When setting up SNMP monitoring on HPE, ProCurve, or Aruba switches, you may encounter unexpected SNMP failures—even when the device appears reachable via ping or other protocols. This issue is often due to the default SNMP response behavior on these switches.
This article explains the root cause and provides a simple, command-line solution to ensure successful SNMP polling in Auvik.
Problem Overview
Newer HPE/ProCurve/Aruba switches handle SNMP responses based on the interface receiving the request. If SNMP polling comes from an IP address that does not match the same subnet as the target VLAN, SNMP replies can be returned from a different interface/IP. This results in a source IP mismatch, which causes SNMP polling to fail.
Example Scenario
| VLAN | Switch IP | Collector IP |
|---|---|---|
| A | 10.10.2.1/24 | 10.10.2.2/24 |
| B | 10.10.3.1/24 | 10.10.3.2/24 |
Case 1:
- Collector IP:
10.10.2.2 - SNMP request sent to:
10.10.3.1 - SNMP response source IP:
10.10.2.1 - Result: SNMP fails due to source IP mismatch.
Case 2:
- Collector IP:
10.10.3.2 - SNMP request sent to:
10.10.2.1 - SNMP response source IP:
10.10.3.1 - Result: SNMP fails again.
Even though all IPs are reachable, Auvik and similar monitoring platforms expect the SNMP response to come from the same IP address the request was sent to. A mismatch causes the polling process to fail.
Root Cause
The default SNMP response behavior on these switches causes the reply to be sent from the interface associated with the switch's default route or primary VLAN—even if the SNMP request was received on a different interface.
This behavior breaks monitoring workflows, especially:
- Across VPNs
- In environments with multiple routed VLANs
- With source-IP-sensitive systems like Auvik
Solution: Set SNMP Response Source
To ensure SNMP responses are sent from the same IP that received the request, enter the following command in switch configuration mode:
snmp-server response-source dst-ip-of-request
This setting tells the switch to use the destination IP of the request as the source IP of the response—ensuring proper behavior for monitoring tools.
Alternate Syntax for Older Firmware:
If your switch does not support dst-ip-of-request, use a specific VLAN IP instead:
snmp-server response-source X.X.X.X
Where X.X.X.X is the IP of any VLAN interface configured on the switch. It does not have to match the collector subnet, though using the most commonly monitored VLAN is advised.
Final Notes
- This configuration is persistent across reboots.
- Once set, Auvik should be able to poll the device via SNMP without issues.
- Test SNMP polling immediately after applying the change to verify resolution.
By adjusting the SNMP response source behavior, you align the switch with Auvik’s expectations and eliminate silent polling failures that stem from IP mismatches.