型号:S12504G-AF
版本:7624P12
组网:不涉及
问题描述:现场方案组网,控制器能正常使用SNMP读取到信息,第三方的网管平台无法读取到信息
问题分析:
开启debug发现有如下报错
*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/PACKET_SRC: -MDC=1;
Packet received from 182.251.50.14 via UDP
*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/PACKET: -MDC=1;
Get request
Request ID: 520690368
Error status: 0
Error index: 0
*May 24 16:41:29:785 2022 HFUAT12504-KF1-BL1 SNMP/7/VBLIST: -MDC=1;
sysUpTime.0:
*May 24 16:41:29:786 2022 HFUAT12504-KF1-BL1 SNMP/7/STACK_ERROR: -MDC=1;
Failed to check community bocom2000's acl 2050
该报错为设备检查团体名时失败。
查看配置发现,第三方网管平台是通过设备的管理口接入,接口下绑定的VPN,而ACL中未绑定VPN
interface M-GigabitEthernet0/0/0
ip binding vpn-instance mgmt
ip address 182.214.230.11 255.255.255.0
undo lldp enable
dhcp client identifier hex 02a069d9421800
snmp-agent
snmp-agent local-engineid 800063A280A069D942180100000001
snmp-agent community read bocom2000 acl 2050
acl number 2050
rule 0 permit source 182.227.18.0 0.0.0.255
rule 5 permit source 182.251.50.0 0.0.0.255
rule 10000 deny
解决方法:
ACL中添加对应的VPN即可
acl number 2050
rule 0 permit source 182.227.18.0 0.0.0.255 ===》修改为rule 0 permit vpn-instance mgmt source 182.227.18.0 0.0.0.255
rule 5 permit source 182.251.50.0 0.0.0.255 ===》修改为rule 0 permit vpn-instance mgmt source 182.251.50.0 0.0.0.255
rule 10000 deny
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作