has anyone seen this with the 4006 switch?

Unanswered Question
May 20th, 2008

when i try to SNMP monitor this switch, even with two very different Network Management systems (CA Unicenter & Solarwinds) i get this same Syslog Message event flood:

2008 May 20 10:30:12 CDT -05:00 %IP-6-UDP_SOCKOVFL:UDP socket overflow from Source IP:, Destination port: 161

has anyone seen this event also?

and if so any ideas how to prevent it?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gpulos Tue, 05/20/2008 - 08:46

This error indicates all buffers on the NMP for the UDP socket have filled up due to too much udp traffic from on the vlan.

To prevent it, you must either block that udp traffic from or remove it altogether.

If you don't you will continue to have udp packet loss.

Is configured correctly? Is there too much snmp traffic?

Verify with a sniffer exactly what traffic is on the wire and its source/destination/port.

You can use the Error Message Decoder to assist in understanding error messages:


(requires cco login)

A good free sniffer to use is ethereal/wireshark located at the following link:


glen.grant Tue, 05/20/2008 - 08:52

Yes this is a common message on catos . It means your monitoring equipment is polling the switch faster than it can handle the snmp polls. On newer code versions make sure your snmp buffer statement is set as high as it will go , think it is 95 . If still seen the only way to get rid of it is to throttle the snmp poll rate to the switches from the management tool. The messages do not hurt anything and is basically informational. If you don't want to see them in the logs then you could also set your logging for UDP to something below a "6" .

Amit Singh Tue, 05/20/2008 - 08:57

Hi Larry,

Here is the information that I have got about the error :

Error Message IP-6-UDP_SOCKOVFL: UDP socket overflow from Source

IP:[chars], Destination port:[dec]

Explanation This message indicates that all buffers for a UDP socket on the Network Management Processor (NMP) have filled up due to excessive UDP traffic on the administrative VLAN. [chars] is the source IP address and [dec] is the destination port number.

Recommended Action Remove or block the source of the UDP packets to prevent further UDP packet loss.

Let me know if that helps.


-amit singh


This Discussion