Skip to main content
Version: 2.10.2

Troubleshooting SNMP Polling

Please refer to SNMP Polling and Traps section of NFO Administration Guide for details on configuring SNMP polling.

Please check whether you can see syslogs with nfc_id=20003 in the system that receives NFO output. If you do not see these records, please ensure that there is no firewall between NFO and your network devices that could potentially block SNMP traffic.

Using snmpwalk

You can use snmpwalk from the NFO machine to test connectivity and confirm that your network devices respond to SNMP polling.

If you don’t have net-snmp on NFO machine, please perform the following:

Install net-snmp

yum -y install net-snmp net-snmp-utils

Run snmpwalk to test

Example for SNMP v2c:

snmpwalk -v 2c -c public 10.0.0.1

Where public is a community string and 10.0.0.1 is your network device management IP.

This command will perform SNMP polling of all OIDs available at device 10.0.0.1

Example for SNMP v2c polling starting with a specific branch of SNMP tree:

snmpwalk -v 2c -c public 10.0.0.1 1.3.6.1.2.1.25.3.3.1

Where 1.3.6.1.2.1.25.3.3.1 is the OID you specify to return all results in the MIB subtree rooted at that OID.

Example for SNMP v3:

snmpwalk -v3 -l authPriv -u snmp-poller -a SHA -A "PASSWORD1" -x AES -X "PASSWORD1" 10.10.60.50
note

For more information on snmpwalk command parameters, visit: https://linux.die.net/man/1/snmpwalk

Capturing Packets (PCAP)

To analyze SNMP polling requests and replies, you might need to capture traffic packets using the tcpdump command.

If you need to send a PCAP file to NetFlow Logic Support for analysis, please follow these steps:

  1. Set the v3 password on the device to '12345678' before capturing SNMP polling.
  2. Create new Credentials in NFO with the password set to '12345678' for the device you intend to capture traffic from.
  3. Run the following command on the NFO machine (replace x.x.x.x with the device's IP address):
sudo tcpdump -i any host x.x.x.x and port 161 -s 0 -w nfo_snmp_traffic.pcap
  1. Allow the packet capture to run for at least 5 minutes before stopping it.
  2. After capturing, remember to change the v3 password back to the original password on both the device and in the NFO SNMP polling configuration.