Are you able to get SNMPv2 to work? I would start there, that will let you know if you’ve got at least some piece working.

Cheers!

sys access-policy policy 25 name “HPNNMI”
sys access-policy policy 25 host 10.208.224.16
sys access-policy policy 25 service snmpv3 enable
sys access-policy policy 25 snmp-group-add readgrp snmpv1
sys access-policy policy 25 snmp-group-add readgrp snmpv2c
sys access-policy policy 25 snmp-group-add nortel1 usm

I think due to virus this this had caused. I had seen this virus issue causing the sender list of igmp to get filled up and causing 100-% CPU utilisation in 8600 at different network. After implementing proper antivirus in the network it’s working fine now.

Now I want to reconfigure the core 8300 and do the multicast routing in core only. May b it can shoot CPU and memory utilisation up but stil I want to check. Pim sm is the only option. Core is running software version 4.2.

I need ur help in this regard that whether it’s possible to upgrade the dram of 839rsf module which is having default 128 mb of dram.

I never tried it myself, so I don’t really know. Sorry.

In ERS 8600 can we create any access list/policy so that we can block certain Multicast Group Addresses (229.x.x.x) from being sent/floooded ? DVMRP has been implemented for multicast routing.

Hi Marc,

Well something needs to be wrong somewhere. Have you tried restarting the switch? You might have a corrupt file, so you might need to delete the file p80c3717.img and then re-upload it to the switch.

You should see the 3DES file loaded from a ‘config info’ like so (this was run from a 5.1.2.0 software);

ERS-8610:6# config info

Sub-Context: clear config dump monitor mplsping mplstrace peer show switchover test trace wsm asfm sam
Current Context:

        load-encryption-module : 3DES File p80c5120.img
                       setdate : N/A
           mac-flap-time-limit : 500
            auto-recover-delay : 30

Good Luck!

Will you help me?
I’ve got a problem with the module on a passport 3DES 8010.
My image p80c37170.img, unable to load the software.

I can not load module 3DES.
In my logs I get the message:
SW ERROR Dynamic loading of 3DES encryption module failed, Module IS Already loaded.

I do not see the module to load when I type the command “config info” and when I run the SSH command he replied “no matching cipher found”.

All this worked well on other passport with the same software.

Do you have an answer to this problem?

Regards.

This is the first policy

sys access-policy policy 1 disable
sys access-policy policy 1 service ftp enable

I finally got the root cause of this issue. Someone changed the security name of community and that’s why the original community strings couldn’t match default groups for SNMPv1/v2.

Thanks for your kind help and advices.

In your example you were configuring the second rule. What was the first access policy rule?

That rule might be blocking you. I believe you can show the statistics of how many time each rule is fired or triggered although I can’t remember the command right now.

Cheers!

Thanks for your advices. I could access ERS8600 when I disabled the access policy and the global SNMP access is enabled from bootconfig flags. So, I am wondering what else I should setup for SNMP access with access policy.

Regards

Hi dophilin,

If you disable the access policy can you access the switch via SNMP? This will help you determine if the problem is with the access policy or if the problem lies in your SNMP configuration.

You might want to make sure that someone hasn’t disabled SNMP globally from the bootconfig flags. You can check that by issuing a “show config bootconfig flags” command.

You might want to post the specific details of your problem over on the forums; http://forums.networkinfrastructure.info/nortel-ethernet-switching/

Good Luck!

I have a question about access policy for SNMP. The configuration below is the access policy on an ERS8600 and I also changed the default community to new one. But, I still can’t use SNMPv1/v2 to get data from ERS8600. Could you please let me know what I might miss ?

Thanks

sys access-policy policy 2 create
sys access-policy policy 2 accesslevel rwa
sys access-policy policy 2 name “mgmt access”
sys access-policy policy 2 precedence 1
sys access-policy policy 2 network 172.16.0.0/16
sys access-policy policy 2 service snmpv3 enable
sys access-policy policy 2 service telnet enable
sys access-policy policy 2 service tftp enable
sys access-policy policy 2 snmp-group-add readgrp snmpv1
sys access-policy policy 2 snmp-group-add readgrp snmpv2c
sys access-policy policy 2 snmp-group-add v1v2grp snmpv1
sys access-policy policy 2 snmp-group-add v1v2grp snmpv2c

Hi Justin,

Glad to hear you figured it out!

Cheers!

Here’s a few quick commands that you can use on the ERS 8600 to enable SNMP v3 access (assuming you don’t have an access policy restricting access).

You’ll need to substitute the variables in {} with your appropriate IP addressing and passwords, etc.

config load-encryption-module 3DES /flash/p80c4182.img
config load-encryption-module AES /flash/p80c4182.aes

config snmp-v3 usm create Manager sha auth {auth_password} priv-prot aes priv {priv_password}
config snmp-v3 group-access create admin "" usm authPriv
config snmp-v3 group-access view admin "" usm authPriv read root write root notify root
config snmp-v3 group-member create Manager usm admin
config snmp-v3 target-addr delete TAddr1
config snmp-v3 target-addr delete TAddr2
config snmp-v3 target-addr create HP_OpenView {HP OPENVIEW OPENVIEW IP ADDRESS}:162 TparamV1 taglist trapTag

config snmp-v3 usm delete initial

config sys set snmp sender-ip {HP OPENVIEW IP ADDRESS} {CLIP INTERFACE}
config sys set snmp force-trap-sender true
config sys set snmp force-iphdr-sender true

Hopefully that should get you going…

Cheers!