Administering your Switches and Fabric

Fabric Administration

Displaying Fabric Statistics

More Information About Undo Commands and Transactions

Configuring Logging

Forwarding Log Files to an External Linux Server

Configuring SNMP

Modifying the SNMP Engine ID

Fabric Administration

Using the Fabric Transaction Commands

You can roll back the fabric to a specific fabric transaction number. If a failure occurs on the fabric, transactions on nodes in the fabric can go out of sync. Once transactions are out of sync, no further transactions can be executed across the scope of local, fabric, or cluster. Unjoining and rejoining the fabric causes the node to lose its configuration.

As part of a single node transaction recovery, you can roll back the transaction number to a previous one. If multiple nodes are out of sync, you must recover each node separately.

You can also roll the fabric transaction ID forward on a node if it is out of sync with the rest of the fabric.

In the previous example, the switch, CBF-Switch2, is out of sync with the rest of the fabric. The fabric transaction ID is 327 and the rest of the nodes have a transaction ID of 328. In this case, you can roll the node, CBF-Switch2, forward to transaction ID 328. Enter the following command on node CBF-Switch2:

CLI network-admin@switch > transaction-rollforward-to scope fabric tid 328

This command produces output when an error occurs during the transaction. If there is no output, the transaction is successful.

To display transaction information for CBF-Switch2,use the transaction-show command:

CLI network-admin@switch > transaction-show format all layout vertical

start-time:   03-19,13:46:42

end-time:     03-19,13:46:43

scope:        fabric

tid:          33

state:        remote-commit

command:      --unrecoverable-- vlan-delete id 22

undo-command: --unrecoverable-- vlan-create id 22 nvid a000030:16 scope fabric name vlan-22 active yes stats vrg 0:0 ports 1-72,128-129,255 untagged-ports none send-ports 31,41,47-48,51,65-66 active-edge-ports none ports-specified false flags

----------------------------------------

start-time:   09:36:09

end-time:     09:36:09

scope:        fabric

tid:          34

state:        remote-commit

command:      vlan-create id 35 scope fabric stats ports-specified true

 

The scope parameter indicates which set of transactions to display as each scope has an independent set of transactions associated with it. The default scope is fabric unless another scope is specified.

You cannot copy and paste commands and undo-commands because they include information that cannot apply to new commands. These fields are informational-only and allow you to see exactly what happens to the configuration when you roll forward or roll back the transaction ID.

Once you decide which node you want to modify and the transaction that you want to roll forward or roll back, you use the transaction-rollforward-to or transaction-rollback-to commands to re-run the command (roll forward) or undo the command (rollback) on the node. This applies only to the local node.

More Information About Undo Commands and Transactions

You may see output similar to this output:

start-time:   21:54:53

end-time:     21:54:53

scope:        local

tid:          3

state:        commit

command:      port-config-modify port 9 enable

undo-command: port-config-modify port 9 enable

 

This output is actually correct. The undo info is taken from the current state on the fabric. So if the port is currently enabled, and you try to enable it again, you see the undo-command in the output, since the previous state is also enabled. If you actually disable the port first, and then enable it, you see the expected undo info in the transaction log.

 

start-time:   10:05:22

end-time:     10:05:22

scope:        local

tid:          20

state:        commit

command:      port-config-modify port 12 disable

undo-command: port-config-modify port 12 enable

----------------------------------------

start-time:   10:05:48

end-time:     10:05:48

scope:        local

tid:          21

state:        commit

command:      port-config-modify port 12 enable

undo-command: port-config-modify port 12 disable

 

So undo is not necessarily the opposite of the current command, but allows you to go back to the state before the command was issued. This may be the exact same state as before.

