Hello, everyone! I have an odd issue I am hoping osme of you can assist me with. We use two older Cisco 7200 series routers running SSG to handle access and authentication for one of our bulk ethernet services. This service has grown so we are replacing them with some Cisco 7301 routers to add more cability and support some upcoming expansion. I was able to get SSG up and running fine on the 7301 without issue and we plan to go live with them soon.
The issue: we like to monitor the routers with MRTG and keep track of the average number of users/connections active on each SSG router so we can do a good job of distributing the load between them. On the older 7200 series routers, we do a simple snmp poll to the router using an OID of
126.96.36.199.188.8.131.52.2184.108.40.206.0, which tells us how many SSG connections are active on the router.
Example from a Linux prompt:
snmpwalk -v 2c -c public oldssg 220.127.116.11.18.104.22.168.222.214.171.124.0
SNMPv2-SMI::enterprises.9.9.2126.96.36.199.0 = Gauge32: 1203
Using the OID on the new 7301, however, results in no data. A command-line snmpwalk using that OID on the 7301 results in the error:
snmpwalk -v 2c -c public newssg 188.8.131.52.184.108.40.206.2220.127.116.11.0
SNMPv2-SMI::enterprises.9.9.218.104.22.168.0 = No Such Object available on this agent at this OID
Do I need to use a different OID on the 7301 to get the information as I did on the old SSG router? It is fairly critical that we be able to know how many active sessions are on the new SSG routers.
Thank you for any help you can provide.
What if you do an snmpwalk on 22.214.171.124.126.96.36.199.2188.8.131.52 (without including the last index). Do you get the same result?
Also, maybe you can try with 184.108.40.206.220.127.116.11.218.104.22.168 to get the number of active SSG sessions.
On a side note, be aware that SSG is a feature which is end of support from Cisco since May 14th 2012. You can refer to the end of life notice at:
- For C7200
- For C7300
I would strongly suggest to get in touch with your local Cisco Account Team or partner in order to plan a migration from SSG to ISG which is the feature substituting SSG.
To answer your questions:
snmpwalk -v 2c -c public newssg 22.214.171.124.126.96.36.199.2188.8.131.52
SNMPv2-SMI::enterprises.9.9.2184.108.40.206 = No Such Object available on this agent at this OID
snmpwalk -v 2c -c public newssg 220.127.116.11.18.104.22.168.222.214.171.124
SNMPv2-SMI::enterprises.9.9.2126.96.36.199 = No Such Object available on this agent at this OID
As much as we would love to go to ISG, that is not an option. This router is an interim solution until we replace the entire SSG service with another option in the future.
What if you run the snmpwal like the following:
snmpwalk -v 2c -c public newssg .188.8.131.52.184.108.40.206.2220.127.116.11 ===> please note the '.' at the begining of the OID.
Do you get any result in that case?
Are you able to poll any object from the ciscoSsgMIB (18.104.22.168.22.214.171.124.260). What if you try to run an snmpwalk on that OID?
I don't know what IOS versio you are using here. Did you verify the MIB is available in that version? You can do that using the SNMP object navigator from Cisco.com (http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en)
Thanks for all your help. I found a solution to my problem. The Cisco 7301 was running IOS 12.4(24)T8 which does not support the SSG OIDs. I was able to back date the switch to 12.4(15)T17 and all is well.
In the future we will, of course, phase out the SSG product entirely and replace it with ISG or a similar product, but thanks for pointing in the right direction to get this router running for now.