Showing results for 
Search instead for 
Did you mean: 

SCE does not capture traffic snmp get-request


We have SCE 2000 3.5.5.

I have a problem to capture some snmp traffic.

From a server To a router, our SCE captures traffic snmp "GET-NEXT-REQUEST". I can see these traffic in RDR (Transaction RDR and Subscriber RDR).

but, From the same server To the same router, "GET-REQUEST" doesn't.

I have checked these packets using sniffer software, and the difference of these is only "GET-NEXT-REQUEST" or "GET-REQUEST".

What could cause this situation??

Help me!

Tom Debruyne
Cisco Employee


Are you comparing a single "get-next" with a single "get", or are you generating "get-next" with "snmpwalk" on a full table?

In the second case, what you are seeing is expected.  To reduce the CPU load, the SCE by default ignores UDP flows with less than 4 packets and the SNMP GET only generates 2 packets.

If this is important for you, you can add port 161 (default SNMP queries port) as an exception so that the SCE opens a flow when seeing only 2 packets.

Go to "Configuration > Policies > System Settings... > Advanced Options > Advanced Service Configuration Options... > add "161" to the list of "UDP ports for which flow should be opened on first packet""

Then push that new service to the SCE.


Thanks Tom.

I tried a single "snmpgetnext" from the same pc and SCE non captured it. It means that it is because of the number of packet as you said.

So, I have configured  the list of "UDP ports for which flow should be opened on first packet" but SCE doesn't capture the packet "snmpget" as before.

What is still wrong?


You confirm that you are using the default port for SNMP?

Are the 2 packets of the flow (GET and RESPONSE) going through the same SCE?

As a test, could you create an empty service configuration, only updating "UDP ports for which flow should be opened on first packet" and enable Transaction Usage RDR, push that service policy to the SCE and see if it works then?

If none of these helps, I would suggest you to open a TAC service request.



Hi, Tom.

I have controlled that the port is 161 and these packets go through the same SCE.

I changed the service configuration as you said, but SCE didn't caputured the packets "snmp-get". I write the way that I have done.

     1.     Open "New Service Configuration"

     2.     Add 161 to "UDP ports for which flow should be opened on first packet"

     3.     "RDR Settings" - "Transaction Usage RDRs" - check "select ALL"

     4.     Apply a SCE device

     5.     command "Snmpget" from a pc

     6.     Control RDRs with tag "4042323000"  --> No record from the pc

     7.     mib-browser from the same pc

     8.     Control RDRs with tag "4042323000"  --> find the record from the pc

I hope i can resolve it soon.