I came across some troubleshooting challenges recently and was able to use some SNMP command line tools to resolve them.
I thought I'd share the knowledge here to help the community. Let me know if you find it useful.
1. Device up and functioning fine but unresponsive to ssh login via VTY.
In this case I suspect the vty lines were not getting properly released. Our template has exec timeout configured to prevent stale connections from using up the vty lines but for whatever reason it was not taking place.
Fortunately we also have in our template the key command "snmp-server system-shutdown". That allows a remote snmp user to send an snmpset command to reload the switch. I didn't have an snmp toolkit on my Windows machine but the customer environment was managed with Prime Infrastructure (PI) 2.1. PI has a full set of SNMP tools in the root OS. (Specifically, it currently includes Release 5.4.1 of the open source Net-SNMP toolkit.)
So... log into the PI server via ssh and change to the root shell:
snmpset -v2c -c <snmp rw community string> <device IP address> .18.104.22.168.22.214.171.124.9.9.0 i 2
You simply need to substitute your values for the bracketed variables above.
2. Unable to authenticate to a remote switch due to lack of "aaa new-model".
In this case I suspected the switch somehow had the aaa setting erased. The symptom was that is was not allowing me to authenticate even though I was 99.9% sure I had the correct local credentials. It too was at a remote site and I needed to both retrieve the configuration and then send an update out to the device.
I similarly fell back the the snmpset tool on PI. Here are the commands I used in this case:
ade # snmpset -c <SNMP RW community string> -v 2c 10.60.254.3 126.96.36.199.188.8.131.52.184.108.40.206.1.2.111 i 1
SNMPv2-SMI::enterprises.220.127.116.11.18.104.22.168.111 = INTEGER: 1
ade # snmpset -c <SNMP RW community string> -v 2c 10.60.254.3 22.214.171.124.126.96.36.199.188.8.131.52.1.3.111 i 4
SNMPv2-SMI::enterprises.184.108.40.206.220.127.116.11.111 = INTEGER: 4
ade # snmpset -c <SNMP RW community string> -v 2c 10.60.254.3 18.104.22.168.22.214.171.124.126.96.36.199.1.4.111 i 1
SNMPv2-SMI::enterprises.188.8.131.52.184.108.40.206.111 = INTEGER: 1
ade # snmpset -c <SNMP RW community string> -v 2c 10.60.254.3 220.127.116.11.18.104.22.168.22.214.171.124.1.5.111 a <target workstation with tftp server>
SNMPv2-SMI::enterprises.126.96.36.199.188.8.131.52.111 = IpAddress: <target workstation with tftp server>
ade # snmpset -c <SNMP RW community string> -v 2c <target switch IP address> 184.108.40.206.220.127.116.11.18.104.22.168.1.6.111 s <config_filename.txt>
SNMPv2-SMI::enterprises.22.214.171.124.126.96.36.199.111 = STRING: "config_filename.txt"
ade # snmpset -c <SNMP RW community string> -v 2c <target switch IP address> 188.8.131.52.184.108.40.206.220.127.116.11.1.14.111 i 1
SNMPv2-SMI::enterprises.18.104.22.168.22.214.171.124.111 = INTEGER: 1
ade # snmpset -c <SNMP RW community string> -v 2c <target switch IP address> .126.96.36.199.188.8.131.52.1.53. <workstation with tftp server IP address> s aaa-new-model.txt
SNMPv2-SMI::enterprises.184.108.40.206.<workstation IP> = STRING: "aaa-new-model.txt"
Again, you simply need to substitute your values for the bracketed variables above.
Note the lines beginning "SNMPv2-SMI" are the confirmation responses from the tool - not commands to be entered.
The first bunch of commands pull the running-config off to my workstation which is running a tftp server. The last one pushes a file named "aaa-new-model.txt" with the one line ("aaa new-model" without the quotes) into the running config on the switch.
Note: I found some work laying the ground for these two approaches at an external blog posting. Here's a link to that site in acknowledgement.
hi everybody!I've issue with load balancing mechanism on asr1001xChassis type: ASR1001-X
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1001-X ...
At below, it's the message I found in syslog, and this "junk" fills up the syslog. The source ip is Cisco Prime Infrastructure. I checked the switch login credential in CPI and it's correct. Can anyone tell me why the user name is empty and CPI tries to l...
Hello, I'm having troubles getting NAT to work with two WAN interfaces dynamically. We don't have a range of IP's to create a pool from each ISP, so was just doing a NAT overload on the individual interface. Below is our configuration with any public IP's...
Hi,Has anyone encountered a problem where the Virtual Access interface is showing high utilisation and is affecting the download speed of the end users? The event below was captured from our Zenoss monitoring system and showing high utilisation excee...
Hello everyone, I have a 3750 stacked core switch (1x 3750G and 2x 3750v1) that works perfectly. It does all the routing inside my LAN and it also leases all my DHCP addresses. The problem that I'm having is that my devices on my access switches (1x ...