Brocade Fibre Channel Networking Community

Expand all | Collapse all

snmp v3 username and password character limit

Jump to Best Answer
  • 1.  snmp v3 username and password character limit

    Posted 10-15-2014 12:38 PM

    Greetings all,

     

    My company is presently supporing the US Navy with its new computer systems roll out, and part of that is the use of IBM blade centers with the 8GB SAN Fibrechannel Switches from Brocade.

     

    Currently we're running firmware version 6.4.2b4 on them.

     

    Our current problem is this:

     

    On most switches they take the Navy specified snmpv3 username and password, which is a mix of numbers, letters, and special characters with no problems; both are over 15 characters.  However, we have one switch that will not take this username and password no matter what we try (reinstalling the FabricOS, snmpconfig --default snmpv3); it simply fails to configure the snmpv3 information.  However, when we knock the character amount back a bit (less than 14 characters), it takes it just fine.  No, under no circumstances can we deviate the Navy's CM on a single switch, and it still doesn't explain why this one switch will not take the information and every other switch will.

     

    Any ideas?


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: snmp v3 username and password character limit

    Posted 10-15-2014 10:59 PM

    hi,

     

    If some other switch running the same, snmp confing, fos release and being the same model work, you should be able to do it on that one as well. You could try to disable/enable snmv3 

     

    snmpconfig --disable snmv3

    snmpconfig --enable snmv3

     

    or reboot the switch. 

    What error do you get? any info on errdump?

     

    Rgds,

    Felipon


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: snmp v3 username and password character limit

    Posted 10-16-2014 12:37 PM

    The rebooting we've done several times with no effect.

     

    --enable and --disable resulted in the error message (and yes, I used the correct spelling for snmpv3 there):  Options are invalid 

     

    Checked the errdump.  The only error message that pertained to it was this one:

     

    2014/10/15-16:46:46, [KSWD-1002], 1456, FFDC | CHASSIS, WARNING, brocade8Gb, Detected termination of process snmpd:2145

     

    Indeed, one would think if it works on other switches it would work on this one as well.


    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: snmp v3 username and password character limit

    Posted 10-17-2014 04:59 AM

    Hi there,

     

    Brocade Solution SLN1980 reports that a switch may find problems when configuring SNMP users longer than 15 characters. If the issue is caused by a code defect, you could try to upgrade FOS. Also you can try to configure that user in different positions inside snmpconfig. Or maybe cleanup some space to see if that could help out.

     

    If no luck, then I'd start thinking of opening a case with Brocade/OEM...

     

     

     

    rgds


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: snmp v3 username and password character limit

    Posted 10-20-2014 02:47 PM

    Navy Config Management will not allow me to change code like that, unfortunately.  Though it may be possible to upgrade to a higher version and then downgrade to see if the problem goes away.  It's a little dicier than I'd like, but I'll keep that option open.

     

    You mentioned 'freeing up space'.  How would one go about doing that?

     

    Also can you point me to where you found Brocade Solution SLN1980?  I can't seem to locate that notice anywhere.

     

    Thanks for your help.


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: snmp v3 username and password character limit
    Best Answer

    Posted 10-22-2014 12:58 AM

    hi,

     

    If you have root access to the switch, you can run non-disruptive command 'cleanup' in order to free up space. If not, you can execute 'supportsave -R' to clear the dumps and free some space there.

     

     Brocade SLN1980 reports the following:

    Solutions

    FOS Kernel panic when user has configured snmpv3 username with too many characters

     

     

    Product Type Details
    All FOS switches
    Environment
    SNMP management application in use
    Software Release
    All FOS versions prior to v7.0.2b
    Description
    The following panic is seen:

    2012/10/04-17:22:01, [HAM-1004], 1172, CHASSIS, INFO, Brocade5100, Processor rebooted - Software Fault:Kernel Panic

    User has configured SNMP v3 user names to 32 characters. After the switch tried to commit the change and failed, SNMP started to restart over and over then rolling reboots started.
    Symptoms
    Switch panics and reboots over and over.
    Workaround
    When switch reboots constantly, the following workaround will bring the switch back to clean firmware load:

    - As soon as the switch reboots again, login as root
    - Run firmwarecleaninstall command and answer the prompts to the firmware download location desired
    - Switch will be reloaded with new firmware and the configuration will be changed to default
    Root Cause
    If the user gives a username in lower case (abc…), the ascii value of lower case starts from 97 (‘a’) and ends at 122 (‘z’). It is storing the engine ID and username in dotted decimal notation. If the user gives username in all lower case, each character will be converted to 3 digit ascii value (eg: ascii value – ‘z’ 122) and a dot will be appended for each character value.

    Example: xyz1 => 120.121.122.49. => four letters becomes 15 characters. 

    The maximum buffer size allowed is 128 bytes. When usernames contain 32 characters we end up over-running that memory space and end up with a crash in snmpd.

    Bearing the above in mind, Brocade has considered all these boundary conditions and stated that usernames with less than 15 characters is recommended. 
    Resolution

    Upgrade to a version of FOS that contains the fix.   

    Product Defect
    Defect 423054
    Fixed in Version
    v7.0.2b, v7.1.0
     
    Disclaimer

    These documents are provided "as is" and without any warranty of any kind, expressed or implied, including, without limitation, any warranty of non-infringement, merchantability, or fitness for a particular purpose. All warranties are expressly disclaimed. User assumes the full risk of using these instructions. In no event shall Brocade be liable for any actual, direct, indirect, punitive, or consequential damages arising from such use, even if advised of the possibility of such damages.


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: snmp v3 username and password character limit

    Posted 10-23-2014 11:38 AM

    The 'cleanup' command was not a valid command in this FOS, but the 'supportsave -R' worked.  The device still will not take the long snmp user/pass.  However, with SLN1980 that you provided I was able to recommend an engineering change with either an FOS upgrade or a change for the username/pass.  This isn't the only device that's had issues with the USN required lengths, so it's likely engineering and IA will need to hash that out...problem being that they work at geologic speeds.  There's also the fact that this is an IBM rebranded Brocade product for their blade centers, so they will likely need to be involved as well.

     

    Thanks for your help on this.


    #BrocadeFibreChannelNetworkingCommunity