SNMP on Passport 8600

[rizacer]

I have a question that I need help with regarding SNMP. I did some searching through this site and couldn't seem to find the exact answer I was looking for.

In short I need to remove the default SNMP communities of "private" and "public" on the switch. I have tried various commands such as.

"sys/set/snmp/community rw "foo" however the switch still responds to the default of "private"

The versions are 3.5.0.0 and 3.5.2.0

If this is not possible I could get away with filtering which IP's can poll the switch via SNMP. I just don't know how to go about doing that either?

Any help is appreciated!
DP

 

[anthonyanderberg]

The highest access level is RWA - try your command with that instead of RW. There are actually a few levels of SNMP
access: RO/RW/L1/L2/L3/RWA I'm not sure how many are active by default, I generally set RO and RWA to my standards and set the others to some long random string.

BTW: You may already know this but Nortel is ending support for the 3.5 code branch - you'll need to upgrade to 3.7, 4.0, or 4.1 code streams eventually.

 

[rizacer]

Thanks for the info basically I needed to populate the L1 - L3 to stop getting hits on "public"

Now I can start to migrate these switches out of the network.


DP

 

[VOIPaintEASY]

Can I ask what you are migrating into your network to replace these 8600's "migrate out"?

 

[rizacer]

These switches are being phased out to a Cisco Cat6500's setup .


DP

 

[VOIPaintEASY]

I assumed so. RIP 8600’s…

 

[rizacer]

Yup too many issues in the past with the Nortel switching gear.

 

[VOIPaintEASY]

We have had our share too. It had taken 2 years to smooth them out. Can you elaborate on your issues in general terms? Not that I want to change your direction but there may be some simple directions to point you to ease your pain based on our past experiences. I also am curious to what pain level will force a forklift. Are you running dual 8600 cores or single?

 

[rizacer]

Without going into too much detail. There are limitations on the 8600s in general when it comes to PPS that don't meet the perforamance that is needed for the network. Also the lack of a type of policy-based routing is very key.

Have had to do a few "open heart" surgery's to remove blades to see if they were even effected by CSB's then have them replaced. Fiber ports on some cards just stop working. The limited sniffer monitoring and just general lack of features. Another point in time some spanning tree/MLT config or lack there off caused both switches to fail.

Its a dual 8610 setup and the redundancy to the access layer is just not there anymore since going to a Cisco access layer.

DP
Overall the 8600's are a decent switch the CLI isn't that bad. Can be not very intuitive at times, however the lack of documentations is an issue.

The 450/470 are much more problematic. The random loss of a VLAN config. Can telnet to a switch one day then not the next. Only a reboot can fix Nortel support always saying "just reboot the switch". Switch stacks just deciding to not be stacked anymore.

Now when it comes to Nortel routers such as ARN/ASN. Thats where I will fight to the end never to use them again.

 

[VOIPaintEASY]

Sounds like we have had some of the same issues. We have had the 8600 fiber interface failures too but finally just replaced all of the blades via support/ RMA. I agree the Cisco web site has far better access to config examples, IOS downloading manager, etc. As far as the 460/470 we have also had our share of issues that sound like yours. Our stacks fall apart, BOSS upgrades that trigger config corruption, etc. I don’t think the same level of engineering talent is there developing the data gear and CSE1000 as did the old SL1, Option 11/ 61/ 81. Our CSE1000 is far less reliable than the Option 11’s and an old SL1 we still have lumbering along at a site with over 500 stations and we have gone 3.5 years with no Telecom admin on site. We are going to go ahead and replace the 460/470 stacks in the closet with the 4500 line. If we have the same of unpredictable failures and unreliability it will be the last Nortel data gear in the door. I always say our Cisco gear “just runs” and never impacts my reputation in causing hundreds of users to wander out of offices into the halls and crowd in front of a wiring closet wondering when the network is going to be up. That will impact hardware purchase decisions for a long time…

 

[rizacer]

Good luck with the 4500 series. Been using the Cisco 3750G and PoE models and have never looked back. probably deployed about 150 so far with many more to go.


DP

 

[VOIPaintEASY]

How many VOIP stations do you have? Are you having any voice quality issues with the 3750 QoS settings? (I guess I am assuming you have Nortel VOIP)

 

[rizacer]

Right now its about 4x sites on MPLS running VoIP somewhere around 400+ users. The system is actually Avaya. Cisco and Nortel fought hard to get in but for various reasons Avaya was chosen. So far its a simple to use/run system without many major hiccups.

The switches don't handle the QoS. All the marking/tagging is done on the edge routers so it works like a champ. The switches only have to worry about the PoE and policy-routing functions.

One of the issues I have seen with the Nortel combo is the lack of some multicast features. So when site A decided to send a voice page to site B it was unicast across the MPLS eating up bandwidth.


DP

I am hoping by the end of this year the only Nortel gear that will be left is the VPN routers.