multi-context FWSM versus SNMP...

Unanswered Question
Aug 7th, 2009

Has anyone out there managed to get a multi-context FWSM module to enable polling of SNMP (RO) counters on any of the defined contexts?

I can't get it to work. Despite having the appropriate snmp-server statements in the config. The same statements that work fine with my ASA's. I notice a few others on the forum having the same problem. But no answers.

the logged message is (IP's altered)

Aug 6 14:34:10 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:11 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:12 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Fri, 08/07/2009 - 09:53

Can you post the related snmp config?

Have you configured snmp for trap only and trying to poll?

Syed

lchuser7680 Tue, 08/11/2009 - 01:15

Nope. It's configured for poll. I've also tried trap and poll together... And as an experiment, just trap. Nothing doing...

I've also got rules allowing the manager to access SNMP anywhere... And that works. It's only SNMP TO the contexts that doesn't work (Any of the contexts on the module).

Test/OddVLANs/act# sh run | in snmp-se

snmp-server host CDC-TD-Core-Networks 13.1.1.222 poll community comm version 2c

no snmp-server location

snmp-server contact [email protected]

snmp-server community comm

snmp-server enable traps snmp linkup linkdown coldstart

snmp-server enable traps syslog

lchuser7680 Tue, 08/11/2009 - 04:45

Solved!!!!

Looks like the admin context snmp settings affect all the other contexts as well.

The admin context had a different listen port set for the snmp server by

snmp-server listen-port 163

changing that to

snmp-server listen-port 161

in the admin context kicked ALL the contexts into life. Looks like some of the settings are shared between contexts (i.e. not just AAA).

H

Actions

This Discussion