Re: Some process didn't work on 3750

henrybb · ‎03-30-2006

SNMP didn't work:

*Apr 18 01:11:31: %IP_SNMP-3-SOCKET: can't open UDP socket

6w5d: Unable to open socket on port 161

And ntp can't synced

3750#sh ntp associations

address ref clock st when poll reach delay offset disp

~10.1.2.45 0.0.0.0 16 - 64 0 0.0 0.00 16000.

~10.1.2.46 0.0.0.0 16 - 64 0 0.0 0.00 16000.

~10.1.2.12 0.0.0.0 16 - 64 0 0.0 0.00 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

3750#sh ver

Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(25)SEB4, RELEA

SE SOFTWARE (fc1)

There are about 40+ 3750s which used same IOS version and some can synced ntp .

So how to solve the problem ?

thanks!

Richard Burts · ‎03-30-2006

Henry

I believe that the first thing would be to check to see if there might be any access list which could affect the traffic for SNMP and/or NTP.

Also it would be helpful to know how you have NTP configured. Are you specifying the source address for NTP? How do you configure the NTP servers?

I would start by checking for IP connectivity from one of the 3750s that does not work to the servers. If you can proove IP connectivity is not an issue we can look at some other possible causes.

HTH

Rick

HTH

Rick

henrybb · ‎03-30-2006

Yes,I am sure that ACL doesn't block necessary traffic.

3750#sh run | i ntp

ntp server 10.1.2.45

ntp server 10.1.2.46

ntp server 10.1.2.28

3750#ping 10.1.2.45

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.253.245, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

henrybb · ‎03-30-2006

SNMP also doesn't have any ACL to block access from SNMP workstation.

answanso · ‎03-30-2006

Per CSCsc92347, this can happen if Vlan1 (the management vlan) is not configured as such. Meaning has an IP address assigned to it. Can we please see a configuration from one of these switches?

henrybb · ‎03-30-2006

Yes，I didn't config vlan 1 and I use vlan 255 as management vlan. But many other 3750/4506/2950 can work normal even if I didn't config vlan1.

And why can't I see description of CSCsc92347 ? I have CCO account.

So how can I resolve the problem ?

Following is part of configuration of one problem 3750:

interface Vlan1

no ip address

!

interface Vlan255

ip address 10.1.255.1 255.255.255.0

!

ip default-gateway 10.1.255.253

!

access-list 30 permit x.y.z.d

snmp-server community XXX RW 30

snmp-server community YYY RO 30

ntp server 10.1.2.45

ntp server 10.1.2.46

ntp server 10.1.2.28

thanks!

answanso · ‎03-30-2006

The bug is currently in (J)unked state because of this reasoning. I would argue this isnt correct behavior. Can you send me your whole config, I will try it in the lab. If I can reproduce it I will open the defect back up. In the mean time, if you can move the management to vlan to 1 and see if it resolves the issue, that would be helpful too for opening the defect as well. Please send the config to answanso@cisco.com.

Thanks

Anthony

answanso · ‎03-30-2006

Better send a show version as well so I can see what version of IOS you are on too =)

Anthony

henrybb · ‎03-30-2006

one temporarily solution is to shutdown vlan1