, do any new messages appear in the log? What do they say?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2013 01:16 AM
05-08-2013 01:16 AM
Re: net-snmp on HP-UX 11.31
/opt/iexpress/net-snmp/bin/snmpwalk -m ALL -Le -v 2c -c FusAfiL2IQs 172.16.184.34:1161 .1
Timeout: No Response from 172.16.184.34:1161
Log output is ( Verbose Mode)
NET-SNMP version 5.7.2
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:59733->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2013 01:37 AM
05-08-2013 01:37 AM
Re: net-snmp on HP-UX 11.31
Ok, Now I have made a minor chane to the snmpd.conf file
com2sec mynetwork 172.16.184.34 FusAfiL2IQs
Where the ip 172.16.184.34 belongs to the HP BOX and now when I do
/opt/iexpress/net-snmp/bin/snmpwalk -m ALL -Le -v 2c -c FusAfiL2IQs 172.16.184.34:1161 .1
it works
following is the log
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- ccitt.1
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysDescr.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysObjectID.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- DISMAN-EVENT-MIB::sysUpTimeInstance
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysContact.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysName.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysLocation.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORLastChange.0
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.1
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.2
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.3
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.4
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.5
Received SNMP packet(s) from UDP: [172.16.184.34]:60782->[0.0.0.0]:0
GETNEXT message
-- SNMPv2-MIB::sysORID.6
However Solarwinds ( windows server) still fails to snmpwalk the machine to the HP box on 1161 port.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2013 02:55 PM
05-08-2013 02:55 PM
Re: net-snmp on HP-UX 11.31
OK.
If I understood correctly, your snmpd.conf file should now have both IP addresses on com2sec lines:
com2sec mynetwork 172.16.5.57 FusAfiL2IQs com2sec mynetwork 172.16.184.34 FusAfiL2IQs
Now, if you try snmpwalk from the Solarwinds server, with the logging enabled at the HP-UX server, what happens?
Do you see messages like "Received SNMP packet(s) from UDP: [172.16.5.57]:<some port number>->[0.0.0.0]" in the log at the HP-UX server, or not?
If not, it may be a network communication issue in getting the packets from the Solarwinds server to the HP-UX server.
If the messages are appearing in the log and you are using the correct community name at the Solarwinds server, then it is probably another network communication issue: something is preventing the answers of the HP-UX server from getting back to the Solarwinds server.
If you see lines like this:
Connection from UDP: [172.16.5.57]:<some port number>->[0.0.0.0] REFUSED
... then your net-snmpd is receiving the query from the Solarwinds server, but rejecting it because the source IP address is not in the allowed list. The net-snmpd may be compiled with the "libwrap support" feature enabled: in that case, you should add a line like this to your /etc/hosts.allow file (or create the file if it does not exist):
snmpd: 127.0.0.1 172.16.184.34
If the log seems to indicate that net-snmpd is receiving and accepting the query from Solarwinds, or if no query from Solarwinds seems to be received at all, it might be a firewall issue.
SNMP is an UDP-based protocol. With UDP, allowing communication from A to B does not automatically guarantee that replies from B back to A are allowed too. This is because some UDP-based protocols are truly one-directional and won't ever reply. (For example, the syslog remote logging protocol.)
With TCP-based protocols, sending something from A to B always requires that B can send acknowledge messages back to A, so if communication from A to B is allowed, replies from B to A must be automatically allowed too.
Most modern protocols use TCP, so sometimes firewall administrators assume that the TCP behavior is the standard for all protocols, and forget that UDP-based protocols can be different. Some firewalls can automatically allow the replies with UDP protocols too, but that requires that the firewall "knows" how the UDP-based protocol is supposed to behave. A SNMP protocol in standard port 161 might have its responses handled automatically, but using SNMP with a custom port 1161 might need some special settings, or just a separate firewall rule like:
allow UDP packets from port 1161 of 172.16.184.34 to any port of 172.16.5.57
The usual firewall rules are like:
allow <protocol> from any port of <source IP> to port <number> of <destination IP>
so the net-snmp in a custom port might need a rule that works in a reverse sense. Most firewalls allow this, but the firewall administrator might not be able to use his/her "standard template" in defining the rule for net-snmp replies, so mistakes are more likely than usual.
The firewall might be implemented in software too: an IPFilter on the HP-UX system or a Windows firewall on the Solarwinds system might be causing the problem. If a HP-UX system has IPFilter installed and configured, its configuration files should be in /etc/opt/ipf. If that directory does not exist or is empty, you can be reasonably sure you don't have IPFilter active on your system.
- Tags:
- firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-08-2013 10:02 PM
05-08-2013 10:02 PM
Re: net-snmp on HP-UX 11.31
Thanks for detailed explanation, really appreciated. I have check with IP filtering
######-root-:/#> ipf -V
ipf: IPFilter is currently disabled
I will talk to security team today and see if there is any rule in place or if required will create one.
Thanks and will keep you posted
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2013 01:05 AM
05-09-2013 01:05 AM
Re: net-snmp on HP-UX 11.31
Ok, now i have some real data.
When I snmpwalk from the Solarwinds server ( 172.16.5.57) to HP-UX box 172.16.184.34 on SNMPv2 and the defined community, following is what is captured in the log file
NET-SNMP version 5.7.2
Received SNMP packet(s) from UDP: [172.16.184.34]:64617->[0.0.0.0]:0
GET message
-- SNMPv2-MIB::sysObjectID.0
Received SNMP packet(s) from UDP: [172.16.184.34]:64617->[0.0.0.0]:0
GET message
-- SNMPv2-MIB::sysObjectID.0
Received SNMP packet(s) from UDP: [172.16.184.34]:64617->[0.0.0.0]:0
GET message
-- SNMPv2-MIB::sysObjectID.0
The server fails detection on Solarwinds
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-12-2013 09:16 PM
05-12-2013 09:16 PM
Re: net-snmp on HP-UX 11.31
Hi Matti,
Here is my routing table
Routing tables
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 32808
172.16.184.34 172.16.184.34 UH 0 lan0 32808
172.16.184.0 172.16.184.34 U 2 lan0 1500
127.0.0.0 127.0.0.1 U 0 lo0 32808
default 172.16.184.1 UG 0 lan0 1500