Brocade VDX SNMP Changes

Brocade tightened up some SNMP settings with NOS 6.0.x. This improves security, but it also means that you will need to modify your configuration if you upgrade. If you don’t, SNMP won’t work, and you’ll get errors with BNA/Nagios/Cacti/etc. Here’s the changes, and how to get SNMP working with NOS 6.0.x. NB This applies to VDX Data Centre switches. Other product lines have different configuration.

Usual disclaimers apply: Yes, I work for Brocade. Doesn’t mean that I’m an official spokesperson, or a replacement for TAC. I’m just putting this info out there to help others who get bitten by this.

5.x and earlier defaults

NOS 5.x and earlier had default SNMP settings that looked like this:

Yeah. Pretty open. So if you’re lazy, and your NMS tried a default discovery string of ‘public’, you could get SNMP working without touching the config. Naughty.

6.x: Sensible defaults

NOS 6.0.x changes the defaults to this:

Much better – no more default strings in use.

What about upgraded systems?

So what happens if you upgrade? According to the documentation:

After an upgrade to Network OS6.0.0, the default SNMP configuration from previous releases is removed only if the copy default-config startup-config command is issued before the upgrade. Otherwise, the running configuration is not changed. (emphasis added)

However, there is a catch: SNMP views are now required. If you don’t configure an SNMP view, SNMP won’t work, even with your previous settings.

Add this config snippet to get basic SNMPv2 working with community string ‘public’:

That creates a new SNMP view that contains the entire tree, from 1 downwards. The configuration maps the community string to the group, which is then mapped to the view. Adding that will get read-only SNMP working the way it did previously. If you need more complex views, you probably already configured them, and weren’t affected by this change.

Obviously I don’t recommend the use of ‘public’ nor do I recommend v2 in general. But hey, that’s what most people use. You can see what you need to change for your own community string. It will also need further changes for SNMP read-write, and for v3.

,

7 Responses to Brocade VDX SNMP Changes

  1. Benjamin June 22, 2016 at 8:42 pm #

    Hey,

    I have to implement SNMP on a VDX2746, but in this equipment you can’t create a “view”. Do you have an idea to manage it ?

    Thanks.

    • Lindsay Hill June 22, 2016 at 8:53 pm #

      I don’t have access to one of those to test, but my guess is that you should just be able to use the default group names admin and user.
      I _think_ if you do “snmp-server community public groupname user”, it might work.

  2. Benjamin June 22, 2016 at 9:20 pm #

    Thanks for the reply.
    I actually use the default groupnames (I can’t create new ones) but I still can’t access in SNMP to the equipment..

    • Lindsay Hill June 22, 2016 at 9:52 pm #

      I’ll ask around, see if someone here knows. What NOS version are you running?

  3. Benjamin June 23, 2016 at 12:35 am #

    Thanks ! They are running NOS 6.0.1a.

    • shajakhan September 20, 2016 at 1:11 am #

      Make sure that you have reachability from monitoring system to brocade device on management VRF as SNMP works only on mgmt-vrf. Hope this help you.

      • Lindsay Hill September 20, 2016 at 1:13 am #

        There’s been a few changes to inband support with recent NOS versions. I think that no longer applies with NOS 7.x

Leave a Reply