Welcome, Guest. Please login or register.

Author Topic: Forcing a specific SNMP version for discovery  (Read 5521 times)

jacobl

  • Guest
Forcing a specific SNMP version for discovery
« on: July 30, 2015, 10:43:32 PM »
I need to discover a sizable bunch of devices (Xerox MFP's) on my network that are SNMP v3 capable but do not have it configured -- only SNMP v1/v2c is currently configured. I'm beginning to think that I may have found a bug, since regardless of command specification, the attempted discovery is always using v3. Below is the command as generated by the GUI (System > NeDi > Discover) and corresponding output:

       /var/nedi/nedi.pl -vW -V1 -a 172.26.80.87

CLI :IO-Pty loaded
WEB :LWP-UserAgent loaded
RMON:1 entries (dev) read from nedi.monitoring
RMON:0 entries (node) read from nedi.monitoring
RUSR:1 entries (groups & 8 = 8 AND (phone != '' OR email != '')) read from nedi.users
TODO:Adding 172.26.80.87 (172.26.80.87) 0
RDEV:246 devices read from nedi.devices
RADR:4472 IF MAC, 0 Node MAC, 188 IP and 7 IPv6 addresses read.
OUI :23905 NIC vendor entries read
MAIN:No threads, set 1st at Thu Jul 30 14:58:05 2015

Discovery (1.4.300p4) /var/nedi/nedi.pl -vW -V1 -a 172.26.80.87
Started with 1 seeds at Thu Jul 30 14:58:05 2015
-------------------------------------------------------------------------------
Device Status Todo/Done-Time
===============================================================================
DISC:172.26.80.87 ID 172.26.80.87

Identify 172.26.80.87 ++++++++++++++++++++++++++
SNMP:Connect 172.26.80.87 public v3 Tout:2s MaxMS:1472 Retry:1 NB:0
EVNT:MOD=d/1 L=100 CL=nedn TGT=172.26.80.87 MSG=SNMP failed on 172.26.80.87 using /var/nedi/nedi.pl -vW -V1 -a 172.26.80.87
DISC:ToDo/Done-Time 0/0-0s

===============================================================================
Nothing discovered, nothing written...
END :Took 0 minutes

(Some of the spacing in the output got collapsed during cut-n-paste.)

As can be seen in the above output, NeDi attempts *only* SNMP v3 and fails. I did successfully query the same device with snmpwalk using both v1 and v2c.

Is there some trick I've missed? Any workarounds?

Many thanks in advance.

Peter@Lichtenberg

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: Forcing a specific SNMP version for discovery
« Reply #1 on: July 30, 2015, 11:55:02 PM »
Hello Jacobi,

with NeDi V1.43 you can try <nedipath>/nedi.pl -C <communitystring> -v -a <ip>

<nedipath>/nedi.pl -h
...
-C cmty   Prefer this community over those in nedi.conf and DB

Reagrds

 Peter

Peter@Lichtenberg

  • Newbie
  • *
  • Posts: 20
    • View Profile
Re: Forcing a specific SNMP version for discovery
« Reply #2 on: July 31, 2015, 02:02:46 PM »
Hello Jacobi,

with NeDi V1.43 GUI System->Export you can change the database records for one device or many devices.

snmpversion=130  means SNMPv2

     update devices set readcomm="<communitystring>", snmpversion=130 where device = "<device>"; 

Be careful, you manipulate the NeDi database records.
 
Regards

 Peter

jacobl

  • Guest
Re: Forcing a specific SNMP version for discovery
« Reply #3 on: July 31, 2015, 06:06:07 PM »
Hello Jacobi,

with NeDi V1.43 you can try <nedipath>/nedi.pl -C <communitystring> -v -a <ip>

<nedipath>/nedi.pl -h
...
-C cmty   Prefer this community over those in nedi.conf and DB

Reagrds

 Peter

Thank you for the suggestion, but community string is definitely not the problem -- as I indicated I can snmpwalk the device using the same community as long as I do it using SNMP v1 or v2c. I do get the same error from snmpwalk if I attempt to access the device using v3 protocol.

