cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4992
Views
0
Helpful
8
Replies
valerie.kan
Contributor

SNMP Polling from UCS Manager 1.4

I am having trouble with SNMP Polling from UCS Manager 1.4(1j).


I seem to only get SNMP data from Nexus such as those described in (http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/mib/reference/NX5000_MIBRef.html) I don't see any OIDs corresponding to those mentioned specifically for UCS listed in (ftp://ftp.cisco.com/pub/mibs/supportlists/ucs/ucs-manager-supportlist.html).


Documentation on the cisco web site said that UCS Manager 1.4(1) and above will have MIBS such as CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB available.

Is there a separate IP addresses I should poll for these or any specific things that need to be set up?


I am not sure how we can gain access to the UCS related MIB objects exactly. The description on SNMP enable for UCS Manager is very brief (http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/1.4/UCSM_GUI_Configuration_Guide_1_4_chapter6.html#task_2054446421216050764)
It only described the community string set up under UCS Manager ->Admin->Communication Management -> Communication Services, bu didn’t really say anything about which IP addresses from the Management Interfaces should be used to get them.

Has anyone successfully polled data from say the CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB and be able to help?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions

Greetings.

The UCS manager VIP has a large OID range that can be polled that covers the chassis level items such as fans, PSUs, to the blades and their components.

If you are not able to poll the VIP check the following:

  • SNMP response will come from the primary Node,not the VIP, so keep that in mind for firewall rules.  You will probably want to have an entry for the VIP, and both nodes without a --state statement. (avoid --state established, new, etc, as response via node ip when poll went to the VIP ip can be perceived as invalid by firewall rule that is doing --state checking)
  • Try doing a UCSM cluster lead change, and see if the VIP(primary lead) responds to a SNMP walk.
  • What UCSM version are you running?
  • If you want to confirm that SNMP query/poll is making it to mgmt interface on primary FI, then run the following from nxos context:
    • PrimaryFI(nxos)# ethanalyzer local interface mgmt capture-filter "port 161" limit-captured-frames 0 detail
      •     This should confirm if the SNMP walk/poll is making it to the mgmt interface, if the community string is correct (assume snmp v2), if the UCSM is sending a response (but firewall or acl is blocking response packets from getting back to polling workstation)

    Thanks,

    Kirk...

    View solution in original post

    8 REPLIES 8
    Robert Burns
    Cisco Employee

    Yes indeed.

    I learnt about the CISCO-UNIFIED-COMPUTING-EQUIPMENT-MIB and the other Cisco UCS Manager MIB Support list by selecting UCS Manager under the Unified Computing drop down on this http page you quoted.

    (http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/mib/reference/UCS_MIBRef.html)

    Is there anything specific from those docs you are referring to that would make it such that we get the Nexus MIBs rather than ones under UCS Manager?

    The two IP addresses for Fabric Interconnect A and B under Management Interface only give us info from MIBs listed under the Nexus documentation only. Nothing fir say 1.3.6.1.4.1.9.9.719.1.15.

    No SNMP data form the virtual IP address.

    Not sure where data under 1.3.6.1.4.1.9.9.719.1.15 would be accessible

    I did a quick test here to the VIP of a UCS in the lab and it seems to work fine.

    1.3.6.1.4.1.9.9.719.1.15 matches cucsEquipmentObjects

    I am able to walk all objects under that MIB. I simply enabled SNMP in UCSM, loaded the MIBs in my MIB browser and pointed it to UCS.

    Thanks Christophe.

    So it is definitely to the virtual IP address of the UCS Manager where we can poll these MIBs. I will double check on our settings.

    Hi Christophe,

    Is there any way to poll UCS manager VIP ? I am able to poll individual IP's of UCS manager after configuring SNMP but unable to poll any data of VIP for this. We are using SolarWind monitoring tool in our infra.

    Thanks.

    Greetings.

    The UCS manager VIP has a large OID range that can be polled that covers the chassis level items such as fans, PSUs, to the blades and their components.

    If you are not able to poll the VIP check the following:

    • SNMP response will come from the primary Node,not the VIP, so keep that in mind for firewall rules.  You will probably want to have an entry for the VIP, and both nodes without a --state statement. (avoid --state established, new, etc, as response via node ip when poll went to the VIP ip can be perceived as invalid by firewall rule that is doing --state checking)
    • Try doing a UCSM cluster lead change, and see if the VIP(primary lead) responds to a SNMP walk.
    • What UCSM version are you running?
    • If you want to confirm that SNMP query/poll is making it to mgmt interface on primary FI, then run the following from nxos context:
      • PrimaryFI(nxos)# ethanalyzer local interface mgmt capture-filter "port 161" limit-captured-frames 0 detail
        •     This should confirm if the SNMP walk/poll is making it to the mgmt interface, if the community string is correct (assume snmp v2), if the UCSM is sending a response (but firewall or acl is blocking response packets from getting back to polling workstation)

      Thanks,

      Kirk...

      View solution in original post

      Thanks Kirk for your reply.

      I found actual issue was from solarwind monitoring in our infra for these particular VIP polling. We have changed the poller and now issue is resolved. Our monitoring team is working on it as some of the pollers are unable to fetch information through snmp. I will update you once we get the solution.

      Thanks,

      Vaibhav

      hostasaurus
      Beginner

      I know this is an ancient thread, but just wanted to add to it for others who happen across it like I did.  If you're trying to snmpwalk against the VIP, TCP-based queries will work without any special firewall config.  From snmpwalk, you just preface the IP address or name with tcp:, i.e.:

       

      # snmpwalk -v 3 -a SHA -A authpass -X privpass -x AES -l authPriv -u username tcp:ucsVIP.domain.com

       

       Of course, many monitoring systems don't support TCP-based queries, so then you're stuck querying the FI's directly, doubling the amount of monitoring you need to do since one may be offline.

      Content for Community-Ad