multi-context FWSM versus SNMP...

Unanswered Question
Aug 7th, 2009
User Badges:

Has anyone out there managed to get a multi-context FWSM module to enable polling of SNMP (RO) counters on any of the defined contexts?


I can't get it to work. Despite having the appropriate snmp-server statements in the config. The same statements that work fine with my ASA's. I notice a few others on the forum having the same problem. But no answers.


the logged message is (IP's altered)


Aug 6 14:34:10 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:11 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:12 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Syed Iftekhar Ahmed Fri, 08/07/2009 - 09:53
User Badges:
  • Blue, 1500 points or more

Can you post the related snmp config?


Have you configured snmp for trap only and trying to poll?


Syed


lchuser7680 Tue, 08/11/2009 - 01:15
User Badges:

Nope. It's configured for poll. I've also tried trap and poll together... And as an experiment, just trap. Nothing doing...


I've also got rules allowing the manager to access SNMP anywhere... And that works. It's only SNMP TO the contexts that doesn't work (Any of the contexts on the module).



Test/OddVLANs/act# sh run | in snmp-se

snmp-server host CDC-TD-Core-Networks 13.1.1.222 poll community comm version 2c

no snmp-server location

snmp-server contact [email protected]

snmp-server community comm

snmp-server enable traps snmp linkup linkdown coldstart

snmp-server enable traps syslog


lchuser7680 Tue, 08/11/2009 - 04:45
User Badges:

Solved!!!!


Looks like the admin context snmp settings affect all the other contexts as well.


The admin context had a different listen port set for the snmp server by



snmp-server listen-port 163


changing that to


snmp-server listen-port 161


in the admin context kicked ALL the contexts into life. Looks like some of the settings are shared between contexts (i.e. not just AAA).


H


Actions

This Discussion