cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2256
Views
20
Helpful
7
Replies

SNMP Over VPN Tunnel

alraycisco
Level 1
Level 1

Hi,

I've setup a GRE tunnel between 2 Cisco routers. I'd like to monitor one of the routers over the VPN tunnel, for bandwidth info. I've tried simply configuring snmp, which doesn't work. Having read up on the subject, it looks like I'll need to setup vrf routes. Would someone be able to provide me with some simple config on how I could setup SNMP monitoring of this router over the VPN tunnel?

Your help is much appreciated.

Thanks

7 Replies 7

andrew.prince
Level 10
Level 10

Sorry - confused, SNMP is unicast UDP! So if you VPN tunnel works with all other types of IP traffic, SNMP will also work.

I would suggest you check your SNMP system, also check the version you are using.

HTH>

Collin Clark
VIP Alumni
VIP Alumni

You might also want to look at using loopbacks for monitoring SNMP. I am monitoring devices through a GRE tunnel and I do not use vrf routes.

Hope that helps.

Hi,

Could you explain further how I would use loopbacks for this? Could you provide a sample config?

The current snmp config on this router is the same as my other Cisco routers which are working, i.e.

snmp-server host x.x.x.x public

snmp-server enable traps

I'm using SNMP v1. This is the output from show snmp

105 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

103 Illegal operation for community name supplied

0 Encoding errors

22 Number of requested variables

0 Number of altered variables

100 Get-request PDUs

3 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

127 SNMP packets output

0 Too big errors (Maximum packet size 1500)

81 No such name errors

0 Bad values errors

0 General errors

103 Response PDUs

22 Trap PDUs

Thanks

Hi:

You should really read all about SNMP and how to configure it on a Cisco device.

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html

The purpose of using a loopback interface is to tell the router to source that interface when sending SNMP traffic. Remember, without specifying that, the router will select the exit interface's IP address as the source interface from which SNMP traffic will be sourced (source IP address in the IP datagram). This may or may not mean anything to you -- it depends on which subnets are allowed across the tunnel.

HTH

Victor

If you create a loopback interface (which is logical) on each router and put it in a different subnet, you can access that IP by any link (assuming you have multiple WAN links or connectivity to the router).

config t

int loopback0

ip address 192.168.255.15 255.255.255.255

You will want the loopback subnet mask to be /32. Using your SNMP manager, point it to the loopback IP address instead of a physical address of the router. There is no specific SNMP config under the interface.

Hi,

it looks like the following command resolved the issue:

snmp-server community public RO

Thanks

Good to hear. Depending on your security req, you might want to append an ACL on the end.

snmp-server community public RO 50

access-list 50 permit 192.168.1.14

A helpful command for SNMP is snmp-server ifindex persist. That will make the ifindexes of your interfaces stay the same.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco