某局点 S12504G-AF 7624P12版本 第三方网管平台snmp无法读取设备信息

型号：S12504G-AF

版本：7624P12

组网：不涉及

问题描述：现场方案组网，控制器能正常使用SNMP读取到信息，第三方的网管平台无法读取到信息

问题分析：

开启debug发现有如下报错

*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/PACKET_SRC: -MDC=1;

   Packet received from 182.251.50.14 via UDP

*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/PACKET: -MDC=1;

   Get request

   Request ID: 520690368

   Error status: 0

   Error index: 0

*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/VBLIST: -MDC=1;

   sysUpTime.0:

*May 24 16:41:29:786 2022 HFUAT12504-KF1-BL1 SNMP/7/STACK_ERROR: -MDC=1;

   Failed to check community bocom2000's acl 2050

该报错为设备检查团体名时失败。

查看配置发现，第三方网管平台是通过设备的管理口接入，接口下绑定的VPN，而ACL中未绑定VPN

interface M-GigabitEthernet0/0/0

ip binding vpn-instance mgmt

ip address 182.214.230.11 255.255.255.0

undo lldp enable

dhcp client identifier hex 02a069d9421800

snmp-agent

snmp-agent local-engineid 800063A280A069D942180100000001

snmp-agent community read bocom2000 acl 2050

acl number 2050

rule 0 permit source 182.227.18.0 0.0.0.255

rule 5 permit source 182.251.50.0 0.0.0.255      

rule 10000 deny

解决方法：

ACL中添加对应的VPN即可

acl number 2050

rule 0 permit source 182.227.18.0 0.0.0.255    ===》修改为rule 0 permit vpn-instance mgmt source 182.227.18.0 0.0.0.255

rule 5 permit source 182.251.50.0 0.0.0.255    ===》修改为rule 0 permit vpn-instance mgmt source 182.251.50.0 0.0.0.255

rule 10000 deny