-Jacob.

jacobl

  • Guest
Re: Forcing a specific SNMP version for discovery
« Reply #4 on: July 31, 2015, 06:35:50 PM »
Hello Jacobi,

with NeDi V1.43 GUI System->Export you can change the database records for one device or many devices.

snmpversion=130  means SNMPv2

     update devices set readcomm="<communitystring>", snmpversion=130 where device = "<device>"; 

Be careful, you manipulate the NeDi database records.
 
Regards

 Peter

Interesting suggestion, but after browsing the entire devices database, I've verified that the device in question has not been added, and therein lies the problem -- if I understand the process correctly, it goes something like this:
  • NeDi executes SNMP v3 query to the device;
  • The device refuses, so the query errors out;
  • NeDi interprets the error as "device not SNMP-manageable" and does *not* add it to the database.

What I'm after is what I think the promise of the "-V" parameter is -- force the initial query to be of the particular protocol level. As my tests with snmpwalk indicate, if the initial query were protocol level v1 or v2c it would succeed.

For testing I'm using one specific device with known IP address. However, my network contains at least 40 to as many as 100+ such devices scattered in 14 buildings all over town. I need a reliable way to discover them all.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Forcing a specific SNMP version for discovery
« Reply #5 on: August 01, 2015, 12:32:07 AM »
Do you have public as v3 entry in nedi.conf?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

jacobl

  • Guest
Re: Forcing a specific SNMP version for discovery
« Reply #6 on: August 02, 2015, 08:50:48 AM »
Do you have public as v3 entry in nedi.conf?

No, no explicit v3 entries at all. I also tried with -C command-line parameter with identical results.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Forcing a specific SNMP version for discovery
« Reply #7 on: August 02, 2015, 01:53:12 PM »
Have you patched NeDi? Try this one:  http://www.nedi.ch/pub/nedi-1.4p5.tgz
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

jacobl

  • Guest
Re: Forcing a specific SNMP version for discovery
« Reply #8 on: August 03, 2015, 03:49:13 PM »
Have you patched NeDi? Try this one:  http://www.nedi.ch/pub/nedi-1.4p5.tgz

I had it at 1.4p4 previously, just patched it to the latest patch you linked. Regrettably, there is no observable improvement -- here are just a few relevant lines from the web-initiated discovery:

Discovery (1.4.300p5) /var/nedi/nedi.pl -vW -V1 -a 172.26.80.87
Started with 1 seeds at Mon Aug 3 09:37:08 2015
...
SNMP:Connect 172.26.80.87 public v3 Tout:2s MaxMS:1472 Retry:1 NB:0
EVNT:MOD=d/1 L=100 CL=nedn TGT=172.26.80.87 MSG=SNMP failed on 172.26.80.87 using /var/nedi/nedi.pl -vW -V1 -a 172.26.80.87
...
Nothing discovered, nothing written...

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Forcing a specific SNMP version for discovery
« Reply #9 on: August 03, 2015, 04:26:08 PM »
I really don't understand.  :-[  Can you make sure, you don't have any characters after public in nedi.conf?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

jacobl

  • Guest
Re: Forcing a specific SNMP version for discovery
« Reply #10 on: August 03, 2015, 05:16:04 PM »
Ah-ha! Now you nailed it -- I had a couple of tabs and a #comment on the same line as the community string in nedi.conf. Surprisingly, specifying -C on the command line did *not* override it either.

I don't know how difficult it would be to allow in-line comments (I was trying to annotate the various community strings in use on our network), but if it is more work than it's worth (after all one can have a full-line comment above or below) it would be helpful to document the strict requirement of having *no* trailing characters, not even white space.

Many thanks for the fine piece of software NeDi is, and your assistance in resolving this little glitch on my part.

-Jacob.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Forcing a specific SNMP version for discovery
« Reply #11 on: August 03, 2015, 05:52:35 PM »
No worries, glad it's ok now. Will keep your comment suggestion in mind (for less busy times)
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo