Solved: Request for IP-TUNNEL-MIB Support on Cisco 9300L-48T-4G-E Switch

AdminMIB · ‎09-26-2023

Hello Cisco Community,

I hope you are all doing well. I recently acquired a Cisco 9300L-48T-4G-E switch for my network, and I'm facing an issue related to SNMP monitoring. Specifically, the switch does not seem to support the IP-TUNNEL-MIB, which is crucial for monitoring network tunnels using SNMP.

I was able to monitor it using ISR 4331 which has TUNNEL-MIB

Issue Description:
The absence of IP-TUNNEL-MIB support on the Cisco 9300L-48T-4G-E switch is hindering my ability to effectively monitor tunnel activity and performance on the switch.

Request for Assistance:
I kindly request the assistance of the Cisco community in addressing this issue. I'm looking for guidance on the following:
- Are there any plans to include IP-TUNNEL-MIB support in future firmware updates for the Cisco 9300L-48T-4G-E switch?
- Are there alternative methods or workarounds to enable tunnel monitoring through SNMP on this switch?

Additional Information:
- Switch Model: Cisco 9300L-48T-4G-E
- Release: 17.3.6
- SNMP Tool in Use: PRTG

I appreciate any insights, advice, or experiences that the Cisco community can share. Your expertise will be highly valuable in resolving this issue.

Thank you for your time and support.

Sincerely,
AdminMIB

AdminMIB · ‎10-06-2023

Hi guys I solved the problem.
As Dan provided a solution for creating a dynamic OID.

event manager applet makeOIDs
 event timer watchdog time 60
 action 010 cli command "enable"
 action 020 cli command "show ip int brief | inc Tunnel"
 action 030 foreach line "$_cli_result" "\n"
 action 040  regexp "(Tunnel[0-9]+)" "$line" match tunnel
 action 050  cli command "show int $tunnel | inc destination"
 action 060  regexp "Tunnel source ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+), destination ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" match source destination
 action 065  cli command "config ter"
 action 070  cli command "snmp mib expression owner $tunnel name source"
 action 080  cli command "expression $source"
 action 090  cli command "snmp mib expression owner $tunnel name destination"
 action 100  cli command "expression $destination"
 action 110  cli command "enable"
 action 120  cli command "exit"
 action 130  cli command "exit"
 action 140 end

These things can be considered placeholders or virtual tunnels which do nothing but it has OIDs. In my case, I needed to set a new IP address over snmpset command:

snmpset -v 2c -c private 192.168.1.2 .1.3.6.1.2.1.90.1.2.1.1.3.8.84.117.110.110.101.108.50.48.11.100.101.115.116.105.110.97.116.105.111.110 s "192.168.1.44"

I got the new IP address to this placeholder and it needs to be in my actual tunnels.

So, I just created another applet to parse them and set the desired IP address to my actual Tunnels.

event manager applet changeTunnel
 event timer watchdog time 1
 action 010 cli command "enable"
 action 020 cli command "show ip int brief | inc Tunnel"
 action 030 foreach line "$_cli_result" "\n"
 action 040  regexp "(Tunnel[0-9]+)" "$line" match tunnel
 action 050  cli command "show running-config | section snmp mib expression owner $tunnel name destination"
 action 060  regexp "expression ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" match expression
 action 070  cli command "config ter"
 action 080  cli command "interface $tunnel "
 action 090  cli command "tunnel destination $expression"
 action 100  cli command "end"
 action 110 end

That's how I solved the problem.
I hope Cisco will publish a new image release which includes IP-TUNNEL.MIB support.
If ever someone reads my solution in the future, I am sending greetings from the last few months of 2023.

Sincerely,
AdminMIB

View solution in original post

AdminMIB · ‎09-26-2023

Dear Billy,
No offense but you sounded like an AI. I am not sure If you understand my problem. I am aware of the fact that the TUNNEL-MIB file is used for Routers not Switches and, I am sorry but what you are saying is completely wrong because I have not seen a single TUNNEL-MIB file among CISCO Switches. There is only cisco-lwapp-tunnel-mib which does not satisfy my requirements. I am desperate is there any way that I can convert the TUNNEL-MIB file from my router to be used in my newly acquired Switch, I am not sure if that makes sense

balaji.bandi · ‎09-26-2023

Cisco 9300L-48T-4G-E switch is hindering my ability to effectively monitor tunnel activity and performance on the switch.

I was not sure what tunnel Interface Monitor you looking Monitor ? Do you have exmpled of that tunnel ? (capwap tunnel , or GRE ?)

Other side i have not tested this as you mentioned on Cat 9300

Have you looking at any MIB available to download from cisco and also check below URL anything can help:

https://cfnng.cisco.com/mibs

Note: if nothing found above - may be wishlist.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

AdminMIB · ‎09-27-2023

I already checked the link you mentioned in your response It is not on the list. I hope I will figure it out somehow.

I am okay with coding, so I am not pretty sure but I checked some documents (https://net-snmp.sourceforge.io/wiki/index.php/Writing_your_own_MIBs) and it seems like it is possible to manipulate the MIB tree and add new OIDs to an existing MIB structure. Do you have any suggestions for that?

MHM Cisco World · ‎09-26-2023

First c9300 dont support any vpn other than gre.

So it not mandatory to have MIB for snmp to monitor tunnel.

