cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
954
Views
0
Helpful
10
Replies

SNMP polling woes!

Alewis
Level 1
Level 1

Hi,

I have several remote office that I poll using Orion and RRD. I have one office inparticular that will not let me poll from the outside . I am using the same type of router with the same access rules but it will not work. This router can be pinged and accesses from outside but SNMP won't work. SNMP works from the inside however.

The router being used is a 3825 with IOS 12.4(20)T1

Any suggestions would be greatly appreciated.

10 Replies 10

Joe Clarke
Cisco Employee
Cisco Employee

The most likely causes are interface ACLs, control-plane ACLs, or SNMP community ACLs. Therefore, it would be helpful to see the running config from this router. You might also consider enabling "debug snmp packet" on the router to confirm the packets are making it to the outside interface.

I turned on debugging and it isn't even hitting that interface. Now I need to investigate why that router out of all of the ones I am monitoring is not getting accessed.

I am wondering if the router is faulty. I tried using SNMP from a completely different location and still could not get in. I took the access-list off of the community string as well as the serial interface and still nothing. Even when I turnaed all debugging off and took the access-list off of the interface, I was still getting messages on the router with block and permit statements pertaining to the access-list that wasn't even applied to an interface.

It would be helpful to see the config on the router. You might also be getting SNMP blocked from an upstream router.

here it is.

I don't know what errors you're seeing now, but you still have access-lists applied to your Serial0/0/0:0.101 interface, your ip http server, and your vtys. Your interface ACL does not appear to allow SNMP queries to the serial IP:

access-list 101 permit udp host 63.80.70.250 host 213.31.185.33 eq snmp log-input

access-list 101 permit udp host 63.80.70.230 host 213.31.185.33 eq snmp log-input

...

access-list 101 deny udp any any eq snmp log-input

However, it should allow polling of the GigabitEthernet IP. from those two hosts.

i am trying to poll the GigabitEthernet IP. I am not getting any errors. when i ran the debug snmp packets, I never saw any hits at all. The upstream router is from the ISP obviously but i can't imagine them blocking only SNMP.

If you're not seeing any debug messages nor are you seeing the ACL 101 hit counter increasing, then it is logical to assume that something upstream is blocking SNMP. This may be the ISP, or something else on your local end.

If you want to verify SNMP is working at all, you can enable snmp-server manager on the router, then use the following to poll it:

snmp get v1 213.31.185.33 COMMUNITY oid system.1.0

Where COMMUNITY is your community string.

This should provide you with the device's sysDescr.

I have opened up a ticket with BT to see if they are blocking.

It was the ISP that was blocking SNMP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: