SNMP troubleshooting

No MD5 Authentication with FIPS Enabled Devices

When setting up SNMP authentication properties, MD5 as an authentication method will not work with FIPS enabled environments. You will need to select SHA1 authentication instead.

You will also need to restart the probe services after any FIPS related changes.

To troubleshoot SNMP monitoring that is misconfigured or otherwise non-functional, try the following steps:

  • Verify you have enabled SNMP on the hardware device with a "GET" /"READ ONLY" community string of 'public'. Some hardware will have multiple places to enable this.
  • Verify that the devices are able to accept SNMP requests from "ALL" sources rather than specific IP addresses.
  • Ensure you have enabled SNMP by clicking All Devices[Device Name]> SettingsMonitoring Options tab and the community string populated. This is case sensitive.
  • Make sure the appropriate device class is selected on the All Devices[Device Name]> Settings > Properties tab.
  • Re-discover the device by running a discovery with the SNMP string populated with the community string.
  • Re-apply the Service Templates that may include:
    • NETWORK for switches for Network Devices.
    • Network and CISCO ASA/PIX for Cisco Firewalls, SonicWall for SonicWalls etc for Routers/Firewalls.
    • Dell, IBM or Intel Server hardware monitoring.

If you are still unable to receive SNMP information from the device after following the above steps, it is possible that SNMP is either incorrectly setup on the device or the prove cannot reach it. For further troubleshooting steps, we suggest verifying the SNMP status and connection outside of N-central probes using SNMP Walk utilities. Download an SNMP Walk application, such as MIB Browser from iReasoning. Install the software on the same server as the probe, point the SNMP Walk application at the SNMP enabled network device using its IP address then "walk" the device. After the "walk" completes, the application should display a list of the OIDs returned by the target device. If it does not, SNMP is not properly configured on the device or where it is unreachable it should return a connection error.

The device may also have limited support for SNMP details, with only sparse data returned. Conducting a Google search for its "MIB" file or "OID" list can help confirm this, as can insights from others who have attempted to monitor it. Typically, Tier 1 devices like Cisco, SonicWall, Procurve switches, etc., should operate without any problems.