09-08-2009 06:29 AM
we have two Cisco 3800 routers at two sites running GRE over IPsec. Almost every 23-24 hours, our trap collector would get two SNMP traps from both routers.
What are these? The tunnel is stable and how to stop them?
traps look like this:
Device: VPN1
Component:
Severity: Warning
Time: 2009/09/07 22:01:29.000
Message:
snmp trap ciscoMgmt.171.2.2
Event details:
ciscoMgmt = 2
ciscoMgmt.171.1.2.2.1.6.1.14.50.48.56.46.56.53.46.49.48.54.46.50.50.53.1.14.50.48.56.46.56.53.46.49.48.52.46.50.50.53.24 = PUja
ciscoMgmt.171.1.2.2.1.7.1.14.50.48.56.46.56.53.46.49.48.54.46.50.50.53.1.14.50.48.56.46.56.53.46.49.48.52.46.50.50.53.24 = PUha
ciscoMgmt.171.1.2.3.1.16.24 = 8640000
ciscoMgmt.171.1.4.2.1.1.2.24 = 2
monitor = localhost
oid = 1.3.6.1.4.1.9.9.171.1.4.2.1.1.2.24
Device: VPN1
Component:
Severity: Warning
Time: 2009/09/07 22:57:31.000
Message:
snmp trap ciscoMgmt.171.2.1
Event details:
ciscoMgmt = 86400
ciscoMgmt.171.1.2.2.1.6.1.15.50.48.56.46.48.56.53.46.49.48.54.46.50.50.53.1.15.50.48.56.46.48.56.53.46.49.48.52.46.50.50.53.25 = PUja
ciscoMgmt.171.1.2.2.1.7.1.15.50.48.56.46.48.56.53.46.49.48.54.46.50.50.53.1.15.50.48.56.46.48.56.53.46.49.48.52.46.50.50.53.25 = PUha
ciscoMgmt.171.1.2.3.1.15.25 = 86400
monitor = localhost
oid = 1.3.6.1.4.1.9.9.171.1.2.3.1.15.25
Each router has
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
Solved! Go to Solution.
09-08-2009 08:07 AM
The first trap is a cikeTunnelStop trap which is generated when a phase 1 tunnel becomes inactive. The second is a cikeTunnelStart. This is generated when a phase 1 tunnel becomes active. If you do not want to see these traps, just remove the following from the config:
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
09-08-2009 11:01 AM
1. Yes, this timer is the IKE phase 1 timer (i.e. 86400 seconds). The third varbind in the cikeTunnelStart trap indicates the tunnel life time in seconds where as the third varbind in the cikeTunnelStop trap indicates the tunnel's lifetime in 100ths of a second. You can see 86400 and 8640000 in your sample traps respectively.
2. Unfortunately, a good tool does not yet exist for this. A lot of times, one must go to the IOS source code to see for certain what traps are associated to what keywords. The good news is a new tool is in the works to provide customers the ability to see what traps are tied to what configuration.
09-08-2009 08:07 AM
The first trap is a cikeTunnelStop trap which is generated when a phase 1 tunnel becomes inactive. The second is a cikeTunnelStart. This is generated when a phase 1 tunnel becomes active. If you do not want to see these traps, just remove the following from the config:
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
09-08-2009 09:24 AM
thank you so much! I will remove them from configuration
1. which timeout value is this? from
"show crypto isakmp policy", I see 86400 seconds
2. where can I get this kind of SNMP traps info to associate them to isakmp tunnel? I googled these keywords but didn't get much.
09-08-2009 11:01 AM
1. Yes, this timer is the IKE phase 1 timer (i.e. 86400 seconds). The third varbind in the cikeTunnelStart trap indicates the tunnel life time in seconds where as the third varbind in the cikeTunnelStop trap indicates the tunnel's lifetime in 100ths of a second. You can see 86400 and 8640000 in your sample traps respectively.
2. Unfortunately, a good tool does not yet exist for this. A lot of times, one must go to the IOS source code to see for certain what traps are associated to what keywords. The good news is a new tool is in the works to provide customers the ability to see what traps are tied to what configuration.
09-08-2009 12:29 PM
for point 2, what is the best way to obtain clarification on these "strange traps"? TAC cases?
09-08-2009 12:39 PM
Yes, TAC or the forum are your best resources for now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide