< Home

The SNMP Host Cannot Connect to the NMS

Fault Description

An SNMP device cannot connect to the NMS.

Procedure

Run the display logbuffer command in any view to check whether the log indicating SNMP user login failures is recorded on the device.

Table 1 Logs and suggestions

Log

Description

Suggestion

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the version was incorrect, VPN= )

The SNMP versions on the device and NMS are inconsistent.

Run the display snmp-agent sys-info version command in any view to check the SNMP version on the device. If the NMS and device use different SNMP versions, run the snmp-agent sys-info version command in the system view to set the SNMP version on the device to be the same as that on the NMS.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the packet was too large, VPN= )

The size of an SNMP packet sent by the NMS exceeds the threshold set on the device.

By default, the device can receive and send SNMP packets no larger than 12000 bytes. If the NMS sends oversized SNMP packets, the device cannot connect to the NMS. You can run the snmp-agent packet max-size command in the system view to increase the size of SNMP packets that can be sent and received by the device according to the size of SNMP packets sent by the NMS.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the messages was failed to be added to the message list, VPN= )

The rate of SNMP request packets sent by the NMS exceeds the processing capability of the device.

Lower the frequency at which the NMS sends SNMP request packets.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the community was incorrect, VPN= )

The community names on the NMS and device are different.

Run the display snmp-agent community command in any view to check the community name on the device. If the community name used by the NMS is different from that configured on the device, run the snmp-agent community { read | write } community-name command in the system view to modify the read/write community name on the device.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=decoded PDU error, VPN= )
Decoding error. The possible causes are:
  • The SNMPv3 user names configured on the device and NMS are different.
  • The SNMP engine IDs configured on the device and NMS are different.
  • The authentication or encryption password of the SNMPv3 user on the NMS is incorrect.

  • Run the display snmp-agent usm-user command in any view to check the SNMPv3 user information on the device. Check whether the user name on the NMS is the same as the SNMPv3 user name configured on the device. If not, change the user names to be the same. If the user names are the same, run the display current-configuration | include snmp command in any view to check whether a user group is specified for the SNMPv3 user. If not, run the snmp-agent usm-user v3 user-name group group-name command in the system view to specify a user group for the SNMPv3 user.

    NOTE:

    The user group attributes are as follows (listed from most to least secure): Level 1: privacy (authentication and encryption), Level 2: authentication (only authentication), and Level 3: none (no authentication and no encryption).

    The user security level cannot be lower than the user group level; otherwise, the SNMP device cannot connect to the NMS.

  • Run the display current-configuration | include snmp command in any view to check the SNMP engine ID on the device. Check whether the SNMP engine IDs configured on the NMS and device are the same. If not, run the snmp-agent local-engineid engineid command in the system view to modify the SNMP engine ID on the device. Alternatively, you can modify the SNMP engine ID on the NMS. Ensure that the NMS and device have the same SNMP engine IDs configured.

    NOTE:

    If you modify the SNMP engine ID on the device, the SNMPv3 user matching the original engine ID is deleted. Therefore, you need to reconfigure the SNMPv3 user.

  • Configure the correct authentication or encryption password of the SNMPv3 user. If you forget the authentication or encryption password of the SNMPv3 user, run the snmp-agent usm-user v3 user-name authentication-mode { md5 | sha | sha2-256 } [ cipher password ] command in the system view to configure the authentication password for the SNMPv3 user. Run the snmp-agent usm-user v3 user-name privacy-mode { des56 | aes128 | aes192 | aes256 | 3des } [ cipher password ] command in the system view to configure the encryption password for the SNMPv3 user.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the ACL filter function, VPN= )

The IP address used by the NMS to send SNMP request packets is denied by an ACL.

Run the display acl { acl-number | name acl-name | all } command in any view to check ACL configuration. If the IP address is denied by an ACL, run the rule [ rule-id ] permit source { source-ip-address source-wildcard | any } command in the basic ACL view to allow this IP address to access the device.

Failed to login through SNMP. (Ip=10.1.1.1, Times=2, Reason=the contextname was incorrect, VPN= )

The ContextName on the NMS is incorrect.

Change the ContextName on the NMS to a space or a hyphen.
Parent Topic: Troubleshooting SNMP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >