07-22-2007 02:27 AM
Dear all ,
About Net :
There are more than 70, 2960 switches(access level) , and more than 30, 3750 (Dist level) ,and One 6509 as a core ,
Each 3750 ,is in one Vlan , and several 2960s are connected to a 3750 using trunk port ,(ip routing is enabled on each 3750),
Between 3750s and 6509 , EIGRP is used ,
Now using ciscoworks(LMS 2.6),It can discover all switches in the network ,but user tracking discoved users that connected to 3750 ports,and no users on 2960s are discovered,
What is the problem?How it will be solved?
Any help will be appreciated ,
Mike
Solved! Go to Solution.
07-31-2007 09:25 AM
A static snapshot of "show snmp" is not useful as it's impossible to know what is incrementing. However, it could be that the switch thinks $nmp@32 is an unknown community string. I can't reproduce locally. That string works on my switches. You might try rebooting the switch, or temporarily configure a different community string without the '$' and see if you can walk the same object with the @32.
07-31-2007 11:27 AM
In that output, I see you're using the community string "$snmp" where as you have been using "$nmp" in all of the posts in this thread. Make sure your community string in DCR agrees with that is configured on the device. The device has "$nmp" (i.e. no 's').
07-22-2007 07:44 AM
I'm not sure I clearly understand the problem. Are you saying that users on the 3750s are acquired by User Tracking, but those on the 2960s are not? In addition to that, all of the switches (3750s and 2960s) all show up on the Topology Map with the correct switch icon?
If the answer to both questions are yes, what version of SNMP are you using to manage these devices? What version of IOS are they running?
Typically, to debug this problem, you should enable vmpsadmin debugging under Campus Manager > Admin > Campus Data Collection > Debugging Options, then run a new UT acquisition, and check the resulting ut.log for instances of missing MAC addresses, and the IPs of switches that do not show users in UT.
07-22-2007 10:56 PM
Thank you for your reply,
All 3750s ports that connected to 2960 ,are in Trunk mode , the uplink to the core is "no switchport" and one or two ports that config as "switchport mode access vlan xx" ,are connected to wireless access points,
UT discovers these access-points , but couldn't discovers users on 2960s !!!
The network ,is working very good and there is no problem for users ,
I uses "SNMP-server comunity" on all switches and set an RO community,
Please find bellow the output of :
" utdebug -switch 192.168.186.2 -port fa0/1 "
192.168.186.2 is a 2960 and port fa0/1 is a port that is connected to a user,
please be informed that I have 2 VTP domain ,and the core(6509) and 2960 with "192.168.186.2" IP are in the same domain,
//OUTPUT OF utdebug //
==============Checking for Device==============
192.168.186.2 : INFO : The switch has been discovered by ANI Server.
IP : 192.168.186.2
Details :Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(25
)FX, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Wed 12-Oct-05 23:14 by yenanh
==============Checking for port fa0/1==============
This Port is in Vlan 32
UT is unable to find an end station on this port
See ACTION REPORT for possible remedies
==============Mac Address fetch through SNMP for Verification==============
Mac Address Status
SNMP query for vlan 32
MESSAGE DBConnection: Created new Database connection [hashCode = 7453641]
DCR device id of 192.168.186.2 is 23
Common trust user is: admin
User name in Security context is: admin
log4j:ERROR No appenders could be found for category (CTM.common).
log4j:ERROR Please initialize the log4j system properly.
SNMP v2 credentials found for 192.168.186.2
caught Snmp Exception while quering for mac for vlan 32
com.cisco.nm.lib.snmp.futureapi.SnmpReqTimeoutException: SnmpRequestTimeout on 1
92.168.186.2 while performing SnmpWalk(*) at index = -1
at com.cisco.nm.lib.snmp.futureapi.SnmpFuture.value(SnmpFuture.java:175)
at com.cisco.nm.lib.snmp.futureapi.SnmpTableFuture.value(SnmpTableFuture
.java:141)
at com.cisco.nm.ani.clients.ut.UTDebug.UTSnmp.fetchMacTable(UTSnmp.java:
230)
at com.cisco.nm.ani.clients.ut.UTDebug.UTDebug.parseSnmpAndDisplay(UTDeb
ug.java:273)
at com.cisco.nm.ani.clients.ut.UTDebug.UTDebug.startDebugging(UTDebug.ja
va:234)
at com.cisco.nm.ani.clients.ut.UTDebug.UTDebug.
at com.cisco.nm.ani.clients.ut.UTDebug.UTDebug.main(UTDebug.java:103)
MESSAGE DBConnection: Created new Database connection [hashCode = 2569862]
DCR device id of 192.168.186.2 is 23
SNMP v2 credentials found for 192.168.186.2
==============ACTION REPORT==============
UT is actually failing for the following ports
fa0/1
SNMP CHECK : First check if the end host MAC that is missing in UT is seen in th
e
above MAC table with a Valid status. If not, SNMP is not returning values.
