Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1522
Views
1
Helpful
3
Replies

Sending SNMP Traps

Go to solution
Ricky Sandhu
Level 3
Level 3

‎09-25-2015 11:00 AM - edited ‎03-08-2019 01:56 AM

Good afternoon everyone,  we have about 80 or so branch offices each running a Cisco router connected to a central site over a DMVPN connectivity.

Each spoke router builds 2 DMVPN tunnels (Tu0 and Tu1) for redundancy to two separate hubs over their local high speed internet connection.  A lot of these spokes also have a cellular EHWIC that allows them to build a 3rd tunnel to a tertiary DMVPN hub, should the local high speed internet goes out.

Because cellular costs data, I have the routers configured to send an SNMP trap for link status of the cellular interface. When I get an alert, I act on it and figure out how to minimize usage on the cellular interface.

However at times I also run into situations where the primary tunnel (Tu0) simply drops forcing the spoke to communicate with other spokes over it's Tunnel1 which causes it to traverse the central hub location as per the nature of DMVPN.  This causes slowness for user community.

I am trying to setup SNMP traps on the tunnel interfaces, where it will fire an alert when one of the tunnels drops. However unfortunately, the SNMP OiD for tunnel link up/down is identical to the OiD for cellular interface up/down. My network management software (Zenoss), cannot differentiate based on the OiD whether the trap was fired due to cellular interface going up/down or the Tunnel interface going up/down.

Now my question:

Is there a way to configure the router, where it sends some sort of a special identifier based on which I can configure the NMS to differentiate between both types of traps?  A flag that I can look for and say whether the trap was sent by the cellular interface or tunnel?

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Markus Benz
Level 1
Level 1

‎09-30-2015 01:38 PM

Hi Ricky,

Cisco sends the ifIndex within the SNMP Trap.
You need to resolve that to the interface name. Once you have the name you can create an alert if the Interface name includes the string "Tunnel" for example.

Alternatively you can do the same with an SNMP poll.
(To be on the safe side, in case you loose a trap)

Unfortunately I don't know Zenoss, but reading their specs it looks like this should be possible.

Regards,
Markus

View solution in original post

3 Replies 3

Go to solution
Markus Benz
Level 1
Level 1

‎09-30-2015 01:38 PM

Hi Ricky,

Cisco sends the ifIndex within the SNMP Trap.
You need to resolve that to the interface name. Once you have the name you can create an alert if the Interface name includes the string "Tunnel" for example.

Alternatively you can do the same with an SNMP poll.
(To be on the safe side, in case you loose a trap)

Unfortunately I don't know Zenoss, but reading their specs it looks like this should be possible.

Regards,
Markus

Go to solution
ihernandez81
Level 1
Level 1

‎05-30-2018 02:19 PM

Can you share the configuration you used to send the snmp trap on the tunnels? I have this same issue.
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-30-2018 04:39 PM

"However at times I also run into situations where the primary tunnel (Tu0) simply drops forcing the spoke to communicate with other spokes over it's Tunnel1 which causes it to traverse the central hub location as per the nature of DMVPN. This causes slowness for user community."

BTW, I'm not current on all aspects of DMVPN, but I recall reading that Cisco (at least planned for) direct and dynamic spoke to spoke DMVPN communication, to bypass the need to transit a hub.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card