While troubleshooting issues with Cisco Prime Infrastructure (CPI) 1.3 and snmp trap alarms, I was introduced to using tcpdump on our CPI server to figure out if it was actually getting the snmp trap that we weren’t getting notifications on. Below is a very basic tutorial for those who may find it useful. Depending on the type of trap you are troubleshooting, you may need a maintenance window to test it. For me, it was IPSLA up–>down status messages that CPI wasn't alarming on. To test this, I had to start the packet capture on CPI then shut down the edge interface to our ISP to see if the IPSLA actually triggered the trap and the switch sent it to CPI.
ssh to your CPI instance with the admin user
[sdewndr@jumpbox ~]$ ssh admin@prime
Gain root access (if you have not set this up yet read THIS article first) PRIME/admin#root Enter root patch password : Starting root bash shell ... ade #
Switch to superuser ade # su - [root@PRIME ~]#
Since this isn’t really a tutorial on tcpdump (not that I could write one anyway) I’m not going to get into too much detail about the following command. I will go over it briefly however and what each switch is used for. Do your own research on other possible options. The syntax provided by TAC was:
[root@PRIME ~]#tcpdump -vv "host 192.168.1.1 and port 162" -i eth0 -s0 -w ipsla.pcapng
-vv: more verbose capture
“host x.x.x.x and port xxx”: must be in quotes, the IP address of the trap sender and port CPI is expecting to receive it on
-i eth0: -i is interface and eth0 is the interface CPI is using
-s0: save the whole packet, do not limit how many bytes per packet are saved
-w: write the packet capture to a file so we can export it
ipsla.pcapng: the file name you are writing too (file must end with .pcapng or .pcap depending on Wireshark version)
You can stop the capture by simply pressing control -c on your keyboard. I suggest you try the command on your CPI server to make sure you don’t get any syntax errors before actually triggering your trap. If there are no syntax errors, trigger the trap and you should see the counter increment if the trap is being received by CPI. To make sure CPI is also getting “alarm clear” trap, make sure you reverse whatever you did to trigger the trap. For instance, if you wanted to make sure you get a trap when an interface goes down – shut down the interface and then bring it back up. You should get two packets, once you have them both use cntrl C to end the capture and then we can transfer the capture off CPI to view in Wireshark.
Using the above topology, I have ebgp running between edge1 and edge2 with isp1 and isp2, and ibgp running between the two edge routers and core routers. I had this up and working before but I'm studying for the CCNP so I decided to tear it do...
I am experiencing an issue with multicast feeds over a VTI. We have two VPN gateways at both source and receiver sites. From the receiver side, a static default route has been put in place towards the tunnel. On the source side, we have configured IGMP st...
Folks,We are working on some OSPF design where 2 routers need to talk OSPF with an internal network. The catch, we want to pass the traffic via a Palo Alto firewall. I have attached the diagram on the design on how we are going to implement this...
Hi Freinds am i right as per below: SSO: sup aware feature to prevent the interruption of L2 Traffic NSF : it prevents the interruption of L3 traffic during Sup failover NSR: acts as graceful restart prevents peer to experiencing flapp...
Hi By default Each Table inject 8000 unicast ip unicast route i have one bgp session with 16000 unicast ip routeHow Increase FIB on Switch Nexus 3K For get all recieved routes From BGP sessionTHX For help