Displaying Fabric Statistics

To display fabric statistics, use the following command:

CLI network-admin@switch > fabric-stats-show

switch:        pleiades23

id:            0

servers:       0

storage:       0

VM:            0

vlan:         0

vxlan:        0

tcp-syn:       229K

tcp-est:       171

tcp-completed: 7.19K

tcp-bytes:     3.53G

udp-bytes:     0

arp:           0

vlan:          0

vxlan:         0

switch:        pleiades24

id:            0

servers:       0

storage:       0

VM:            0

vlan:          0

vxlan:         0

tcp-syn:       85.6K

tcp-est:       125

tcp-completed: 11.6K

tcp-bytes:     3.95G

udp-bytes:     0

arp:           0

switch:        pleiades25

id:            0

servers:       0

storage:       0

VM:            0

vlan:          0

vxlan:         0

tcp-syn:       179K

tcp-est:       20.9K

tcp-completed: 1.60M

tcp-bytes:     485G

udp-bytes:     0

arp:           0

 

 

Troubleshooting the Fabric

There may be instances when you need to troubleshoot the fabric. The following is a list of helpful port numbers, multicast information, and communication on the fabric.

Multicast IP: 239.4.9.7

UDP Destination Port: 23399

Netvisor sends this packet from the CPU to the internal port to ensure that the CPU path to the switch works and the internal port is up.

UDP Destination Port: 23394

Point to point UDP fabric keepalive

If these messages don't get through, the fabric node may go to offline state.

Multicast IP: 239.4.9.3

UDP destination port: 23399

Each node periodically multicasts a message about the fabric. This enables fabric-show on L2-connected nodes to show available packets and also enables fabric-join name name. It also enables you to join a fabric over Layer 3 connectivity by specify an IP address.

TCP Destination Port: 23397 SSL

Used for Netvisor OS-to-Netvisor OS communication. Used for internal purposes and also to implement commands executed on other switches from a local switch.

TCP Destination Port: 23398 SSL

Port changes and vport changes propagated to other nodes in the fabric.

TCP Destination Port: 23396 SSL

C API clients connect to this port. Can be disabled using admin-service-modify if <mgmt/data> no-net-api command.

TCP Destination Port: 23392 SSL

For ZFS send and ZFS receive messages when replicating file systems across the fabric.

UDP Destination Port: 23389

These are VXLAN-encapsulated packets sent from CPU to CPU between two L2 connected switches.

UDP Destination Port: 23388

These are VXLAN-encapsulated packets sent from CPU to CPU between two L3 connected switches.

Multicast IP: 239.4.9.4

UDP Destination Port: 23390

vPort updates from hypervisors or hosts in the fabric.

UDP Destination Port: 23398

These packets are sent point-to-point for vflow-snoop of a fabric-scoped vFlow.

 

All of these messages must get through in order to keep an Layer 2 fabric healthy. The multicast messages do not propagate through routers so Netvisor does not use them for Layer 3 fabrics.

fabric-node-show displays information about internal data structures for each node in the fabric. If Netvisor does not receive keepalives or other messages from a fabric node for about 20 seconds, Netvisor marks the node as offline.

Anything that prevents keepalive or other kinds of messages from flowing freely between fabric nodes can cause problems for fabric connectivity.

If the fabric transaction IDs become unsynchronized, use the transaction commands to either roll forward or back the transaction IDs. See Fabric Administration on page 196.

Displaying System Statistics on a Switch

You display system statistics on a server-switch using the system-stats-show command:

CLI network-admin@switch > system-stats-show layout vertical

switch:            Leaf-

uptime:            1h22m26s

used-mem:          27%

used-swap:         0%

swap-scan:         0

cpu-user:          0%

cpu-sys:           1%

cpu-idle:          98%

 

The swap-scan output displays the number of scans performed on the swap. A nonzero number indicates that memory is paged from the physical memory (RAM) to virtual memory (disk or swap). A consistently high value indicates that all memory, both physical and virtual, is exhausted and the system may stop responding.

 

Configuring Logging

Netvisor logs all important activities that occur on the switch and fabrics created on them, and enables logging by default, You can view the logs using the CLI. You can also configure system logging to send syslog-formatted messages to other servers configured to receive them as part of centralized logging and monitoring.

