05-22-2005 10:14 AM
A management station should have a snmp access to an interface, which belongs to a VRF e. g. MANAGE. Management station and interface are in the same IP subnet.
Everything ist working fine: Telnet, HTTP, SSH ... but SNMP still doesn´t work.
SNMP runs on UDP ... maybe the router try to use its global routing table to respond, even the snmp access uses the vrf interface?!
Any idea ... or any workaround?
Thanks in advance
Edgar
05-27-2005 06:03 AM
Try upgrading the IOS to any of the latest releases and check the status.
05-27-2005 08:06 AM
It´s R12.4 ... so it is an up-to-date image.
Edgar
05-27-2005 09:56 PM
Try using SNMP MIBWALK. If it gives output check NMS configuration. Router will not use global routing table untill you configure route leaking (if interface is configured in VRF).
Regards
Vikas
05-28-2005 07:01 AM
Neither NMS (I am using WhatsUp, CiscoWorks and some pure MIB Browser), nor route leaking is the problem.
The PC (e. g. 172.16.1.10) is directly connected to the VRF Interface (e. g. 172.16.1.1). If I start a telent or HTTP session to 172.16.1.1 it works fine. The router answers from 172.16.1.1 to 172.16.1.10.
The only problem is SNMP. Debugging gives the following hint: Cannot send packet from 0.0.0.0.
This seams to be a general IOS problem and I cannot believe being the only one having such effects.
Edgar
08-30-2005 03:52 AM
Hi Edgar,
do you solve your problem. Having the same with IOS 12.4(1)
Gilles
08-30-2005 04:25 AM
unfortunatly not ... but I didn´t spend much more time to solve it.
11-13-2005 09:21 PM
I am having the exact same symptoms: 1) only SNMP fails to respond to queries from my management host, 2) a packet debug shows the router's SNMP response going to 0.0.0.0
I opened a case with TAC and they have decided it's a bug (CSCsa94371) in 12.4 which is fixed in 12.4(2.2). I am currently using 12.4(2)T SP Services in a 7204. Apparently, 12.3T and 12.3 are OK. I first experienced this bug when I upgraded from 12.3(2)T to 12.4(2)T.
08-30-2005 04:45 AM
Edgar,
It's strange... I too am having a similar problem... though not exactly same... in my case I am able to reach the Trap Receiver... but....
Consider this setup:
Cisco 3745 - NS Firewall (NAT) - IP Cloud - SNMP Trap Receiver...
On 3745 the loopback has been pulled into a "Management" VRF, and the interface connected to the Firewall too has been pulled into this VRF...
ip route vrf vrf_mgmt
There are no global ip routes.
This is the VRF configuration alongwith routes and SNMP configs.
ip vrf vrf_mgmt
rd 65432:702
route-target export 65432:702
route-target import 65432:702
interface FastEthernet1/0
description Connected to NS-5
ip vrf forwarding vrf_mgmt
ip address x.x.x.14 255.255.255.252
duplex auto
speed auto
interface Loopback0
ip vrf forwarding vrf_mgmt
ip address 172.16.1.1 255.255.255.255
I am mentioning the snmp-server host command along with the vrf_mgmt at the end of it.
I have NATted loopback of 3745 on Firewall...
I get packets upto the Trap reciever but it has errors, I have captured it and the same is attached herein.
Any ideas ?
sultan
11-14-2005 01:28 PM
Hi Edgar
You cannot get snmp access to a device through an interface belonging to a vrf. I had the same challenge a while ago, and as far as I know, the only solution is to use an interface belonging to the global context. I you somehow should find a solution, let us know.
Regards, Morten
11-14-2005 03:31 PM
ARe you running an IOS version and have you configured SNMP support for VPNs?
Router(config)# snmp-server host host-address [traps | informs][version {1 | 2c | 3 [auth | noauth |priv]}] community-string [udp-port port][notification-type][vrf vrf-name]
Take a look at the following URL:
Jay
11-14-2005 06:24 PM
This command (snmp-server host...) only applies to traps originating from the router, not to the router's replies to SNMP queries. Your comments are not applicable.
11-14-2005 06:22 PM
See my previous post - Cisco has identified this as a bug.
11-18-2005 06:41 AM
Hi,guys.
I met the similar problem at Cisco 7603,but I didn't find the appropriate IOS version to resolve it.anybody can give me some hints?
thanks.
11-18-2005 12:54 PM
You must look for the IOS revision that is the same rev or higher than that of the bug fix revision. If you don't find it, you either wait for it or bug Cisco to send you a special release which they may choose not to do.
Matt
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: