--- Begin Message ---
Jethro,
Thanks a bunch! Netdisco is live on my network.
Regards,
-------
Damian Cleveland
Networking Engineering
Institute For Defense Analyses, Princeton, NJ
Office:609-279-6265
Mobile:609-235-8870
--------
From: "Jethro Binks" <jethro.bi...@strath.ac.uk>
To: "netdisco-users" <netdisco-users@lists.sourceforge.net>
Sent: Thursday, December 26, 2024 11:16:21 AM
Subject: Re: [Netdisco] Unable to SNMP connect to Palo Alto firewall
> [272719] 2024-12-23 15:57:44 debug [192.168.42.97:161] try_connect with v: 3,
> t: 0.2, r: 0, class: SNMP::Info, comm: <hidden>
v: 3 here suggests ND is trying SNMP v3.
> device_auth:
> - tag: paloalto
> network: 192.168.42.97
> snmp_version: 2 (I've used 2c here as well but get the same result)
> snmp_community: netdisco_comm
"snmp_community" is invalid. Use simply "community" here. You don't need
"snmp_version" (also invalid), if you use "community" then snmp v1/2c are
implied (and I guess v3 is implied if you don't use "community", even though
the required "tag" and "user" are also not present - perhaps netdisco could
exit more informatively here under these conditions).
Documentation: [
https://github.com/netdisco/netdisco/wiki/Configuration#device_auth |
https://github.com/netdisco/netdisco/wiki/Configuration#device_auth ]
Jethro.
. . . . . . . . . . . . . . . . . . . . . . . . .
J ethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK
The University of Strathclyde is a charitable body, registered in Scotland,
number SC015263.
From: Damian R. Cleveland <dcl...@idaccr.org>
Sent: 23 December 2024 4:16 PM
To: netdisco-users@lists.sourceforge.net <netdisco-users@lists.sourceforge.net>
Subject: [Netdisco] Unable to SNMP connect to Palo Alto firewall
Hello.
I am a first-time ND user.
I can't SNMP connect to my PA FW, even though snmp walks from the server are
successful.
Here are the results from SHOW_COMMUNITY=1 ~/bin/netdisco-do discover -d
192.168.42.97 -DIQ.
[272719] 2024-12-23 15:57:44 info App::Netdisco version 2.080003 loaded.
[272719] 2024-12-23 15:57:44 info discover: [192.168.42.97] started at Mon Dec
23 10:57:44 2024
SELECT me.version, me.installed
FROM dbix_class_schema_versions me
WHERE 1 = 0
SELECT me.version
FROM dbix_class_schema_versions me
ORDER BY installed DESC
LIMIT '1'
SELECT me.ip, me.alias, me.subnet, me.port, me.dns, me.creation
FROM device_ip me
WHERE me.alias = '192.168.42.97' AND me.ip = '192.168.42.97'
SELECT me.ip, me.alias, me.subnet, me.port, me.dns, me.creation
FROM device_ip me
WHERE alias = '192.168.42.97'
SELECT me.ip, me.creation, me.dns, me.description, me.uptime, me.contact,
me.name, me.location, me.layers, me.num_ports, me.mac, me.serial,
me.chassis_id, me.model, me.ps1_type, me.ps2_type, me.ps1_status,
me.ps2_status, me.fan, me.slots, me.vendor, me.os, me.os_ver, me.log,
me.snmp_ver, me.snmp_comm, me.snmp_class, me.snmp_engineid, me.vtp_domain,
me.vtp_mode, me.last_discover, me.last_macsuck, me.last_arpnip, me.is_pseudo,
me.pae_is_enabled, me.custom_fields, me.tags, to_char( me.creation, 'YYYY-MM-DD
HH24:MI' ), to_char( me.last_arpnip, 'YYYY-MM-DD HH24:MI' ), to_char(
me.last_discover, 'YYYY-MM-DD HH24:MI' ), to_char( me.last_macsuck, 'YYYY-MM-DD
HH24:MI' ), extract( epoch
FROM age( LOCALTIMESTAMP, me.creation ) ), extract( epoch
FROM age( LOCALTIMESTAMP, me.last_arpnip ) ), extract( epoch
FROM age( LOCALTIMESTAMP, me.last_discover ) ), extract( epoch
FROM age( LOCALTIMESTAMP, me.last_macsuck ) ), replace( age( timestamp 'epoch'
+ me.uptime / 100 * interval '1 second', timestamp '1970-01-01 00:00:00-00' )
::text, 'mon', 'month' )
FROM device me
WHERE me.ip = '192.168.42.97'
[272719] 2024-12-23 15:57:44 debug discover: running with timeout 600s
[272719] 2024-12-23 15:57:44 debug //// CHECK \\\\ phase
[272719] 2024-12-23 15:57:44 debug ⮕ worker Internal::BackendFQDN p1000000
[272719] 2024-12-23 15:57:44 debug ⮕ worker Internal::SNMPFastDiscover p1000000
[272719] 2024-12-23 15:57:44 debug running with configured SNMP timeouts
[272719] 2024-12-23 15:57:44 debug ⮕ worker Discover p0
[272719] 2024-12-23 15:57:44 debug ⬅ (done) Discover is able to run.
[272719] 2024-12-23 15:57:44 debug //// EARLY \\\\ phase
[272719] 2024-12-23 15:57:44 debug ⮕ worker Discover::Properties p100
[272719] 2024-12-23 15:57:44 debug snmp reader cache warm: [192.168.42.97]
SELECT me.ip, me.snmp_comm_rw, me.snmp_auth_tag_read, me.snmp_auth_tag_write
FROM community me
WHERE me.ip = '192.168.42.97'
SELECT me.ip, me.snmp_comm_rw, me.snmp_auth_tag_read, me.snmp_auth_tag_write
FROM community me
WHERE me.ip = '192.168.42.97'
[272719] 2024-12-23 15:57:44 debug [192.168.42.97:161] try_connect with v: 3,
t: 0.2, r: 0, class: SNMP::Info, comm: <hidden>
SNMP::Info::_global uptime : DISMAN-EVENT-MIB::sysUpTimeInstance :
.1.3.6.1.2.1.1.3.0
SNMP::Info::_global(uptime) Timeout at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
SNMP::Info::_global hrSystemUptime : HOST-RESOURCES-MIB::hrSystemUptime.0 :
.1.3.6.1.2.1.25.1.1.0
SNMP::Info::_global(hrSystemUptime) Timeout at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
SNMP::Info::_global sysUpTime : DISMAN-EVENT-MIB::sysUpTimeInstance :
.1.3.6.1.2.1.1.3.0
SNMP::Info::_global(sysUpTime) Timeout at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
[272719] 2024-12-23 15:57:45 debug [192.168.42.97:161] try_connect with v: 3,
t: 3, r: 2, class: SNMP::Info, comm: <hidden>
SNMP::Info::_global uptime : DISMAN-EVENT-MIB::sysUpTimeInstance :
.1.3.6.1.2.1.1.3.0
SNMP::Info::_global(uptime) Unknown user name at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
SNMP::Info::_global hrSystemUptime : HOST-RESOURCES-MIB::hrSystemUptime.0 :
.1.3.6.1.2.1.25.1.1.0
SNMP::Info::_global(hrSystemUptime) Unknown user name at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
SNMP::Info::_global sysUpTime : DISMAN-EVENT-MIB::sysUpTimeInstance :
.1.3.6.1.2.1.1.3.0
SNMP::Info::_global(sysUpTime) Unknown user name at
/home/netdisco/perl5/lib/perl5/App/Netdisco/Transport/SNMP.pm line 305.
[272719] 2024-12-23 15:57:45 debug ⬅ (defer) discover failed: could not SNMP
connect to 192.168.42.97
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties p100
[272719] 2024-12-23 15:57:45 debug //// MAIN \\\\ phase
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::CanonicalIP p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Entities p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Neighbors p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Neighbors::DOCSIS p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker PythonShim
netdisco.worklet.discover.nexthopneighbors.main.cli.juniper_junos p200
[272719] 2024-12-23 15:57:45 debug ⬅ (info) skip: acls restricted
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::NextHopNeighbors p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::PortPower p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::PortProperties p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties::Tags p0
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Properties::Tags p0
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::VLANs p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Wireless p100
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::WithNodes p0
[272719] 2024-12-23 15:57:45 debug //// STORE \\\\ phase
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::NextHopNeighbors p0
[272719] 2024-12-23 15:57:45 debug //// LATE \\\\ phase
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Hooks p0
[272719] 2024-12-23 15:57:45 debug ⬅ (info) [192.168.42.97] hooks - skipping
due to incomplete job
[272719] 2024-12-23 15:57:45 debug ⮕ worker Discover::Snapshot p0
[272719] 2024-12-23 15:57:45 debug ⬅ (defer) discover failed: could not SNMP
connect to 192.168.42.97
[272719] 2024-12-23 15:57:45 info discover: finished at Mon Dec 23 10:57:45
2024
[272719] 2024-12-23 15:57:45 info discover: status defer: discover failed:
could not SNMP connect to 192.168.42.97
What stands out to me is the " acls restricted" message, but I don't know what
to do when, again, the snmp walk is successful. Also, I can see the firewall in
front of the firewall I'm trying to discover is permitting the traffic.
Is it possible the environment.yml is misconfigured? Below is what I'm using:
device_auth:
- tag: paloalto
network: 192.168.42.97
snmp_version: 2 (I've used 2c here as well but get the same result)
snmp_community: netdisco_comm
Any help with this would be greatly appreciated.
-------
Damian Cleveland
Networking Engineering
Institute For Defense Analyses, Princeton, NJ
Office:609-279-6265
Mobile:609-235-8870
--------
_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--- End Message ---
