Cannot pull services from FS S3410 switches via SNMPv3

GenericNetworkingUsr · March 18, 2025, 1:09pm

CMK version: 2.3.0p27 MSP
OS version: Ubuntu 22.04

Error message:
GUI SNMP service scans or running cmk from the CLI both fail to properly poll SNMPv3 on a switch within a timely manner. This is whether using inline or classic SNMP.

From the CLI, cmk will run for a moment, then stall for a long period of time before throwing this error multiple times before proceeding with scanning:

Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU

The job runs so long it would fall outside of the maximum timing bounds which CheckMK would allow for SNMP.

Output of “cmk --debug -vvII hostname”:

OMD[sitename]:~$ cmk --debug -vvII hostname
Discovering services and host labels on: hostname
hostname:
+ FETCHING DATA
  Source: SourceInfo(hostname='hostname', ipaddress='ipaddress', ident='snmp', fetcher_type=<FetcherType.SNMP: 7>, source_type=<SourceType.HOST: 1>)
[cpu_tracking] Start [7eff69fefcb0]
Read from cache: SNMPFileCache(hostname, path_template=/omd/sites/sitename/tmp/check_mk/data_source_cache/snmp/{mode}/{hostname}, max_age=MaxAge(checking=0, discovery=270.0, inventory=270.0), simulation=False, use_only_cache=False, file_cache_mode=1)
  SNMP scan:
       Getting OID .1.3.6.1.2.1.1.1.0: Executing SNMP _Mode.GET of .1.3.6.1.2.1.1.1.0 on hostname
=> [b'FS Campus Switch PoE (S3410-24TF-P) By FS.COM Inc'] OCTETSTR
b'FS Campus Switch PoE (S3410-24TF-P) By FS.COM Inc'
       Getting OID .1.3.6.1.2.1.1.2.0: Executing SNMP _Mode.GET of .1.3.6.1.2.1.1.2.0 on hostname
=> [b'.1.3.6.1.4.1.52642.1.1.10.1.893'] OBJECTID
b'.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Using cached OID .1.3.6.1.2.1.1.2.0: '.1.3.6.1.4.1.52642.1.1.10.1.893'
       Getting OID .1.3.6.1.4.1.232.2.2.4.2.0: Executing SNMP _Mode.GET of .1.3.6.1.4.1.232.2.2.4.2.0 on hostname
Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU
Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU
Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU
Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU
Bad PDU type received: 0x00
security service 3 error parsing ScopedPDU

Running an snmpwalk however succeeds without issue and returns each line in less than a second:

user@sitename:~$ snmpwalk -l authPriv -v 3 -u snmpv3username -a SHA -A authKey -x DES -X privKey ipaddress
iso.3.6.1.2.1.1.1.0 = STRING: "FS Campus Switch PoE (S3410-24TF-P) By FS.COM Inc"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.52642.1.1.10.1.893
iso.3.6.1.2.1.1.3.0 = Timeticks: (32289376) 3 days, 17:41:33.76
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "FS"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 7
iso.3.6.1.2.1.2.1.0 = INTEGER: 30
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4
iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5
iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7
iso.3.6.1.2.1.2.2.1.1.8 = INTEGER: 8
iso.3.6.1.2.1.2.2.1.1.9 = INTEGER: 9
iso.3.6.1.2.1.2.2.1.1.10 = INTEGER: 10
iso.3.6.1.2.1.2.2.1.1.11 = INTEGER: 11
iso.3.6.1.2.1.2.2.1.1.12 = INTEGER: 12
iso.3.6.1.2.1.2.2.1.1.13 = INTEGER: 13
iso.3.6.1.2.1.2.2.1.1.14 = INTEGER: 14
iso.3.6.1.2.1.2.2.1.1.15 = INTEGER: 15
iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16
iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17
iso.3.6.1.2.1.2.2.1.1.18 = INTEGER: 18
iso.3.6.1.2.1.2.2.1.1.19 = INTEGER: 19
iso.3.6.1.2.1.2.2.1.1.20 = INTEGER: 20
iso.3.6.1.2.1.2.2.1.1.21 = INTEGER: 21
iso.3.6.1.2.1.2.2.1.1.22 = INTEGER: 22
iso.3.6.1.2.1.2.2.1.1.23 = INTEGER: 23
iso.3.6.1.2.1.2.2.1.1.24 = INTEGER: 24
iso.3.6.1.2.1.2.2.1.1.25 = INTEGER: 25
iso.3.6.1.2.1.2.2.1.1.26 = INTEGER: 26
iso.3.6.1.2.1.2.2.1.1.27 = INTEGER: 27
iso.3.6.1.2.1.2.2.1.1.28 = INTEGER: 28
iso.3.6.1.2.1.2.2.1.1.4096 = INTEGER: 4096
iso.3.6.1.2.1.2.2.1.1.4097 = INTEGER: 4097
iso.3.6.1.2.1.2.2.1.2.1 = STRING: "GigabitEthernet 0/1"
iso.3.6.1.2.1.2.2.1.2.2 = STRING: "GigabitEthernet 0/2"
iso.3.6.1.2.1.2.2.1.2.3 = STRING: "GigabitEthernet 0/3"
iso.3.6.1.2.1.2.2.1.2.4 = STRING: "GigabitEthernet 0/4"
iso.3.6.1.2.1.2.2.1.2.5 = STRING: "GigabitEthernet 0/5"

Any pointers on config changes that could be made? I’ve seen some word online that the engine ID needs to be reconfigured but that option does not appear to be exposed on these switches.

Cheers.

paulosantanabr · April 29, 2025, 8:31pm

Did you solve the issue? Increasing the timeout could work also adding another tentative in the query. I`ve seen devices where it could take more than 5 minutes to query.