I wan to my Nortel Switch ERS-8610 (5.1.3.1) send syslog traps to one of my server IP 10.67.X.X.
I followed your tips but fails to configure and getting below message

GDPREBS3-COR-4A:5/config/sys/set# snmp sender-ip 10.67.80.70
Not enough required parameters entered
set snmp trap sender Ip
Required parameters:
= ip address {a.b.c.d}
= ip address {a.b.c.d}
Command syntax:
sender-ip

please advice

I have more than 4 sites and i need to view all the devices Switches and WLCs.. please help me

Thanks.

Id: 1
Name: default
PolicyEnable: false
Mode: allow
Service: ftp|http|tftp|telnet|ssh|snmpv3
Precedence: 128
NetAddrType: any
NetAddr: N/A
NetMask: N/A
TrustedHostAddr: N/A
TrustedHostUserName: none
AccessLevel: readOnly
AccessStrict: false
Usage: 1

Id: 2
Name: secure
PolicyEnable: true
Mode: allow
Service: ftp|http|tftp|telnet|rlogin|ssh|snmpv3
Precedence: 10
NetAddrType: ipv4
NetAddr: 0.0.0.0
NetMask: 0.0.0.0
TrustedHostAddr: 0.0.0.0
TrustedHostUserName: secure
AccessLevel: readWriteAll
AccessStrict: false
Usage: 1459

Id: 10
Name: policy10
PolicyEnable: true
Mode: allow
Service: ftp|http|tftp|telnet|ssh|snmpv3
Precedence: 10
NetAddrType: ipv4
NetAddr: 10.10.1.0
NetMask: 255.255.255.0
TrustedHostAddr: 0.0.0.0
TrustedHostUserName: none
AccessLevel: readWriteAll
AccessStrict: false
Usage: 27016

mch8610a:5#

Well you’re not talking about SNMPv3 you’re talking about SNMPv2/SNMPv1 correct? I believe you need to allow SNMPv2/SNMPv1.

Perhaps you could show us your access policy?

show sys access-policy info

You might want to refer to this blog post.

Good Luck!

I have started a discussion on the Network Infrastructure forum….no luck getting this to work yet…crazy. http://forums.networkinfrastructure.info/nortel-ethernet-switching/snmpv2c-from-snmpv3-on-an-8610/

Thanks

Hi Bill,

Do you have any access policies configured?

Cheers!

Communities are there:

show snmp-v3 community

================================================================================
Community Table
================================================================================
Index Name Security Name Context Name Transport Tag
——————————————————————————–
first ******** readView
second ******** writeView

2 out of 2 Total entries displayed
——————————————————————————–

Thanks for sharing the solution Bill.

You will see an orange lock, on the device, in ESM.

Hi Bill,

I don’t believe Enterprise Switch Manager (ESM – which has been retired) supports SNMPv3. I’m guessing you have this problem on all your switches?

What version of software on the ERS 5520? What version of ESM? What version of JDM?

Good Luck!

Any ideas?

Thanks,
Bill

I found it documented in the 8600’s SNMP guide from Avaya (Page 22)

http://www.google.ca/url?sa=t&rct=j&q=%22circuitless%22%20%228600%22%20%22trap-sender%22%20site%3Aavaya.com&source=web&cd=1&ved=0CCEQFjAA&url=http%3A%2F%2Fsupport.avaya.com%2Fcss%2FP8%2Fdocuments%2F100123752&ei=n5hrT_n5OeeQiQK0woHCBQ&usg=AFQjCNGQ1x44lcqpJZBgU7BashxeRZ8Kow

Hi Adel,

Thanks for the kind words. I believe it does need to be a CLIP interface.

Cheers!

Thanks for your great blog. It has been very helpful since I started working with Avaya devices.

I just have a question about setting the source of the SNMP traps. Does it work only with the CLIP? I have tried using the following commands to send the traps to our syslog server (SNMP trap receiver as well) from one of the routed VLAN interfaces but it did not work.

config sys set snmp sender-ip
config sys set snmp force-trap-sender true
config sys set snmp force-iphdr-sender true

On the syslog server, I am filtering the traps based on the 8600 source IP I configured above. However, the traps were not emailed to me by the syslog server. I then ran some packet captures and discovered the source IP was not altered. The traps were sent from the 8600 outgoing interface instead (as shown in the routing table).

I then tried using the CLIP as the source IP and it all worked fine.

Do you know if this feature is limited to the CLIP only?

Thanks,

Hi Vijay,

You simply follow the instructions I’ve laid out in the past above for the ERS 4500 series switches.

Good Luck!

I need to update my Nortel 4550T-PWR switches with the new snmp v3 read-only and read-write passwords. Also i need to enable md5 Authentication and AES encryption on it. Currently it is running snmpv2c. How can i do that.

Hi Siddharth,

What are you doing via SNMP when the CPU utilization goes to 100%? If you are walking a large MIB then the reaction is expected since you are heavily polling the switch. If I walk the RFC 1493 Bridge MIB I’ll spike my CPUs as well. That’s because I have some 6000 devices in my FDB/MAC tables so that’s a lot of information for the CPU to gather.

Unless you are having performance issues it’s probably safe to ignore.

Cheers!

Hi Swin,

You most likely have a configuration error. You should review your configuration.

Good Luck!

usmStatsDecryptionErrors: The packet can’t be decrypted

Thanks for your reply.
Below are the relevent sections:

#
# SNMP V3 GROUP MEMBERSHIP CONFIGURATION
#

snmp-v3 group-member create Manager usm admin

#
# SNMP V3 GROUP ACCESS CONFIGURATION
#

snmp-v3 group-access create “admin” “” usm authPriv
snmp-v3 group-access view “admin” “” usm authPriv read “root” write “root” notif
y “root”

#
# SNMP V3 MIB VIEW CONFIGURATION
#

snmp-v3 mib-view create root 1.3 type include

#
# SNMP V3 NOTIFY CONFIGURATION
#

#
# SNMP V3 TARGET ADDRESS CONFIGURATION
#

snmp-v3 target-addr create “HPopenview” 10.0.23.31:162 “TparamV1” tdomain i
pv4_tdomain timeout 1500 retry 3 taglist trapTag mms 484
snmp-v3 target-addr create “Testpc” 172.16.0.222:162 “TparamV1” tdomain ipv4_
tdomain timeout 1500 retry 3 taglist trapTag mms 484

#
# SNMP V3 TARGET PARAMS CONFIGURATION
#

#
# SNMP V3 NOTIFY FILTER CONFIGURATION
#

snmp-v3 ntfy-filter delete profile1 99.3.6.1.6.3.1.1.4.1

#
# SNMP V3 NOTIFY FILTER PROFILE CONFIGURATION
#

#
# SNMPLOG CONFIGURATION
#

snmp snmplog enable true
snmp snmplog maxfilesize 256
#

Hi Ahmed,

Can you post the relevant sections of your configuration?

Cheers!