SNMP polling woes!

Unanswered Question


I have several remote office that I poll using Orion and RRD. I have one office inparticular that will not let me poll from the outside . I am using the same type of router with the same access rules but it will not work. This router can be pinged and accesses from outside but SNMP won't work. SNMP works from the inside however.

The router being used is a 3825 with IOS 12.4(20)T1

Any suggestions would be greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Tue, 10/21/2008 - 14:07

The most likely causes are interface ACLs, control-plane ACLs, or SNMP community ACLs. Therefore, it would be helpful to see the running config from this router. You might also consider enabling "debug snmp packet" on the router to confirm the packets are making it to the outside interface.

I am wondering if the router is faulty. I tried using SNMP from a completely different location and still could not get in. I took the access-list off of the community string as well as the serial interface and still nothing. Even when I turnaed all debugging off and took the access-list off of the interface, I was still getting messages on the router with block and permit statements pertaining to the access-list that wasn't even applied to an interface.

Joe Clarke Thu, 10/23/2008 - 07:31

It would be helpful to see the config on the router. You might also be getting SNMP blocked from an upstream router.

Joe Clarke Thu, 10/23/2008 - 07:46

I don't know what errors you're seeing now, but you still have access-lists applied to your Serial0/0/0:0.101 interface, your ip http server, and your vtys. Your interface ACL does not appear to allow SNMP queries to the serial IP:

access-list 101 permit udp host host eq snmp log-input

access-list 101 permit udp host host eq snmp log-input


access-list 101 deny udp any any eq snmp log-input

However, it should allow polling of the GigabitEthernet IP. from those two hosts.

Joe Clarke Thu, 10/23/2008 - 08:07

If you're not seeing any debug messages nor are you seeing the ACL 101 hit counter increasing, then it is logical to assume that something upstream is blocking SNMP. This may be the ISP, or something else on your local end.

If you want to verify SNMP is working at all, you can enable snmp-server manager on the router, then use the following to poll it:

snmp get v1 COMMUNITY oid system.1.0

Where COMMUNITY is your community string.

This should provide you with the device's sysDescr.


This Discussion