cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3062
Views
0
Helpful
10
Replies

snmp to virtual-ip of the FIs

sandevsingh
Level 1
Level 1

Hi,

can the cisco ucs support snmp on it/s virtual-ip, we have sucessfull snmp walks to the individual physical ips of both the FIs, but not the vip.

10 Replies 10

padramas
Cisco Employee
Cisco Employee

Hello,

Are you experiencing time out for snmpwalk against FI Virtual IP ?

If yes, can you take a packet capture on the system from where you are running a snmp walk ?

tcpdump -ni eth0 udp and src host

" show cluster state " tells you which is the current prirmary.

There is known issue where packets are sourced using prirmary FI ip address instead of using VIP as source address.

HTH

Padma

Thnx Padma, that might be the issue I am facing. Is there a workaround for it yet?

Hello,

Please confirm that you receive response for the query against VIP address. There could be other issues like firewall blocking the response or primary FI is not even responding to the request.

If you are receiving snmp response with primary FI source IP address, then it confirms the defect.

The work around is to modify your SNMP station to accept responses received from different IP address.

Padma

There is a firewall in between the NMS and the UCS, BUT it has been allowed on the firewall, that`s why snmpwalk is possible to the physical ips of both the FIs but not the vip. So do you want me to run the tcpdump on the nms when it`s trying a snmpwalk to the vip and see if there`s a response back from the vip?

Hello,

Please do take a capture on NMS system on whether you get response from Primary FI when you do snmp walk against VIP.

Padma

We have the same issue. Firewall pkt capture shows no response from UCS VIP.

Config problem or by design? We are running 2.2

 

Hello,

We also have the same problem, the individual ip´s responds correctly but the virtual does not respond to snmpwalk. 

we are running 

UCS-A# sh ver
System version: 2.2(3c)

Cisco UCS 6200.

Thanks for your help.

When you query the VIP the response comes back from the active interconnect's management IP. If you look at a state table or packet capture the management interface you'll see the NMS send to the VIP and then the FIs management IP sends the reply, which of course the NMS won't acknowledge. 

Been like this this for as long as I can remember with the system. I believe the same is true for any new connection coming out of the UCS -- if the UCS initiates the connection it always comes from the management IP, which is always the case in a UDP transaction. 

Some firewalls will flag the response state from the Primary FI (not VIP IP) as "invalid" and drop the packets. You may need an entry in the IPtables/firewall to allow all traffic (as opposed to just 'new', established, related) for udp 161/162 for the VIP and 2 node IPs.

Kirk...

Hi Kirk and Steven thaks for the reply, 

I disable the NMS iptables, in my case it is the Cisco Collector. And there worked.
Thanks for the help.

Derlis Rodas

Review Cisco Networking for a $25 gift card

Review Cisco Networking for a $25 gift card