01-31-2024 09:56 AM
hi,
my SNMP mgmt systems does not read interface traffic stats. Everything is on zero. What could be a problem?
br
01-31-2024 10:04 AM
Share the config
MHM
01-31-2024 11:34 PM
config is simple, nothing special
nameif TU1
ip address aaaaa
tunnel source interface outside
tunnel destination AAAAA
tunnel mode ipsec ipv4
tunnel protection ipsec profile PPPPPP
!
intereseting thing is that ther is no stats even over cli command
# sh int outside
Interface "outside", is up, line protocol is up
Traffic Statistics for "outside":
150225833416 packets input, 88955620772911 bytes
141435662470 packets output, 93475314152425 bytes
414327832 packets dropped
# sh int tu1
Interface Tunnel1 is up, line protocol is up
Hardware is Virtual Tunnel Description:
MAC address N/A, MTU 1500
IP address
Tunnel Interface Information:
Source interface: outside
Mode: ipsec ipv4 IPsec profile:
02-01-2024 11:09 AM
Not config of VTI config of snmp
Anyway
Did you enable trap linkup linkdown?
If no add this command and shut not shut the tunnel and check snmp
MHM
02-02-2024 12:56 AM
why would I do trap linkup linkdown? My mgmt system is reading stats for other interfaces without that command.
02-02-2024 01:13 AM
@DraganSkundric87318, of course, this doesn't make any sense )
But if you don't see stats in the CLI, you'd never get them via SNMP, right? Do you at least see "interface tunnel" via SNMP if you poll ifMib? Anyway, this looks very much like a software caveat, if you will, but I'm not aware of any enhancement requests here.
You can try to use CISCO-IPSEC-FLOW-MONITOR-MIB instead: https://snmp.cloudapps.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2&mibName=CISCO-IPSEC-FLOW-MONITOR-MIB
Refer to cipSecTunnelTable and cipSecEndPtTable, but this is a bit complicated.
02-02-2024 01:26 AM
yes I can see interfaces over mgmt :-)) ... I just wandered if anyone else hit that wall
02-02-2024 01:18 AM
Just for troubleshooting' are snmp detect up down of VTI or not.
MHM
02-02-2024 01:22 AM
@MHM Cisco World, FYI, SNMP polling and SNMP traps are little bit different things )
02-02-2024 01:30 AM
Just wait @tvotna I knew that polling is different than trap
I need to see if SNMP totally not see anything related VTI.
From there we decide next step
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide