Are you experiencing time out for snmpwalk against FI Virtual IP ?
If yes, can you take a packet capture on the system from where you are running a snmp walk ?
tcpdump -ni eth0 udp and src host
" show cluster state " tells you which is the current prirmary.
There is known issue where packets are sourced using prirmary FI ip address instead of using VIP as source address.
Please confirm that you receive response for the query against VIP address. There could be other issues like firewall blocking the response or primary FI is not even responding to the request.
If you are receiving snmp response with primary FI source IP address, then it confirms the defect.
The work around is to modify your SNMP station to accept responses received from different IP address.
There is a firewall in between the NMS and the UCS, BUT it has been allowed on the firewall, that`s why snmpwalk is possible to the physical ips of both the FIs but not the vip. So do you want me to run the tcpdump on the nms when it`s trying a snmpwalk to the vip and see if there`s a response back from the vip?
We also have the same problem, the individual ip´s responds correctly but the virtual does not respond to snmpwalk.
we are running
UCS-A# sh ver
System version: 2.2(3c)
Cisco UCS 6200.
Thanks for your help.
When you query the VIP the response comes back from the active interconnect's management IP. If you look at a state table or packet capture the management interface you'll see the NMS send to the VIP and then the FIs management IP sends the reply, which of course the NMS won't acknowledge.
Been like this this for as long as I can remember with the system. I believe the same is true for any new connection coming out of the UCS -- if the UCS initiates the connection it always comes from the management IP, which is always the case in a UDP transaction.
Some firewalls will flag the response state from the Primary FI (not VIP IP) as "invalid" and drop the packets. You may need an entry in the IPtables/firewall to allow all traffic (as opposed to just 'new', established, related) for udp 161/162 for the VIP and 2 node IPs.
Hi Kirk and Steven thaks for the reply,
I disable the NMS iptables, in my case it is the Cisco Collector. And there worked.
Thanks for the help.