VRF-Aware SNMP Monitoring

lxcollin1 · ‎02-20-2009

Hello,

I have a few routers w/ VRF-Aware IPsec tunnels. I'm wondering if I can monitor all my tunnels, from all VRFs, with a single SNMP poll? CISCO-IPSEC-FLOW-MONITOR-MIB, CISCO-IPSEC-MIB , and CISCO-IPSEC-POLICY-MAP-MIB do not give me data for the sum all all of my VRFs. Please advise.

Thanks!

Lehi

Joe Clarke · ‎02-23-2009

See http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/ht_iimib.html . Assuming you're running the correct version of code, you can get VRF-aware CISCO-IPSEC-FLOW-MONITOR-MIB and CISCO-IPSEC-MIB support. You will need to make sure you have configured your device to allow for VRF-based SNMP polling. The VRF instances will not show sum totals for the system. To get that, you will need to poll using a non-VRF community string.

lxcollin1 · ‎02-24-2009

Thanks for the response.

I able to obtain data from either non-vrf stats, or vrf specific stats, but I cannot get system wide (all vrf + non-vrf) stats. Is this not possible?

Thanks

Joe Clarke · ‎02-24-2009

The documentation of the MIBs (at least the CISCO-IPSEC-POLICY-MAP-MIB) states that as long as you have a global community string (i.e. one not tied to a VRF), you should be able to pull system-wide stats.