Re: Hi,Any ACLs between? Routing

Brian Green · ‎07-27-2015

Help! I have a 2921 router that I am trying to monitor using SNMP polling - I can ping it, SSH to it, get to it via http, but not SNMP. I know I am using the correct community string - but nothing I try seems to work. Using the same command to a different 2921 works fine (I am testin with a simple snmpwalk statement).

The interface used for Mangement is inside a VRF - I thought the OS was VRF-aware, so polling should be allowed, but it seems to fail. I am running 15.3(2) on the router.

Thanks for any help!

Brian

Traian Bratescu · ‎07-27-2015

You have to specify the vrf for SNMP to work.

snmp-server host {hostname | ip-address} [vrf vrf-name] [traps | informs] [version {1 | 2c | 3 [auth | noauth | priv]}] community-string

Traian

Brian Green · ‎07-27-2015

Unfortunately that doesn't want to work.

One thing I didn't express is the Management IP is also in a Vlan, not just a VRF. And I don't have console access to the device, so I can't move it out (without losing my session).

Help! I'm stumped here!

Brian

Traian Bratescu · ‎07-28-2015

Hi,

Any ACLs between? Routing ok? Can you do a debug snmp packets and see if there is any packet reaching you? How does your setup looks like?

Can you ssh/http from the SNMP server - that way routing would be fine - would still need to check any ACL for UDP 161/162?

Traian

I made a simple test:

fa0/0 - vrf mgmt; directly attached to the server from which I am polling...

interface FastEthernet0/0
ip vrf forwarding mgmt
ip address 172.16.200.200 255.255.255.0

R1#sh run | incl snmp
snmp-server community public RO

And SNMP poling is working...

R1#debug snmp packets
SNMP packet debugging is on
*Jul 28 10:00:27.843: SNMP: Packet received via UDP from 172.16.200.1 on FastEthernet0/0
*Jul 28 10:00:27.851: SNMP: Get-next request, reqid 2, errstat 0, erridx 0
internet.6.3 = NULL TYPE/VALUE
*Jul 28 10:00:27.859: SNMP: Response, reqid 2, errstat 0, erridx 0
snmpMIB.1.6.1.0 = 0
*Jul 28 10:00:27.867: SNMP: Packet sent via UDP to 172.16.200.1
R1#
*Jul 28 10:01:04.407: SNMP: Packet received via UDP from 172.16.200.1 on FastEthernet0/0
*Jul 28 10:01:04.415: SNMP: Get request, reqid 3, errstat 0, erridx 0
sysUpTime.0 = NULL TYPE/VALUE
*Jul 28 10:01:04.423: SNMP: Response, reqid 3, errstat 0, erridx 0
sysUpTime.0 = 48328
*Jul 28 10:01:04.431: SNMP: Packet sent via UDP to 172.16.200.1

Brian Green · ‎07-28-2015

ACLs - no

Routing OK - yes.

When I do a debug snmp packets on the router I don't see anything. I think I'll get a test one (I already have a laptop) to see if the Vlan could be an issue.

Hitesh Vinzoda · ‎07-28-2015

Hi Brian,

Can you post show ip route x.x.x.x where x.x.x.x is the SNMP management station from the router, also traceroute from snmp mgmt pc to the routers IP.

show run | in snmp will be helpful too.

Cheers

Hitesh

Tarun cisco · ‎08-17-2024

can we manage a device through SSH and Poll SNMP from the same IP address?

Tarun cisco · ‎08-17-2024

can we manage a device through SSH and Poll SNMP from the same IP address?

Giuseppe Larosa · ‎08-17-2024

Hello @Tarun cisco ,

>> can we manage a device through SSH and Poll SNMP from the same IP address?

Generally speaking yes this is possible. Depending on the device type , Network Operating System type IOS XE, NXOS, IOS XR it may need different commands.

What device would you like to configure and monitor ?

Hope to help

Giuseppe

Tarun cisco · ‎08-17-2024

Do we have any Techzone or any cisco artical for the same

Tarun cisco · ‎08-17-2024

Firewall device need to be set-up

Giuseppe Larosa · ‎08-17-2024

Hello @Tarun cisco ,

open a new thread and specify what type of firewall is (FTD firepower or ASA ), the model and the version of operating system running on it. For FTD devices they can be managed locally by FDM GUI or by a central FMC server. Also this info is needed.

Hope to help

Giuseppe

Tarun cisco · ‎08-17-2024

FTD Firewall and manage by FMC with 7.2 version

SNMP Monitoring of Router