10-20-2008 02:20 AM - edited 03-06-2019 02:02 AM
Hi,
I've setup a GRE tunnel between 2 Cisco routers. I'd like to monitor one of the routers over the VPN tunnel, for bandwidth info. I've tried simply configuring snmp, which doesn't work. Having read up on the subject, it looks like I'll need to setup vrf routes. Would someone be able to provide me with some simple config on how I could setup SNMP monitoring of this router over the VPN tunnel?
Your help is much appreciated.
Thanks
10-20-2008 04:24 AM
Sorry - confused, SNMP is unicast UDP! So if you VPN tunnel works with all other types of IP traffic, SNMP will also work.
I would suggest you check your SNMP system, also check the version you are using.
HTH>
10-20-2008 05:14 AM
You might also want to look at using loopbacks for monitoring SNMP. I am monitoring devices through a GRE tunnel and I do not use vrf routes.
Hope that helps.
10-20-2008 05:19 AM
Hi,
Could you explain further how I would use loopbacks for this? Could you provide a sample config?
The current snmp config on this router is the same as my other Cisco routers which are working, i.e.
snmp-server host x.x.x.x public
snmp-server enable traps
I'm using SNMP v1. This is the output from show snmp
105 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
103 Illegal operation for community name supplied
0 Encoding errors
22 Number of requested variables
0 Number of altered variables
100 Get-request PDUs
3 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
127 SNMP packets output
0 Too big errors (Maximum packet size 1500)
81 No such name errors
0 Bad values errors
0 General errors
103 Response PDUs
22 Trap PDUs
Thanks
10-20-2008 05:26 AM
Hi:
You should really read all about SNMP and how to configure it on a Cisco device.
http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html
The purpose of using a loopback interface is to tell the router to source that interface when sending SNMP traffic. Remember, without specifying that, the router will select the exit interface's IP address as the source interface from which SNMP traffic will be sourced (source IP address in the IP datagram). This may or may not mean anything to you -- it depends on which subnets are allowed across the tunnel.
HTH
Victor
10-20-2008 05:39 AM
If you create a loopback interface (which is logical) on each router and put it in a different subnet, you can access that IP by any link (assuming you have multiple WAN links or connectivity to the router).
config t
int loopback0
ip address 192.168.255.15 255.255.255.255
You will want the loopback subnet mask to be /32. Using your SNMP manager, point it to the loopback IP address instead of a physical address of the router. There is no specific SNMP config under the interface.
10-20-2008 06:30 AM
Hi,
it looks like the following command resolved the issue:
snmp-server community public RO
Thanks
10-20-2008 06:34 AM
Good to hear. Depending on your security req, you might want to append an ACL on the end.
snmp-server community public RO 50
access-list 50 permit 192.168.1.14
A helpful command for SNMP is snmp-server ifindex persist. That will make the ifindexes of your interfaces stay the same.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: