SNMP access to interface in VRF mode

edgar.reinke · ‎05-22-2005

A management station should have a snmp access to an interface, which belongs to a VRF e. g. MANAGE. Management station and interface are in the same IP subnet.

Everything ist working fine: Telnet, HTTP, SSH ... but SNMP still doesn´t work.

SNMP runs on UDP ... maybe the router try to use its global routing table to respond, even the snmp access uses the vrf interface?!

Any idea ... or any workaround?

Thanks in advance

Edgar

owillins · ‎05-27-2005

Try upgrading the IOS to any of the latest releases and check the status.

edgar.reinke · ‎05-27-2005

It´s R12.4 ... so it is an up-to-date image.

Edgar

vikassharmas · ‎05-27-2005

Try using SNMP MIBWALK. If it gives output check NMS configuration. Router will not use global routing table untill you configure route leaking (if interface is configured in VRF).

Regards

Vikas

edgar.reinke · ‎05-28-2005

Neither NMS (I am using WhatsUp, CiscoWorks and some pure MIB Browser), nor route leaking is the problem.

The PC (e. g. 172.16.1.10) is directly connected to the VRF Interface (e. g. 172.16.1.1). If I start a telent or HTTP session to 172.16.1.1 it works fine. The router answers from 172.16.1.1 to 172.16.1.10.

The only problem is SNMP. Debugging gives the following hint: Cannot send packet from 0.0.0.0.

This seams to be a general IOS problem and I cannot believe being the only one having such effects.

Edgar

gbusson · ‎08-30-2005

Hi Edgar,

do you solve your problem. Having the same with IOS 12.4(1)

Gilles

edgar.reinke · ‎08-30-2005

unfortunatly not ... but I didn´t spend much more time to solve it.

matt.woodling · ‎11-13-2005

I am having the exact same symptoms: 1) only SNMP fails to respond to queries from my management host, 2) a packet debug shows the router's SNMP response going to 0.0.0.0

I opened a case with TAC and they have decided it's a bug (CSCsa94371) in 12.4 which is fixed in 12.4(2.2). I am currently using 12.4(2)T SP Services in a 7204. Apparently, 12.3T and 12.3 are OK. I first experienced this bug when I upgraded from 12.3(2)T to 12.4(2)T.

sultan-shaikh · ‎08-30-2005

Edgar,

It's strange... I too am having a similar problem... though not exactly same... in my case I am able to reach the Trap Receiver... but....

Consider this setup:

Cisco 3745 - NS Firewall (NAT) - IP Cloud - SNMP Trap Receiver...

On 3745 the loopback has been pulled into a "Management" VRF, and the interface connected to the Firewall too has been pulled into this VRF...

ip route vrf vrf_mgmt 255.255.255.255

There are no global ip routes.

This is the VRF configuration alongwith routes and SNMP configs.

ip vrf vrf_mgmt

rd 65432:702

route-target export 65432:702

route-target import 65432:702

interface FastEthernet1/0

description Connected to NS-5

ip vrf forwarding vrf_mgmt

ip address x.x.x.14 255.255.255.252

duplex auto

speed auto

interface Loopback0

ip vrf forwarding vrf_mgmt

ip address 172.16.1.1 255.255.255.255

I am mentioning the snmp-server host command along with the vrf_mgmt at the end of it.

I have NATted loopback of 3745 on Firewall...

I get packets upto the Trap reciever but it has errors, I have captured it and the same is attached herein.

Any ideas ?

sultan

kenet · ‎11-14-2005

Hi Edgar

You cannot get snmp access to a device through an interface belonging to a vrf. I had the same challenge a while ago, and as far as I know, the only solution is to use an interface belonging to the global context. I you somehow should find a solution, let us know.

Regards, Morten

jayjorda · ‎11-14-2005

ARe you running an IOS version and have you configured SNMP support for VPNs?

Router(config)# snmp-server host host-address [traps | informs][version {1 | 2c | 3 [auth | noauth |priv]}] community-string [udp-port port][notification-type][vrf vrf-name]

Take a look at the following URL:

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b10.html#1024762

Jay

matt.woodling · ‎11-14-2005

This command (snmp-server host...) only applies to traps originating from the router, not to the router's replies to SNMP queries. Your comments are not applicable.

matt.woodling · ‎11-14-2005

See my previous post - Cisco has identified this as a bug.

h.lu · ‎11-18-2005

Hi,guys.

I met the similar problem at Cisco 7603,but I didn't find the appropriate IOS version to resolve it.anybody can give me some hints?

thanks.

matt.woodling · ‎11-18-2005

You must look for the IOS revision that is the same rev or higher than that of the bug fix revision. If you don't find it, you either wait for it or bug Cisco to send you a special release which they may choose not to do.

Matt