AdminMIB · ‎09-27-2023

well, I presume that I want to use the tunnelInetConfigEntry object from the TUNNEL-MIB and I want to add it to the structure of SOME-MIB-FILE-IN-MY-SWITCH. So, I basically need to retrieve some information from that object to make my script keep working. For clarification, I was using an ISR4331 router which has TUNNEL-MIB. Using the related OIDs for my script I was dealing with SNMP and sending packages, configs, etc... now I will need to use these OIDs to be able to keep my script to work with my switch. How can I do it any suggestions?

Dan Frey · ‎09-27-2023

New OIDs can be added in the config and will be present under branch of expression mib. The basics are to run a CLI command and parse the output and stuff each attribute into an OID. EEM can be used to add the configuration and update the OIDs dynamically. Example here will run EEM to update the OIDs every 60 seconds and collect the source and destination address of all Tunnel interfaces and present as objects to SNMP.

event manager applet makeOIDs
 event timer watchdog time 60
 action 010 cli command "enable"
 action 020 cli command "show ip int brief | inc Tunnel"
 action 030 foreach line "$_cli_result" "\n"
 action 040  regexp "(Tunnel[0-9]+)" "$line" match tunnel
 action 050  cli command "show int $tunnel | inc destination"
 action 060  regexp "Tunnel source ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+) .* destination ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" match source destination
 action 065  cli command "config ter"
 action 070  cli command "snmp mib expression owner $tunnel name source"
 action 080  cli command "expression $source"
 action 090  cli command "snmp mib expression owner $tunnel name destination"
 action 100  cli command "expression $destination"
 action 110  cli command "enable"
 action 120  cli command "exit"
 action 130  cli command "exit"
 action 140 end

snmpwalk the device rooted at the expression mib.

[root@Raggedtooth ~]# snmpwalk -v 2c -c public -M /home/dafrey/.snmp/mibs -m +ALL 192.168.16.27 iso.3.6.1.2.1.90.1 2> /dev/null
DISMAN-EXPRESSION-MIB::expExpression."Tunnel1"."source" = STRING: "192.168.16.27"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel1"."destination" = STRING: "10.64.32.204"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel2"."source" = STRING: "192.168.2.39"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel2"."destination" = STRING: "10.64.32.205"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel3"."source" = STRING: "192.168.16.27"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel3"."destination" = STRING: "10.64.32.204"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel4"."source" = STRING: "192.168.16.27"
DISMAN-EXPRESSION-MIB::expExpression."Tunnel4"."destination" = STRING: "10.64.32.205"

AdminMIB · ‎09-27-2023

Mr. Frey,

First of all, I would like to thank you for your time and consideration. You made my day. You seem like an expert on this topic. I was just wondering if it is possible for me to add the existing tunnelIfEncapsMethod(1.3.6.1.2.1.10.131.1.1.1.1.3) in the TUNNEL-MIB file of ISR 4331 router to directly SOME-MIB-FILE-IN-MY-SWITCH. I encountered some documentation on the Cisco page about custom MIBs while searching for a solution to my problem. Is creating custom MIBs and YANG models page what I am talking about? In my case, I just need that OID so it would be great if I could add this OID to an existing MIB file in my Switch or If I can create a custom MIB file to keep monitoring my network. Could you please enlighten me?
I just want you to know that my network career will depend on your answer.

Sincerely Yours,

AdminMIB

AdminMIB · ‎10-06-2023

Hi guys I solved the problem.
As Dan provided a solution for creating a dynamic OID.

event manager applet makeOIDs
 event timer watchdog time 60
 action 010 cli command "enable"
 action 020 cli command "show ip int brief | inc Tunnel"
 action 030 foreach line "$_cli_result" "\n"
 action 040  regexp "(Tunnel[0-9]+)" "$line" match tunnel
 action 050  cli command "show int $tunnel | inc destination"
 action 060  regexp "Tunnel source ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+), destination ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" match source destination
 action 065  cli command "config ter"
 action 070  cli command "snmp mib expression owner $tunnel name source"
 action 080  cli command "expression $source"
 action 090  cli command "snmp mib expression owner $tunnel name destination"
 action 100  cli command "expression $destination"
 action 110  cli command "enable"
 action 120  cli command "exit"
 action 130  cli command "exit"
 action 140 end

These things can be considered placeholders or virtual tunnels which do nothing but it has OIDs. In my case, I needed to set a new IP address over snmpset command:

snmpset -v 2c -c private 192.168.1.2 .1.3.6.1.2.1.90.1.2.1.1.3.8.84.117.110.110.101.108.50.48.11.100.101.115.116.105.110.97.116.105.111.110 s "192.168.1.44"

I got the new IP address to this placeholder and it needs to be in my actual tunnels.

So, I just created another applet to parse them and set the desired IP address to my actual Tunnels.

event manager applet changeTunnel
 event timer watchdog time 1
 action 010 cli command "enable"
 action 020 cli command "show ip int brief | inc Tunnel"
 action 030 foreach line "$_cli_result" "\n"
 action 040  regexp "(Tunnel[0-9]+)" "$line" match tunnel
 action 050  cli command "show running-config | section snmp mib expression owner $tunnel name destination"
 action 060  regexp "expression ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)" "$_cli_result" match expression
 action 070  cli command "config ter"
 action 080  cli command "interface $tunnel "
 action 090  cli command "tunnel destination $expression"
 action 100  cli command "end"
 action 110 end

That's how I solved the problem.
I hope Cisco will publish a new image release which includes IP-TUNNEL.MIB support.
If ever someone reads my solution in the future, I am sending greetings from the last few months of 2023.

Sincerely,
AdminMIB