Enable SNMP on Brocade SAN Switch (SNMPv1)

Brocade (SAN)
Tristan SelfLeave a Comment on Enable SNMP on Brocade SAN Switch (SNMPv1)

The Brocade SAN Switches have SNMP capability which can be used for configuration and monitoring. These instructions detail how to configure SNMP on the SAN switches to allow them to have their state be monitored via SNMP from a suitable monitoring platform (e.g. NagiosXI or Opsview etc.).

We are not configuring SNMP Traps, this is purely a SNMP Poll configuration.

Configure SNMPv1 for Polling

The following configures the SAN switch for SNMPv1 Polling to query for information from the switch’s SNMP OIDs. 

SNMPv1 is not secure, however to minimise risk, it is configured only for Read-Only (RO) i.e. get/polling and not set (i.e. changes). Additionally we are specifying an ACL (accessControl) to limit access to just the monitoring platform IP addresses.

Enable SNMPv1

Configure SNMPv1 with a simple and Read-Only (ro) configuration.

fc_switch_grn:FID128:admin> snmpConfig --add snmpv1 -index 1 -community <communitystring> -groupname ro
Committing configuration.....done.

Adding ACL or IPFilter

Depending on the OS version of the switch you may need to use ACL or IPFilter, see the details below to restrict the connections from only the monitoring devices. Later versions require instead of the ACL an IPFilter Policy: https://techdocs.broadcom.com/us/en/fibre-channel-networking/fabric-os/fabric-os-administration/9-2-x/v26758161/v26759131.html

ACL Approach (Earlier OS Versions)

fc_bc05a_red:FID128:admin> snmpconfig --set accessControl -index 1 -host 10.0.0.10 -access ro
Committing configuration.....done.

IPFilter Policy (Later OS Versions)

You can’t edit the default policy, you need to clone/create a new one, then activate that, only one policy can be used at a time, so when you activate your custom one, the default one is disabled (along with any rules it provides).

In this example the monitoring host is on 10.0.0.10, so we need to allow that with an SNMP rule.

ipfilter --create mypolicy_ipv4 -type ipv4
 
ipfilter --addrule mypolicy_ipv4-rule 1 -sip any -dp 22 -proto tcp -act permit
ipfilter --addrule mypolicy_ipv4-rule 2 -sip any -dp 23 -proto tcp -act permit
ipfilter --addrule mypolicy_ipv4-rule 3 -sip any -dp 80 -proto tcp -act permit
ipfilter --addrule mypolicy_ipv4 -rule 4 -sip any -dp 443 -proto tcp -act permit
ipfilter --addrule mypolicy_ipv4-rule 5 -sip 10.0.0.10 -dp 161 -proto udp -act permit
ipfilter --addrule mypolicy_ipv4-rule 8 -sip any -dp 123 -proto udp -act permit
ipfilter --addrule mypolicy_ipv4-rule 9 -sip any -dp 600-1023 -proto tcp -act permit
ipfilter --addrule mypolicy_ipv4-rule 10 -sip any -dp 600-1023 -proto udp -act permit
ipfilter --save mypolicy_ipv4
 
ipfilter --activate mypolicy_ipv4

Verify the configuration is successful with:

snmpconfig --show snmpv1

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *