Hi Kirk and Steven thaks for

sandevsingh · ‎11-13-2012

Hi,

can the cisco ucs support snmp on it/s virtual-ip, we have sucessfull snmp walks to the individual physical ips of both the FIs, but not the vip.

padramas · ‎11-13-2012

Hello,

Are you experiencing time out for snmpwalk against FI Virtual IP ?

If yes, can you take a packet capture on the system from where you are running a snmp walk ?

tcpdump -ni eth0 udp and src host

" show cluster state " tells you which is the current prirmary.

There is known issue where packets are sourced using prirmary FI ip address instead of using VIP as source address.

HTH

Padma

sandevsingh · ‎11-14-2012

Thnx Padma, that might be the issue I am facing. Is there a workaround for it yet?

padramas · ‎11-14-2012

Hello,

Please confirm that you receive response for the query against VIP address. There could be other issues like firewall blocking the response or primary FI is not even responding to the request.

If you are receiving snmp response with primary FI source IP address, then it confirms the defect.

The work around is to modify your SNMP station to accept responses received from different IP address.

Padma

sandevsingh · ‎11-14-2012

There is a firewall in between the NMS and the UCS, BUT it has been allowed on the firewall, that`s why snmpwalk is possible to the physical ips of both the FIs but not the vip. So do you want me to run the tcpdump on the nms when it`s trying a snmpwalk to the vip and see if there`s a response back from the vip?

padramas · ‎11-14-2012

Hello,

Please do take a capture on NMS system on whether you get response from Primary FI when you do snmp walk against VIP.

Padma

Michael Gehrmann · ‎05-01-2014

We have the same issue. Firewall pkt capture shows no response from UCS VIP.

Config problem or by design? We are running 2.2

rodasomar14 · ‎11-14-2016

Hello,

We also have the same problem, the individual ip´s responds correctly but the virtual does not respond to snmpwalk.

we are running

UCS-A# sh ver
System version: 2.2(3c)

Cisco UCS 6200.

Thanks for your help.

ssumichrast · ‎11-14-2016

When you query the VIP the response comes back from the active interconnect's management IP. If you look at a state table or packet capture the management interface you'll see the NMS send to the VIP and then the FIs management IP sends the reply, which of course the NMS won't acknowledge.

Been like this this for as long as I can remember with the system. I believe the same is true for any new connection coming out of the UCS -- if the UCS initiates the connection it always comes from the management IP, which is always the case in a UDP transaction.

Kirk J · ‎11-14-2016

Some firewalls will flag the response state from the Primary FI (not VIP IP) as "invalid" and drop the packets. You may need an entry in the IPtables/firewall to allow all traffic (as opposed to just 'new', established, related) for udp 161/162 for the VIP and 2 node IPs.

Kirk...

rodasomar14 · ‎11-14-2016

Hi Kirk and Steven thaks for the reply,

I disable the NMS iptables, in my case it is the Cisco Collector. And there worked.
Thanks for the help.

Derlis Rodas

snmp to virtual-ip of the FIs