So UT may be hitting a CatOS SNMP bug. Manual verification can be done by
running snmpwalk on the Bridge table for the vlan. snmpwalk [ -v 1 ] device
community@vlan_id .1.3.6.1.2.1.17.4.3. Have this information available when
calling Cisco TAC.
UT FAILURE : If there was no SNMP falure, then UT is failing to pick up entries
for the ports. Please follow the steps one by one. If the action taken for
the step fails, move to the next step.
STEP : Add the property "UTGetVlansWithUserPorts=1" in ANIServer.properties.
Please restart ANIServer after setting this and then run a rediscover.
STEP : If the above steps do not solve the problem, enable Trace and Debug for
the vmpsadmin module in Debugging Options. Do a full UT Discovery (Discover
All), and contact Cisco TAC with the ANI log and this log file.
07-23-2007 06:38 AM
If the 2960s connect to APs, what users are actually directly connected to the 2960s? It sounds like your problem is with finding users connected to the APs.
As for the above output, it appears there may be an issue with your community string. Please attach a show run from this switch. If you cannot do that because of security concerns, then please open a TAC service request.
07-23-2007 07:12 AM
Hi Clarke ,
In Rack-A , there are 3 2690s that their Gi0/1 is connected to ports 1 to 3 of 3750G ,
All the users are connected to 2960s ports ,
One 3com AP is connected to port Gig1/0/10 of this 3750G ,
UT, discovers just the AP (no WLAN users), that is connected to port Gig1/0/10 , and users that connected to 2960s are not discovered ,
I really confused ,I think everything is OK , but UT does not work correct ,
Please help me to solve this problem ,
Regards , Mike
07-23-2007 07:21 AM
Without the config from the switch, the logs I mentioned earlier, and a sample missing MAC address, I cannot say what the problem is.
07-23-2007 07:24 AM
OK , I'll send it ASAP ,
For sure,could you please tell me What you need to khow and what I have to send for you?
07-23-2007 07:41 AM
The show run from the switch, a sample missing MAC address on the port to which it connects, and the ut.log after enabling vmpsadmin debugging as I described earlier and running a full UT major acquisition
07-24-2007 06:48 AM
07-24-2007 07:55 AM
I need to see the full log. You can compress it, or you can open a TAC service request, and have TAC analyze this. Also, you need to provide a sample missing MAC address, and the port to which it directly connects on this 2960.
07-24-2007 10:54 PM
Hi Clarke ,
Please find attached ut full log ,
I send 2 Sample MAC as bellow :
00-14-2a-c1-15-57
This is MAC of Ciscoworks server , that is connected to port 0/20 of switch 2960 ,this switch is connected to port 1/0/6 of 3750 ,
another sample MAC is :
00-04-79-66-e0-7d
that is connected to port 0/45 of 2960,this switch is connected to port 1/0/4 of 3750,
Thank you very much and waiting fro your answer ,
07-25-2007 11:09 AM
Hi Clarke ,
Did you see ,the ut.log ?
What is the problem?
Waiting for answer,
Brgrds , Mike
07-25-2007 12:30 PM
The log tells me that there was a timeout problem trying to fetch the users on vlan 32 from this switch. This could indicate that the community string for this switch in DCR is wrong. The device is configured for "$nmp" so UT should be using $nmp@32 to get the users from this switch on vlan 32.
You should first check DCR, and make sure the read-only community string for this switch is correct. If so, test that you can walk the following OID under Device Center > SNMP Walk using the community string $nmp@32:
.1.3.6.1.2.1.17.4.3
07-31-2007 03:20 AM
Hello Clarke ,
I check DCR , It is ok ,
Using SNMPWALK , just 3750 switches answer it, for example in Rack-C ,all ports are in Vlan40 ,management ip for 3750 is 192.168.186.49 ,and for one 2960 is 192.168.186.50.
Now using snmpwalk ,for $nmp@40 on 3750 everything is ok ,but for 2960 doesn't answer!!!
I have to tell you that all 2960s will answer to snmpwalk without @VlanID ,
please find attached ,debug output for 3750 ,with ip "192.168.186.49"
Thank you for your help,
Mike
07-31-2007 06:46 AM
Hi again ,
Please find bellow the output of "show snmp" command on 2960 switch,
I use "snmpwalk" using $nmp@32
----------------------------------
ack-c#sh snmp
Chassis:
9225 SNMP packets input
0 Bad SNMP version errors
772 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
37900 Number of requested variables
0 Number of altered variables
166 Get-request PDUs
8142 Get-next PDUs
0 Set-request PDUs
8453 SNMP packets output
0 Too big errors (Maximum packet size 1500)
6 No such name errors
0 Bad values errors
0 General errors
8453 Response PDUs
0 Trap PDUs
SNMP global trap: disabled
SNMP logging: disabled
SNMP agent enabled
---------------------------------
When I run "debug snmp packet" on that ,It just show me "6d09h: SNMP: Packet received via UDP from 172.31.32.116 on Vlan200" 6 times!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide