SNMP poll request too large for ASA

Unanswered Question
Jun 26th, 2008

ASA is dropping snmp traffic from Ciscoworks LMS saying the request is too large (see msg below). I have adjusted this size in other snmp polling engines in the past. How do I correct this in LMS? thanks, Graeme

3 Jun 27 2008 14:58:56 212005 incoming SNMP request (552 bytes) from IP address 10.x.y.z. Port 1355 Interface "MGMT" exceeds data buffer size, discarding this SNMP request.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Thu, 06/26/2008 - 20:20

There is no way to adjust the polling packet size in LMS. However, I have never seen this error reported from any other customer, and this packet size does seem rather large. What packet is generating this message?

GRAEME DANIELSON Thu, 06/26/2008 - 22:20

Note that the traffic is NAT'd via an ISA firewall. I have confirmed in the ISA logs that the LMS host is the only IP address snmp polling the ASA.

Have captured the offending request off the ASA. The request contains polling for IF-MIB, cisco memory and sysuptime. It is consistently 20mins apart with 1 retry and timeout of 3sec. (pcap attached see pkt#4-5)

I thought it might be HUM but the HUM poller for the ASA is set to 5 mins

thks, Graeme

Joe Clarke Fri, 06/27/2008 - 12:20

This could be DFM doing the polling. Try shutting down DfmServer (and DfmServer1 is this is LMS 3.0.), and see if the polling stops.

GRAEME DANIELSON Tue, 07/01/2008 - 21:31

Still seeing the traffic with DfmServer and DfmServer1 shutdown. Have now started them again.

What's the next candidate?

Joe Clarke Tue, 07/01/2008 - 21:37

It's got to be HUM, then. Shutdown UPMPRocess, or deactivate the HUM poller which is polling this ASA.


This Discussion