VRF-Aware SNMP Monitoring

Unanswered Question
Feb 20th, 2009
User Badges:


I have a few routers w/ VRF-Aware IPsec tunnels. I'm wondering if I can monitor all my tunnels, from all VRFs, with a single SNMP poll? CISCO-IPSEC-FLOW-MONITOR-MIB, CISCO-IPSEC-MIB , and CISCO-IPSEC-POLICY-MAP-MIB do not give me data for the sum all all of my VRFs. Please advise.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Joe Clarke Mon, 02/23/2009 - 11:15
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

See http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/ht_iimib.html . Assuming you're running the correct version of code, you can get VRF-aware CISCO-IPSEC-FLOW-MONITOR-MIB and CISCO-IPSEC-MIB support. You will need to make sure you have configured your device to allow for VRF-based SNMP polling. The VRF instances will not show sum totals for the system. To get that, you will need to poll using a non-VRF community string.

lxcollin1 Tue, 02/24/2009 - 14:31
User Badges:

Thanks for the response.

I able to obtain data from either non-vrf stats, or vrf specific stats, but I cannot get system wide (all vrf + non-vrf) stats. Is this not possible?


Joe Clarke Tue, 02/24/2009 - 14:50
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The documentation of the MIBs (at least the CISCO-IPSEC-POLICY-MAP-MIB) states that as long as you have a global community string (i.e. one not tied to a VRF), you should be able to pull system-wide stats.


This Discussion