Figure 1:  Switch with Syslog Server

Syslog-Server.png

There are three types of activities logged:

Table 1: Log Events

Log Type

Description

Event

Records action observed or performed by switches. Each Event type can be enabled or disabled. Events are collected on a best effort basis. If events occur too rapidly to be recorded, the event log is annotated with the number of events lost. The following are examples of event types:

• Port state changes

• TCP connections

• STP port changes

Audit

When an administrative change to the configuration is made, an audit log is recorded. An audit log consists of the command and parameters along with the success or failure indication. When a command fails, an error message is also recorded.

System

The system log records error conditions and conditions of interest. There are four levels in the system log:

• critical

• error

• warn

• note

Perror

The perror log records messages on standard error output, describing the last error encountered.

Each log message includes the following information:

event_repeats

Last %[msgs]d messages repeated %time[times]d time(s)

20003

Compress repeated message

System

N/A

A log message may include optional parameters, including associated VLAN, VXLAN, or switch port.An audit log message includes additional information:

An event log also includes the event type.

The maximum number of repeated messages detected by Netvisor OS is ten (10). After five seconds, if there are repeated messages, "Last X messages(s) repeated Y time(s)" is printed. If "X" and "Y" are both 1, then the message  is printed rather than "Last 1 message(s) repeated 1 time(s)". The log events are printed after a five (5) second delay.

To view event logs using the CLI, enter the following command:

CLI network-admin@switch > log-event-show

category time                     name    code event-type port message

event    2013-06-04,13:12:18.304740 port_up 62   port       62   up

event    2013-06-04,13:12:18.304740 port_up 62   port       50   up

event    2013-06-04,13:12:18.304740 port_up 62   port       10   up

...

 

To view audit log entries, enter the following command:

CLI network-admin@switch > log-audit-show

category time                       name    code user          message

audit    2013-06-04,13:12:18.304740 command 1101 network-admin Command create  id=b000011:! name=1 scope=fabric vrg=b000011:0 vlans=100 _mgr_id=b00001

audit    2013-06-04,13:12:18.304740 command 1101 network-admin Command create vrouter id=b000011:! name=1 scope=fabric vrg=b000011:0 vlans=100 _mgr_id=b00001

 

To view system log entries, use the following command:

CLI network-admin@switch > log-system-show

time:           2013-09-17, 06:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 11:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 13:28:09.351514-07:00

name:           11006

level:          warn

 

Currently, accessing system log information may require assistance from TAC to retrieve the logs from Netvisor OS. To enable log auditing in Netvisor OS, use the following command

CLI network-admin@switch > log-admin-audit-modify enable|disable

To display auditing status, use the following command:

CLI network-admin@switch > log-admin-audit-show

Modifying and Displaying Log Event Settings

By default, only system and port events are logged. Other logging is possible, and you can add other events using the log-event-settings-modify command. You can modify the way logs events by using the log-event-settings-modify command to remove or add log events. For instance to remove logging of STP events, use the following command:

CLI network-admin@switch > log-event-settings-modify no-stp

To display log event settings information, use the log-event-settings-show command.

Sending Log Messages to Syslog Servers

To configure the switch to send all log messages to a syslog server with an IP address of 172.16.21.67, use the following command:

CLI network-admin@switch > admin-syslog-create name log-all scope fabric host 172.16.21.76

To display the configuration use the admin-syslog-show command:

CLI network-admin@switch > admin-syslog-show

name    scope   host           port   message-format

-----   -----   ------------   ----   ---------------

log-all fabric  172.16.21.67   514    legacy

 

To specify sending the syslog messages in structured format, per RFC5424, add the message-format option to the configuration.

CLI network-admin@switch > admin-syslog-modify name log-all message-format structured

You can also modify the port that the service listens on to another port. More than one syslog listening service can be configured and appropriate syslog messages are sent to each one.

By default, all log messages are forwarded to syslog servers. To filter the log messages, use the msg-level option to specify the severity or other options:

CLI network-admin@switch > admin-syslog-match-add syslog-name log-all name critical-msgs msg-level critical

You can modify syslog matching using the admin-syslog-match-modify command, or remove matching criteria using the admin-syslog-match-remove command.

To display the configuration, use the show command:

CLI network-admin@switch > admin-syslog-match-show

syslog-name       msg-level      name

log-all           critical       critical-msgs

Forwarding Log Files to an External Linux Server

 

Informational Note:

Only one external server is supported by Netvisor ONE.

You can forward log files to an external Linux server and encrypt them using Transport Layer Security (TLS) over Transmission Control Protocol (TCP). The command, admin-syslog-create accepts a new parameter, transport tcp-tls|udp, to add TLS encryption and you can specify a port number for TCP.

CLI network-admin@switch > admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514

 

You can create TLS certificates using the following command:

CLI network-admin@switch > syslog-tls-cert-request-create country US state CA city Palo Alto organization QA organizational-unit engineering common-name pluribusnetworks.com

 

This command creates a Certificate Signing Request (CSR) and places it in the directory /sftp/export used by Netvisor OS. You must copy and the CSR to the CA server and sign it.

To import the signed certificate to Netvisor OS, you must copy the certificate and the ca.pem file to /sftp/import directory in Netvisor OS. Then use the following command to import the files:

CLI network-admin@switch > syslog-tls-cert-import file-ca ca.pem file-cert my-cert.pem

 

To enable TLS-TCP logging export, use the following syntax:

CLI network-admin@switch > admin-syslog-create name audit-logs scope local host 172.16.21.33 transport tcp-tls port 10514

To display the export information, use the admin-syslog-show command:

CLI network-admin@switch > admin-syslog-show

switch     name      scope    host         port     transport      message-format

-------    --------  ------   -----------  -----    ---------      --------------

leaf-pst-1 MYTLS     local    172.21.16.33 10514    tcp-tls        legacy

 

Other new commands

syslog-tls-cert-clear               Clears the certificates

syslog-tls-cert-request-show        Displays the certificate information

syslog-tls-cert-show                Displays syslog TSL import certificate                                     config

 

Saving Diagnostic Files and Exporting to an External Server

1. Use the save-diags export-sftpcommand.

2. The signed *.tar file is saved to /sftp/export directory in Netvisor OS.

3. Enable SFTP on the switch using the admin-sftp-modify enable command.

Copy the file to the external server using SFTP to the Netvisor OS switch.

Using Facility Codes with Log Messages

Log messages are labeled with a facility code indicating the area of the software that generated the log message. Netvisor OS uses the following facility codes by default:

The following severities are used by default:

You can override the default values by configuring matches for each syslog configuration which allows Netvisor OS to translate log messages into fields that the syslog servers understand.

Displaying Log Counters Information

You can display information about the number of events that have occurred on the network by using the log-system-counters-show command:

CLI network-admin@switch > log-system-counters-show layout vertical

switch:       pleiades24

critical:     0

error:        0

warn:         1061

note:         9

 

To reset the log counters, use the log-system-counters-reset command.

Formatting and Filtering of Logging Messages

Netvisor provides many options for filtering and formatting of log messages returned by these commands. Use the <tab> completion method and ? to explore them.

You can also access the log files using SFTP, switch-ip:/sftp//logs and NFS, /net/switch-name//logs if you have enabled the services.

Many systems support a syslog facility for sending or receiving log messages. The infrastructure can send messages to syslog servers using either RFC 5424 (Structure) or RFC 3164 (legacy) formats.

Viewing Log Events

For information about specific log events and their meaning, see the Log Message Reference Guide.

A log message consists of common parameters separated by spaces and a colon (:), and optional parameters such as key and value pairs, another colon, and then the log-specific message.

To view event logs using the CLI, enter the following command:

CLI network-admin@switch > log-event-show

category:      event

time:          2014-07-17,07:37:17.466173-07:00

switch:        pleiades24

program:       nvOSd

pid:           6344

name:          mac_ip_changed

code:          11023

event-type:    port

:          global-default

port:          65

vlan:          200

message:       ip address change: mac=50:33:a5:e0:7f:fd ip=172.16.23.7

category:      event

time:          2014-07-17,07:37:50.109133-07:00

switch:        pleiades24

program:       nvOSd

pid:           6344

name:          mac_ip_changed

code:          11023

event-type:    port

:          vlb-web-svr

port:          65

vlan:          200

message:       ip address change: mac=50:33:a5:e0:7f:fd ip=172.16.23.1

category:      event

time:          2017-05-05,07:42:17.418349-07:00...

 

To view audit log entries, enter the following command:

CLI network-admin@switch > log-audit-show layout vertical

category:      audit

time:          2017-04-01,14:56:40.763626-07:00

name:          user_command

code:          11001

user:          network-admin

message:       Command "vlan-create id 25

category:      audit

time:          2017-04-01,14:56:40.765839-07:00

name:          logout

code:          11100

user:          network-admin

message:       logout

category:      audit

time:          2017-04-01,14:56:40.847912-07:00

name:          login

code:          11099

user:          network-admin

message:       login

category:      audit

time:          2017-04-01,14:56:40.888363-07:00

name:          logout

code:          11100

...

To view system log entries, use the following command:

CLI network-admin@switch > log-system-show

time:           2013-09-17, 06:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 11:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 13:28:09.351514-07:00

name:           11006

level:          warn

 

Displaying Log Counters Information

You can display information about the number of events that have occurred on the network by using the log-system-counters-show command:

CLI network-admin@switch > log-system-counters-show layout vertical

switch:       pleiades24

critical:     0

error:        0

warn:         1061

note:         9

 

To reset the log counters, use the log-system-counters-reset command.

Displaying System Statistics on a Switch

You display system statistics on a server-switch using the system-stats-show command:

CLI network-admin@switch > system-stats-show layout vertical

switch:            Leaf-

uptime:            1h22m26s

used-mem:          27%

used-swap:         0%

swap-scan:         0

cpu-user:          0%

cpu-sys:           1%

cpu-idle:          98%

 

The swap-scan output displays the number of scans performed on the swap. A nonzero number indicates that memory is paged from the physical memory (RAM) to virtual memory (disk or swap). A consistently high value indicates that all memory, both physical and virtual, is exhausted and the system may stop responding.

Displaying System Statistics on a Switch

You display system statistics on a server-switch using the system-stats-show command:

CLI network-admin@switch > system-stats-show layout vertical

switch:            Leaf-

uptime:            1h22m26s

used-mem:          27%

used-swap:         0%

swap-scan:         0

cpu-user:          0%

cpu-sys:           1%

cpu-idle:          98%

 

The swap-scan output displays the number of scans performed on the swap. A nonzero number indicates that memory is paged from the physical memory (RAM) to virtual memory (disk or swap). A consistently high value indicates that all memory, both physical and virtual, is exhausted and the system may stop responding.

Exceptions for Audit Logging

New commands log-audit-exception-create, log-audit-exception-delete, and log-audit-exception-show are used to control which CLI, shell and vtysh commands are subject to auditing. If a command is subject to auditing, the command is logged in the audit log and sent to the TACACS+ server as authorization and accounting messages.

CLI network-admin@Spine1>log-audit-exception-create

 

Create an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.

scope local|fabric

Specify the scope of exceptions.

CLI network-admin@Spine1>log-audit-exception-delete

 

Delete an audit logging exception.

cli|shell|vtysh

Specify the type of audit exception.

pattern pattern-string

Specify a regular expression to match exceptions.

any|read-only|read-write

Specify the access type to match exceptions.

CLI network-admin@Spine1>log-audit-exception-show

 

Display audit logging exceptions.

cli|shell|vtysh

Display the type of audit exception.

pattern pattern-string

Display a regular expression to match exceptions.

any|read-only|read-write

Display the access type to match exceptions.

scope local|fabric

Display the scope of exceptions.

By default, every command is audited except for read-only CLI commands and ^/usr/bin/nvmore which is the pager for the Netvisor CLI:

CLI (network-admin@switch) > log-audit-exception-show

switch type  pattern          access    scope

------ ----- ---------------- --------- -----

switch cli                    read-only local

switch shell ^/usr/bin/nvmore any       local

 

To enable auditing of ALL CLI commands, you can delete the cli/read-only exception:

CLI (network-admin@switch) > log-audit-exception-delete cli read-only

Modifying User Roles to Allow Shell Access

You can add privileges to a user by adding new parameters available for roles. To add shell access to a user’s role, use the following syntax:

name name-string

Specify a name for the user role.

scope local|fabric

Specify a scope for the user role.

One or more of the following options:

access read-only|read-write

Specify the type of access for the user role. The default is read-write.

running-config|no-running-config   

Specify if the user role allows access to the switch running configuration.

shell|no-shell

Specify if the user role allows access to the shell.

sudo|no-sudo

Specify if the user role allows the sudo command.

 

The new parameters are also available for the role-modify command.

 

Configuring SNMP

Simple Network Management Protocol (SNMP) is a widely used protocol for monitoring the health of network equipment such as routers, computer equipment and even devices such as UPS. SNMP v1, v2, and v3 are supported in . The SNMP daemon runs as a service and is launched by using the following command:

CLI network-admin@switch > admin-service-modify if mgmt snmp

This command launches the daemon, sub-agents, and opens the firewall so that remote queries can reach the daemon.

SNMP Communities

Communities are used in SNMPv1 as a method of controlling access to information. You can create a community using the following command:

CLI network-admin@switch > snmp-community-create community-string name-string community-type read-only|read-write

To create a SNMP community string named, snmp-group, with read-only privileges, use the following command:

CLI network-admin@switch > snmp-community-create community-string snmp-group community-type read-only

To modify the SNMP community, snmp-group, to read-write, use the following command:

CLI network-admin@switch > snmp-community-modify community-string snmp-group community-type read-write

 

To display information about the SNMP community, snmp-group, use the following command:

CLI network-admin@switch > snmp-community-show community-string snmp-group

switch           community-string          community-type

------           ----------------          --------------

pleiades24       snmp-group                read-only

 

To delete the SNMP community, snmp-group, use the following command:

CLI network-admin@switch > snmp-community-delete community-string snmp-group

Users and SNMPv3

SNMPv3 creates users as access control mechanisms, and creating users is secure and flexible. You can also require that users must authenticate and use encryption.

 

Informational Note:

Prior to Version 2.6, Netvisor used MD5 as the default authentication protocol. With Version 2.6, Netvisor OS supports SHA1 as the default authentication protocol. You must specify MD5 if you require MD5 authentication.

Use the following command to create a user:

CLI network-admin@switch > snmp-user-create user-name name-string auth-password [auth|no-auth] priv-password [priv|no-priv]

To create the user, snmp-admin, with authentication, password m0nk3ys, use the following command:

CLI network-admin@switch > snmp-user-create user-name snmp-admin auth-password auth

auth password: ********

confirm password: ********

To modify the SNMP user and add  the password, b33h!v3, use the following command:

CLI network-admin@switch > snmp-user-modify user-name snmp-admin auth-password auth priv-password priv

priv-password priv

auth password: ********

confirm password: ********

priv password: ******

confirm password: ******

 

To display information about the SNMP user, use the following command:

CLI network-admin@switch > snmp-user-show user-name snmp-user

switch      user-name auth priv

--------    --------- ---- ----

pleiades24  snmp-user yes  yes

 

To delete the SNMP user, use the snmp-user-delete command.

After you create the user, you must grant permission, using View Access Control Model (VACM) to view SNMP objects:

CLI network-admin@switch > snmp-vacm-create user-name name-string user-type [rouser|rwuser] oid-restrict string [auth|no-auth] [priv|no-priv]

The parameter, oid-restrict, is an optional argument that specifies a MIB sub-tree that the view is restricted. In other words, if you specify an OID, only that OID and the descendants in the tree are visible in this view.

To continue with the previous example, snmp-user is a read-only user restricted only to sysContact OID:

CLI network-admin@switch > snmp-vacm-create user-name snmp-user user-type rouser oid-restrict sysContact no-auth no-priv

To modify the VACM configuration and change no authentication to authentication, use the following command:

CLI network-admin@switch > snmp-vacm-modify user-name snmp-user user-type rouser auth

To display information about the VACM configuration, use the snmp-vacm-show command:

switch     user-type user-name oid-restrict view auth priv

------     --------- --------- ------------ ---- ---- ----

pleiades24 rouser    snmp-user sysContact        no   no

 

To delete the VACM user from the SNMP configuration, use the snmp-vacm-delete command:

CLI network-admin@switch > snmp-vacm-delete user-name snmp-user

 

 

 

 

 

Modifying the SNMP Engine ID

Netvisor OS allows you to modify the SNMP Engine ID and retrieve previous SNMP agent information for a switch no longer in use. If you have to remove a switch from the network, you can modify the SNMP Engine ID to use the old SNMP Engine ID so Netvisor can query and maintain the same history records for the new switch.

snmp-engineid-modify

engineid string

Specify the 28 character unique ID for the SNMP engine.

snmp-engineid-modify engineid 0x80001f8880077f7820da49395a00000000

Warning: All SNMP users will be erased.

 

Please confirm y/n (Default: n):y

Modified snmp engineID, Deleted all SNMP users.Please re-create SNMP users.

 

Supported MIBs

customized MIBs:

IfTable

IfXTable

EntPhySensorTable

Additional commands that support SNMPv1, SNMPv2, and SNMPv3:

snmp-engineid-show — The SNMP engine ID is a unique string of 24 characters that identifies the device for administrative purposes. This command displays the identification of the local SNMP engine and all remove engines configured on the switch. 

snmp-trap-enable-modify — Used to enable notifications about link conditions and common system errors. This is used with the snmp-monitor commands. 

snmp-trap-enable-show — Display enabled SNMP traps.

snmp-trap-sink-create — Used to specify a SNMPv1 trap receiver.

snmp-trap-sink-delete — Delete SNMP trap sinks.

snmp-trap-sink-modify — Modify SNMP trap sinks.

snmp-trap-sink-show — Display SNMP trap sinks.

snmp-v3-trap-sink-create - Used to specify a SNMPv3 trap receiver. 

snmp-v3-trap-sink-delete — Used to delete a SNMPv3 trap receiver.

snmp-v3-trap-sink-modify — Used to modify a SNMPv3 trap receiver.

snmp-v3-trap-sink-show — Used to display a SNMPv3 trap receiver.

SNMP Traps (MIBs) for Link Congestion

SNMP MIBs send traps when a link is congested and when a node state in the fabric changes are now supported by Netvisor OS.

Link congestion can be detected when NEtvisor drops ingress or egress packets due to link congestion. Netvisor logs this information into the system logs and you can enable Netvisor  to send “Link Congestion detected” SNMP traps.

When Netvisor detects a fabric node as dead or keepalives, Netvisor checks the previous state of the node and determines if the previous state as online or offline. SNMP sends traps as “Node status changed.”

To enable the traps, use the snmp-trap-enable-modify command:

CLI (network-admin@Spine1)snmp-trap-enable-modify

   one or more of the following options:

link-up-down|no-link-up-down

Specify if you want to enable a link up|down trap.

default-monitors|no-default-monitors

Specify if you want to enable a default monitoring trap.

physical-sensors|no-physical-sensors

Specify if you want to enable a physical sensor trap.

low-disk-space|no-low-disk-space
low-disk-space-threshold-string

Specify if you want to enable a low disk space trap.

system-usage|no-system-usage

Specify if you want to enable a system usage trap.

high-system-usage-threshold high-system-usage-threshold-string

Specify if you want to enable a low disk space trap.

login-failure|no-login-failure

Specify if you want to enable login failure trap.

lacp-status|no-lacp-status

Specify if you want to enable a LACP trap.

vport-modified|no-vport-modified 

Specify if you want a enable a trap when a vPort is modified.

mirror-to-cpu|no-mirror-to-cpu

Specify if you want a mirror to CPU trap.

stp-port-state-failed|
no-stp-port-state-failed

Specify if you want to enable a trap when the STP port state is failed.

link-congestion-detected|
no-link-congestion-detected

Specify if you want to enable a trap when a link congestion state is detected.

fabric-node-state-changed|no-fabric-node-state-changed

Specify if you want a trap send when a fabric node state changes.

   

Topic Feedback

Was this topic useful to you? Please provide feedback to improve the content.