04-22-2008 12:04 AM - edited 03-05-2019 10:32 PM
Hi,
Not sure if anyone else has experienced this but we are running 6500`s with IPsec hardware cards ( WS-SVC-IPSEC-1 ) using VRF cryto mode. A few of these devices sit at remote sites connected via GRE/IPsec tunnels.
( IOS 122-18.SXE6b )
We are not able to access SNMP infomation, the packets seem to blackhole.
6500`s on the LAN local to the SNMP station are able to get SNMP fine.
No firewalls are blocking access and all the basics are configured correctly.
Is there a way to specifiy source interface for SNMP reads ?
Traps, logging and TACACS all work fine.
04-22-2008 10:22 AM
If SNMP station can get SNMP from local devices but not remote one, it probably has wrong default gw or routing configured.
In general, traps and logging are both UDP traffic from remote devices to your management station. If they are working fine, it just means the direction from remote to SNMP station is good.
So, I think the issue is in the direction from SNMP station to remote devices. Checked the routing setting on the path first.
04-22-2008 10:34 AM
The SNMP traps go back to the same server, this error is specfic to SNMP-reads not a routing issue. More then likely a bug a in VRF / GRE.
04-22-2008 10:47 AM
Yes, SNMP trap is sent by the remote device to SNMP server. It's just one direction traffic. But for SNMP-read, server will need to send the request to the remote device first. Then the remote device sent the response back to server. So my point is that you can not say for sure routing is good just becasue SNMP trap works fine to the same server.
Can you enable debug snmp on the remote device to see if it recieves SNMP request?
04-22-2008 11:26 AM
Hi,
When I try to get SNMP back the GRE tunnel ( using VRF ) it does not get back, i`ve tripled checked the relevant VRF routing table for the correct routes and the loopback we`re using for management is in the correct VRF from where traffic is being sourced.
It will get back fine using a physical interface but that is then not encrypted - i was just wondering if this was a known issue with this code and VRFS. We have lots of other devices using GRE/IPsec but not VRFS and they work fine.
Regards
04-22-2008 12:11 PM
Please let me know the IOS version, I can look up for you to see if there is a related bug.
Since SNMP query packet is just a regular UDP packet, if this is issue here, it should impact most UDP traffic.
Could you please also do the following test if possible?
tracerout from SNMP station to remote devices.(make sure the traffic will go throught GRE tunnel)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide