cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12149
Views
0
Helpful
6
Replies

snmp-server community over VRF

frodestra
Level 1
Level 1

I'm in the process of rolling out snmp-server community for LMS for all our devices. A few devices is VRF enabled, hence I need to ping the LMS server through a VRF and not the global routing table. To my knowledge the ' snmp-server host 11.22.33.44 vrf VRF XXXX' command only sends traps/notifications to DFM , is there a similar comand for the 'snmp-server community xxxx RO 1' ?

I can ping the device from the LMS server but the snmp-server community access-list  does not show any hits for the LMS IP and hence the device is not registered in LMS.

Any ideas?

1 Accepted Solution

Accepted Solutions

"failed" from device center while the LMS server is validated (via your snmpwalk test) to be able to reach the device is most often a resullt of incorrect credentials being used by the LMS server.

That said, I would still expect the ACL to increment when you try from Device Center. Something is definitely going on with the LMS server's SNMP settings.

Can you capture traffic leaving the LMS server for the device when you try the Device Center check? If the SNMP queries are leaving the server, you should see the credentials being used embedded in them.

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

VRFs can be tricky to work with.

When you ping the device from LMS, are you hitting an SVI that's in the VRF subnet (and reflected in the device's routing table for that VRF)?

Can you ping LMS from that same SVI (using the VRF RIB or routing table)?

Yes, I am hitting an SVI in the VRF subnet and I can ping LMS from the same SVI when using the VRFs RIB.

So manually-initiated communications appear to be working in both directions. That's good.

Since you're not seeing hits on your acl at the device, I'd next check to see the traffic leaving your LMS server. You can run a Wireshark capture there (or use the built-in packet tracer), filtering on your device's destination IP. I'd initiate a comms check from Device Center in LMS (or snmpwalk from the cli) to manually trigger an SNMP query.

If you don't see any SNMP queries leaving, LMS is the culprit (I'd check the DCR entry for the device in question). If you do see the traffic leaving then there is a network / device issue.

I just did a SNMP Walk and the access list recieved hits for the first time. The results looked normal, but when I test SNMP reachability from the Device Center i get Failed!  (And the device is not registrered in LMS) To me this is strange behaviour.

Am I missing someting here?

"failed" from device center while the LMS server is validated (via your snmpwalk test) to be able to reach the device is most often a resullt of incorrect credentials being used by the LMS server.

That said, I would still expect the ACL to increment when you try from Device Center. Something is definitely going on with the LMS server's SNMP settings.

Can you capture traffic leaving the LMS server for the device when you try the Device Center check? If the SNMP queries are leaving the server, you should see the credentials being used embedded in them.

It appeared that it was wrong credentials after all... Its workin now. Thanks for your efforts

Review Cisco Networking for a $25 gift card