SNMP with integrated configuration

[guidov22]

Hello,
agentx is not working.

FRR version is:
FRRouting 7.1 (frr-test-a).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--enable-systemd' '--enable-sharpd' '--enable-snmp' '--enable-multipath=8' '--enable-config-rollbacks' '--enable-exampledir=/usr/share/doc/frr/examples/' '--localstatedir=/var/opt/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--enable-fpm' '--with-moduledir=/usr/lib/frr/modules'

We are using integrated configuration.

The command is suggested by configuration:
frr-test-a(config)# a?
access-list Add an access list entry
agentx SNMP AgentX protocol settings
allow-external-route-update Allow FRR routes to be overwritten by external processes

but not recognised by zebra:

frr-test-a# conf t
frr-test-a(config)# agentx
% [ZEBRA] Unknown command: agentx
frr-test-a(config)#

Thanks and regards

[donaldsharp]

can you show us the contents of our /etc/frr/daemons file?

[guidov22]

here the contents: zebra=yes bgpd=yes ospfd=yes ospf6d=yes ripd=yes ripngd=yes isisd=yes pimd=yes ldpd=yes nhrpd=yes eigrpd=yes babeld=yes sharpd=yes staticd=yes pbrd=yes bfdd=yes fabricd=yes # # If this option is set the /etc/init.d/frr script automatically loads # the config via "vtysh -b" when the servers are started. # Check /etc/pam.d/frr if you intend to use "vtysh"! # vtysh_enable=yes zebra_options=" -s 90000000 --daemon -A 127.0.0.1" bgpd_options=" --daemon -A 127.0.0.1" ospfd_options=" --daemon -A 127.0.0.1" ospf6d_options=" --daemon -A ::1" ripd_options=" --daemon -A 127.0.0.1" ripngd_options=" --daemon -A ::1" isisd_options=" --daemon -A 127.0.0.1" pimd_options=" --daemon -A 127.0.0.1" ldpd_options=" --daemon -A 127.0.0.1" nhrpd_options=" --daemon -A 127.0.0.1" eigrpd_options=" --daemon -A 127.0.0.1" babeld_options=" --daemon -A 127.0.0.1" sharpd_options=" --daemon -A 127.0.0.1" staticd_options=" --daemon -A 127.0.0.1" pbrd_options=" --daemon -A 127.0.0.1" bfdd_options=" --daemon -A 127.0.0.1" fabricd_options=" --daemon -A 127.0.0.1" MAX_FDS=1024 # The list of daemons to watch is automatically generated by the init script. #watchfrr_options="" # for debugging purposes, you can specify a "wrap" command to start instead # of starting the daemon directly, e.g. to use valgrind on ospfd: # ospfd_wrap="/usr/bin/valgrind" # or you can use "all_wrap" for all daemons, e.g. to use perf record: # all_wrap="/usr/bin/perf record --call-graph -" # the normal daemon command is added to this at the end.

…

Il giorno 17 set 2019, alle ore 14:39, Donald Sharp ***@***.***> ha scritto: can you show us the contents of our /etc/frr/daemons file? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4994?email_source=notifications&email_token=AC42QGCMC7OM2TUQQ5SEMYDQKDFYVA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64MF2Q#issuecomment-532202218>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AC42QGAZRJVJSOAI3PVUMW3QKDFYVANCNFSM4IXPLWSQ>.

[donaldsharp]

Add -M snmp to your daemon_options line for the daemons you want snmp working on.

[guidov22]

Can all the daemons be snmp enabled or only zebra, bgp ospf and rip ? Thanks and regards

…

Il giorno 17 set 2019, alle ore 14:59, Donald Sharp ***@***.***> ha scritto: Add -M snmp to your daemon_options line for the daemons you want snmp working on. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ>.

[guidov22]

Hello, done … it seems to work now … but doing r00t@frr-test-a:~$ snmpwalk -c %nast1a%0 -v2c localhost .1.3.6.1.2.1.14.1.1 iso.3.6.1.2.1.14.1.1 = No Such Object available on this agent at this OID r00t@frr-test-a:~$ is there a mib tree ? I cannot find it … I only find ospf tree on example to enable snmp thanks and regards

…

Il giorno 17 set 2019, alle ore 14:59, Donald Sharp ***@***.***> ha scritto: Add -M snmp to your daemon_options line for the daemons you want snmp working on. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ>.

[yswery-reconz]

I am having the same issue where I can find this returning at all via SNMP. I have FRR with snmp support installed (Pfsesne 2.5)

[2.5.0-RELEASE][[email protected]]/root: ps aux | grep frr
frr     17902   0.0  0.6  72184 25492  -  Ss   11:55     0:00.03 /usr/local/sbin/zebra -M snmp -d
frr     38591   0.0  0.2  20348  7256  -  Ss   11:46     0:00.06 /usr/local/sbin/staticd -d
frr     39927   0.0  0.6  53560 26736  -  Ss   11:46     0:00.11 /usr/local/sbin/bgpd -M snmp -d

Module information for bgpd:
Module Name  Version                   Description

libfrr       7.5                       libfrr core module
bgpd         7.5                       bgpd daemon
bgpd_snmp    7.5                       bgpd AgentX SNMP module
	from: /usr/local/lib/frr/modules/bgpd_snmp.so
pid: 19886

On the snmpd i also have agentx of course, but snmp walk doesnt show anything BGP related.

Does anyone know what I could try to do?

[sabik]

Per https://redmine.pfsense.org/issues/11610 it looks like the "Unknown command: agentx" error occurs when agentxperms in the SNMP config are too restrictive; if that's the case, it looks like a misleading error message - it should give some variant of "permission denied" or "could not contact AgentX", not "unknown command".

(It would also mean that SNMP must be configured before FRR, which is an odd requirement; it should probably be either relaxed or at least documented.)

[manomugdha]

Hello, done … it seems to work now … but doing r00t@frr-test-a:$ snmpwalk -c %nast1a%0 -v2c localhost .1.3.6.1.2.1.14.1.1 iso.3.6.1.2.1.14.1.1 = No Such Object available on this agent at this OID r00t@frr-test-a:$ is there a mib tree ? I cannot find it … I only find ospf tree on example to enable snmp thanks and regards
…
Il giorno 17 set 2019, alle ore 14:59, Donald Sharp @.***> ha scritto: Add -M snmp to your daemon_options line for the daemons you want snmp working on. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482>, or mute the thread https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ.

Hi @guidov22 ,
I am facing issue to connect to snmpd from frr-snmp-agent. frr can recognize agentx but it can not connecto snmpd. it throws following warning:

2024/01/02 13:34:29 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:34:44 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:34:59 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:14 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:29 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:44 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:59 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:36:14 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):

I ran snmpd in foreground and following is the output:

frr@frr_1:/$ sudo /usr/sbin/snmpd -f -L -Dagentx
registered debug token agentx, 1
agentx_register_app_config_handler: registering .conf token for "agentxsocket"
agentx_register_app_config_handler: registering .conf token for "agentxperms"
agentx_register_app_config_handler: registering .conf token for "agentxRetries"
agentx_register_app_config_handler: registering .conf token for "agentxTimeout"
Turning on AgentX master support.
agentx/master: initializing...
agentx/master: initializing...   DONE
NET-SNMP version 5.8

I have doubt about the /etc/snmp/snmpd.conf file. following is my snmpd.conf file.

sysLocation    Sitting on the Dock of the Bay
sysContact     Me <[email protected]>
sysServices    72

master  agentx
agentaddress  127.0.0.1,[::1]

view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

rocommunity  public default -V systemonly
rocommunity6 public default -V systemonly
rouser authPrivUser authpriv -V systemonly

i see udp is listening on the correct port:

frr@frr_1:/$ netstat -anu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 127.0.0.1:161           0.0.0.0:*
udp        0      0 127.0.0.11:38421        0.0.0.0:*
udp6       0      0 ::1:161                 :::*
frr@frr_1:/$

can you please share the content of your working snmpd.conf file?

[zappiehost]

@manomugdha this is what we added for the correct agentx permissions a few years back and left it as is since:

master agentx
agentxperms 777 777

That being said though, right now it seems that FRR is broken on FreeBSD with the way SNMP is implemented, see some of the latest tickets about this here:

#14875

It might be your issue isnt an agentx thing but more of a general FRR + snmp thing. To test this easiest way I can see will be to try to run run frr with -M snmp like so: $ bgpd -M snmp

If you find anything useful or a nice solution for the above do post your findings here or in the other linked ticket

[manomugdha]

I updated snmpd.conf to the following and everything is working for me till now. I can trigger snmpwalk from different host as well.

frr@frr_1:/$ sudo cat /etc/snmp/snmpd.conf
sysServices    72
master  agentx
agentaddress  0.0.0.0,[::1]
agentxperms 777 777

rocommunity  public default
frr@frr_1:/$

e.g.
root@host_1:/# snmpwalk -c public -v2c -On -Ln 1.1.1.2 1.3.6.1.2.1.31.1.1.1.1.1
.1.3.6.1.2.1.31.1.1.1.1.1 = STRING: "lo"
root@host_1:/#