11-13-2008 09:03 AM
Hi, I'm trying to set up a CSS so it will forward SNMP traps (UDP 162) to a back end service. The config for this should be very simple, I shouldn't have any requirement for source groups as there is no return traffic, the only doubt in my head, is whether or not this will work if the traffic comes in on one vlan and goes back out of the same interface on a different vlan.
For my test, the source address is 10.0.0.254, and the trap destination is 1.1.200.21 (the VIP).
Our HTTP rule works fine, but this SNMP rule doesn't. If I sniff the CSS port, I can see the trap going to the CSS, but if I do sh summary on the CSS, I dont see any hits on the SNMP rule. The service is up.
Can anyone offer any advice on this?
I'll paste the config below.
Many Thanks in advance
Dom
CSS11503# sh run
!Generated on 11/13/2008 09:23:00
!Active version: sg0710102
configure
!*************************** GLOBAL ***************************
ip route 0.0.0.0 0.0.0.0 1.1.200.251 1
ip route 1.1.10.1 255.255.255.255 1.1.6.251 1
!************************* INTERFACE *************************
interface 1/1
description "trunk port to EH_4507"
trunk
vlan 6
vlan 7
vlan 200
!************************** CIRCUIT **************************
circuit VLAN1
ip address 192.168.10.1 255.255.255.0
circuit VLAN6
description "MGT interface"
ip address 1.1.6.250 255.255.255.0
circuit VLAN7
ip address 1.1.7.250 255.255.255.0
circuit VLAN200
description "VIP VLAN"
ip address 1.1.200.250 255.255.252.0
!************************** SERVICE **************************
service CUSA_TRAPS
ip address 1.1.10.1
protocol udp
port 162
keepalive type none
active
service WEB
ip address 1.1.7.1
keepalive type none
active
!*************************** OWNER ***************************
owner CUSA
content TEST
vip address 1.1.200.20
add service WEB
protocol tcp
port 80
url "/test/*"
active
content TRAPS
vip address 1.1.200.21
protocol udp
port 162
add service CUSA_TRAPS
active
Solved! Go to Solution.
11-13-2008 10:28 AM
By default CSS doesnt setup flows for SNMP traffic.
Please read the following for details
You need to apply the following command
flow-state 162 udp flow-enable
Syed Iftekhar Ahmed
11-13-2008 10:28 AM
By default CSS doesnt setup flows for SNMP traffic.
Please read the following for details
You need to apply the following command
flow-state 162 udp flow-enable
Syed Iftekhar Ahmed
11-14-2008 01:12 AM
Many Thanks as always Syed :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide