Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
964
Views
0
Helpful
4
Replies

SCE does not capture traffic snmp get-request

YERAS7439
Level 1
Level 1

‎03-04-2011 12:22 AM - edited ‎03-01-2019 02:24 PM

Hi,

We have SCE 2000 3.5.5.

I have a problem to capture some snmp traffic.

From a server To a router, our SCE captures traffic snmp "GET-NEXT-REQUEST". I can see these traffic in RDR (Transaction RDR and Subscriber RDR).

but, From the same server To the same router, "GET-REQUEST" doesn't.

I have checked these packets using sniffer software, and the difference of these is only "GET-NEXT-REQUEST" or "GET-REQUEST".

What could cause this situation??

Help me!

Labels:
0 Helpful
4 Replies 4

Tom Debruyne
Cisco Employee
Cisco Employee

‎03-16-2011 03:02 AM

Hi,

Are you comparing a single "get-next" with a single "get", or are you generating "get-next" with "snmpwalk" on a full table?

In the second case, what you are seeing is expected.  To reduce the CPU load, the SCE by default ignores UDP flows with less than 4 packets and the SNMP GET only generates 2 packets.

If this is important for you, you can add port 161 (default SNMP queries port) as an exception so that the SCE opens a flow when seeing only 2 packets.

Go to "Configuration > Policies > System Settings... > Advanced Options > Advanced Service Configuration Options... > add "161" to the list of "UDP ports for which flow should be opened on first packet""

Then push that new service to the SCE.

Tom

0 Helpful

YERAS7439
Level 1
Level 1
In response to Tom Debruyne

‎03-30-2011 06:11 AM

Thanks Tom.

I tried a single "snmpgetnext" from the same pc and SCE non captured it. It means that it is because of the number of packet as you said.

So, I have configured  the list of "UDP ports for which flow should be opened on first packet" but SCE doesn't capture the packet "snmpget" as before.

What is still wrong?

0 Helpful

Tom Debruyne
Cisco Employee
Cisco Employee
In response to YERAS7439

‎03-30-2011 06:58 AM

Hello,

You confirm that you are using the default port for SNMP?

Are the 2 packets of the flow (GET and RESPONSE) going through the same SCE?

As a test, could you create an empty service configuration, only updating "UDP ports for which flow should be opened on first packet" and enable Transaction Usage RDR, push that service policy to the SCE and see if it works then?

If none of these helps, I would suggest you to open a TAC service request.

Cheers,

Tom

0 Helpful

YERAS7439
Level 1
Level 1
In response to Tom Debruyne

‎03-31-2011 05:15 AM

Hi, Tom.

I have controlled that the port is 161 and these packets go through the same SCE.

I changed the service configuration as you said, but SCE didn't caputured the packets "snmp-get". I write the way that I have done.

     1.     Open "New Service Configuration"

     2.     Add 161 to "UDP ports for which flow should be opened on first packet"

     3.     "RDR Settings" - "Transaction Usage RDRs" - check "select ALL"

     4.     Apply a SCE device

     5.     command "Snmpget" from a pc

     6.     Control RDRs with tag "4042323000"  --> No record from the pc

     7.     mib-browser from the same pc

     8.     Control RDRs with tag "4042323000"  --> find the record from the pc

I hope i can resolve it soon.

0 Helpful
Customers Also Viewed These Support Documents