Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
1
Replies

SNMP traps configuration doesn't work in CUSTOMER-CONTEXT

ANA PRENDES RODRIGUEZ
Level 1
Level 1

‎12-30-2013 05:05 AM - edited ‎03-11-2019 08:23 PM

Hi evryone;

I'm having some issues configurin SNMP traps on a ASA5520 USER-CONTEXT  (Cisco Adaptive Security Appliance Software Version 8.2(4)):

I had already configured SNMP traps on ADMIN-CONTEXT and traps were getting the correspondig NETCOOL SERVERS (10.105.27.115 and 10.105.27.118) as you can see in point 2).

Cuold you please give me any clue of why I get this output for a non ADMIN-CONTEXT and why I do not even see SNMP packets output

1) CUST-09-CONTEXT

name 10.105.27.115 Netcool1_TESTBED description Netcool1_TESTBED SNMP server.

name 10.105.27.118 Netcool2_TESTBED description Netcool2_TESTBED SNMP server.

snmp-server community sjnemdhqksptabld

snmp-server host CUST-09-HCS-MNGT-TRANSIT Netcool1_TESTBED community sjnemdhqksptabld version 2c

snmp-server host CUST-09-HCS-MNGT-TRANSIT Netcool2_TESTBED community sjnemdhqksptabld version 2c

 

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

route CUST-09-HCS-MNGT-TRANSIT 10.105.27.0 255.255.255.0 192.168.228.1 1


CAPTURES

Lab-asa1-p/CUST-09-CONTEXT/act# capture TEST1 interface CUST-09-HCS-MNGT-TRANSIT match ip host 10.105.27.115 any

Lab-asa1-p/CUST-09-CONTEXT/act# show capture TEST1 trace detail

23 packets captured

   1: 15:17:16.373927 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 9815)

   2: 15:17:18.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 10598)

   3: 15:17:20.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 27648)

   4: 15:17:22.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 3518)

   5: 15:17:24.370433 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 18995)

   6: 15:17:43.015258 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 2110)

   7: 15:17:45.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 11567)

   8: 15:17:47.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 25551)

   9: 15:17:49.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 3716)

  10: 15:17:51.010436 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 20820)

  11: 15:48:16.998483 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 25423)

  12: 15:48:18.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 30357)

  13: 15:48:20.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 31174)

  14: 15:48:22.990366 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 10878)

  15: 15:48:39.735527 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 8146)

  16: 15:48:41.730354 1200.0314.0600 0000.0c9f.fc14 0x8100 118: 802.1Q vlan#3092 P0 192.168.228.4 > 10.105.27.115: icmp: echo request (ttl 255, id 1803)

  17: 15:49:01.881134 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33434:  [udp sum ok] udp 0 [ttl 1] (id 15279)

  18: 15:49:01.881744 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33435:  [udp sum ok] udp 0 [ttl 1] (id 20090)

  19: 15:49:01.884201 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33436:  [udp sum ok] udp 0 [ttl 1] (id 24847)

  20: 15:49:01.886672 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33437:  [udp sum ok] udp 0 (ttl 2, id 8822)

  21: 15:49:04.880356 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33438:  [udp sum ok] udp 0 (ttl 2, id 20949)

  22: 15:49:07.880371 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33439:  [udp sum ok] udp 0 (ttl 2, id 9126)

  23: 15:49:10.880340 1200.0314.0600 0000.0c9f.fc14 0x8100 46: 802.1Q vlan#3092 P0 192.168.228.4.49175 > 10.105.27.115.33440:  [udp sum ok] udp 0 (ttl 3, id 24404)

23 packets shown

I had already configured SNMP traps on ADMIN-CONTEXT and traps were getting the correspondig NETCOOL SERVERS:

2) CONFIGURATION ADMIN-CONTEXT

IP Management  ASA-FW -->10.105.89.38

interface GigabitEthernet0/3.710

nameif management

security-level 100

ip address 10.105.89.38 255.255.255.192 standby 10.105.89.39

management-only

name 10.105.27.115 Netcool1_TESTBED description Netcool1_TESTBED SNMP server.

name 10.105.27.118 Netcool2_TESTBED description Netcool2_TESTBED SNMP server.

snmp-server community sjnemdhqksptabld

snmp-server host management Netcool1_TESTBED community sjnemdhqksptabld version 2c

snmp-server host management Netcool2_TESTBED community sjnemdhqksptabld version 2c

snmp-server enable traps snmp authentication linkup linkdown coldstart

snmp-server enable traps syslog

ip route 0.0.0.0 0.0.0.0 10.105.89.1

CAPTURES : I could see 206 SNMP packets output and traffic towards the NETCOOL SERVERS (10.105.27.115 AND 10.105.27.118)

Lab-asa1-p/ADMIN-CONTEXT/act# sh snmp statistics

0 SNMP packets input

    0 Bad SNMP version errors

    0 Unknown community name

    0 Illegal operation for community name supplied

    0 Encoding errors

    0 Number of requested variables

    0 Number of altered variables

    0 Get-request PDUs

    0 Get-next PDUs

    0 Get-bulk PDUs

    0 Set-request PDUs (Not supported)

206 SNMP packets output

    0 Too big errors (Maximum packet size 512)

    0 No such name errors

    0 Bad values errors

    0 General errors

    0 Response PDUs

    206 Trap PDUs

Lab-asa1-p/ADMIN-CONTEXT/act#

Lab-asa1-p/ADMIN-CONTEXT/act# capture TEST1 interface management match ip host 10.105.27.115 any

Lab-asa1-p/ADMIN-CONTEXT/act# show capture TEST1

5 packets captured

   1: 18:36:17.631070 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 356

   2: 18:36:18.491261 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355

   3: 18:36:22.389338 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 266

   4: 18:36:29.491231 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355

   5: 18:36:40.491246 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.115.162:  udp 355

5 packets shown

Lab-asa1-p/ADMIN-CONTEXT/act# capture TEST2 interface management match ip host 10.105.27.118 any

Lab-asa1-p/ADMIN-CONTEXT/act# show capture TEST2

13 packets captured

   1: 18:37:16.198094 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 356

   2: 18:37:24.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   3: 18:37:35.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   4: 18:37:46.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   5: 18:37:57.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   6: 18:38:08.491322 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   7: 18:38:19.491292 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   8: 18:38:30.491338 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

   9: 18:38:41.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

  10: 18:38:52.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

  11: 18:39:03.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

  12: 18:39:14.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

  13: 18:39:25.491307 802.1Q vlan#710 P0 10.105.89.38.162 > 10.105.27.118.162:  udp 355

13 packets shown

thanks

Ana


Labels:
0 Helpful
1 Reply 1

ANA PRENDES RODRIGUEZ
Level 1
Level 1

‎12-30-2013 06:01 AM

Hi guys coould you please help me out ??

BR

ANA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card