Infrastructure Monitoring : XorMon NG Installation

SAN monitoring: troubleshooting

Make sure that is open port 161 UDP to the switch from XorMon NG host.
Make sure with the security department that communication is not blocked, this fixes majority of problems.

Brocade

Brocade note: SNMPv2 is not supported in FOS v9.0.1a but is not blocked. SNMPv2 will be blocked beginning with FOS v9.1.0.
make sure that XorMon NG host/IP is on the switch access list
```
SAN1:admin> snmpconfig --show accessControl
```

make sure that there are allowed these mibs at least on the switch

SAN1:admin> snmpconfig --show mibCapability
  FE-MIB: YES
  SW-MIB: YES
  FA-MIB: YES
  FICON-MIB: YES
  HA-MIB: YES
  FCIP-MIB: YES
  ISCSI-MIB: YES
  IF-MIB: YES
  BD-MIB: YES
  BROCADE-MAPS-MIB: YES
  ...

Activate missing MIBs like below:

SAN1:admin> snmpconfig --enable mibCapability -mib_name FICON-MIB
SAN1:admin> snmpconfig --enable mibCapability -mib_name HA-MIB
SAN1:admin> snmpconfig --enable mibCapability -mib_name FCIP-MIB
SAN1:admin> snmpconfig --enable mibCapability -mib_name ISCSI-MIB
SAN1:admin> snmpconfig --enable mibCapability -mib_name BD-MIB
...

make sure it works from XorMon NG server:

$ /opt/freeware/bin/snmpwalk -v 1 -c <your community string> <Switch IP/hostname> 1.3.6.1.2.1.75.1.1.1
  SNMPv2-SMI::mib-2.75.1.1.1.0 = Hex-STRING: 10 00 00 27 F8 6E 88 CD

make sure community string is proper for v1 and v2c
```
SAN1:admin> snmpconfig --show snmpv1
```

set SNMP GET security level to 0

SAN1:admin> snmpconfig --show seclevel

SAN1:admin> snmpconfig --set seclevel
  Select SNMP GET Security Level
  (0 = No security, 1 = Authentication only, 2 = Authentication and Privacy, 3 = No Access): (0..3) [3] 0

SNMP mibCapability is turned off during some FOS upgrade. Most specially FCIP-MIB, enable it after the upgrade:
```
SAN1:admin> snmpconfig --enable mibCapability -mib_name FCIP-MIB
```

Cisco

there should not be anything special, we do not register any issues in SNMP configuration on Cisco switches. Just follow up our docu.
Definitely ask the security department if there is not any firewall blocking the traffic.

This must go through (change the IP and community string):
```
snmpwalk -v 2c -c <your community string> <Switch IP/hostname> 1.3.6.1.2.1.1.5
```
If you go nowhere, contact the switch vendor support

Debug data - Brocade

To be able to debug SAN switch connectivity we would need this data:

from the switch:

SAN1:admin> snmpconfig --show seclevel
SAN1:admin> snmpconfig --show mibCapability
SAN1:admin> snmpconfig --show accessControl

IP address of XorMon NG server
```
ifconfig -a
```

this output:

snmpwalk -v 2c -c <your community string> <Switch IP/hostname> 1.3.6.1.3.94.1.6.1.6