I have in my environment nine mostly identical Extreme Networks switches. I'm monitoring them over SNMPv3. One of them, for reasons unknown, times out on any SNMP query:
pfrost@nagios:~$ snmpget switch06 -v 3 -u initial SNMPv2-MIB::sysDescr.0 snmpget: Timeout (plaintext scopedPDU header type 00: s/b 30) tcpdump indicates the switch is sending a reply (and the SNMP query/response counters on the switch confirm): pfrost@nagios:~$ sudo tcpdump -s 0 -i eth0 -vvv -i eth0 port snmp and host switch06 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 11:08:22.717981 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 92) nagios.macprofessionals.lan.52771 > switch06.macprofessionals.lan.snmp: [udp sum ok] { SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E= C= { GetRequest(14) R=98826882 } } } 11:08:22.719715 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 136) switch06.macprofessionals.lan.snmp > nagios.macprofessionals.lan.52771: [udp sum ok] { SNMPv3 { F= } { USM B=-838860580 T=147167 U= } { ScopedPDU E= 0x800x000x070x7C0x030x000x040x960x520x4F0xBF C= { Report(32) R=98826882 S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=7351 } } } [this exchange repeats a few times] I've compared this against a working reply from a different switch, and couldn't see any relevant differences: pfrost@nagios:~$ sudo tcpdump -s 0 -i eth0 -vvv -i eth0 port snmp and host switch05 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 11:19:42.913805 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 92) nagios.macprofessionals.lan.58019 > switch05.macprofessionals.lan.snmp: [udp sum ok] { SNMPv3 { F=r } { USM B=0 T=0 U= } { ScopedPDU E= C= { GetRequest(14) R=699839334 } } } 11:19:42.917389 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 136) switch05.macprofessionals.lan.snmp > nagios.macprofessionals.lan.58019: [udp sum ok] { SNMPv3 { F= } { USM B=13619213 T=835949 U= } { ScopedPDU E= 0x800x000x070x7C0x030x000x040x960x520x510x39 C= { Report(32) R=699839334 S:snmpUsmMIB.usmMIBObjects.usmStats.usmStatsUnknownEngineIDs.0=5372 } } } 11:19:42.917586 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 140) nagios.macprofessionals.lan.58019 > switch05.macprofessionals.lan.snmp: [udp sum ok] { SNMPv3 { F=r } { USM B=13619213 T=835949 U=initial } { ScopedPDU E= 0x800x000x070x7C0x030x000x040x960x520x510x39 C= { GetRequest(28) R=699839333 system.sysDescr.0 } } } 11:19:42.927783 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 238) switch05.macprofessionals.lan.snmp > nagios.macprofessionals.lan.58019: [udp sum ok] { SNMPv3 { F= } { USM B=13619213 T=835949 U=initial } { ScopedPDU E= 0x800x000x070x7C0x030x000x040x960x520x510x39 C= { GetResponse(125) R=699839333 system.sysDescr.0="ExtremeXOS version 12.6.2.10 v1262b10-patch1-3 by release-manager on Mon Dec 12 08:50:30 EST 2011" } } } Notably, if I enable SNMPv2c on switch06, it does work, though ultimately I'd want to stick with v3. NET-SNMP version 5.4.3, from Debian stable. Anyone have some idea what's going on here? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users