×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Query of SNMP device times out, wireshark shows response

Answered Question
Nov 6th, 2013
User Badges:

I am using EEM 4.0 on IOS 15.3.3M1 (universal) on a 2951 router.


I have snmp-server manager set.


I'm trying this two ways, one with just EEM Action statements, the other as an EEM Tcl Policy. Both are registered to "none."


EEM code:

action 001.0 info type snmp oid <oid> set-type int 1 community PRIVATE ipaddr 10.1.1.2

action 002.0 info type snmp oid <oid2> get-type exact community PUBLIC ipaddr 10.1.1.2

action 003.0 syslog msg $_info_snmp_value


Tcl code:

::cisco::eem::event_register_none
namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

set myOID <oid>

set myOID2 <oid2>

array set snmp_res [sys_reqinfo_snmp oid $myOID set_any int 1 community PRIVATE ipaddr 10.1.1.2]
array set snmp_res2 [sys_reqinfo_snmp oid $myOID2 get_type exact community PUBLIC ipaddr 10.1.1.2]

action_syslog msg "Value received $snmp_res2(value)"


Both send the SNMP query then receive an SNMP message. This repeats, then times out. The SNMP message received does not appear to be parsed or used, but wireshark shows a valid SNMP v2c response from the device. When configured to query a Cisco switch (using different OIDs), the same problem occurs in the same way.


With debug snmp packets The output received is:
SNMP: Packet send via UDP to 10.1.1.2.161
SNMP: Packet received via UDP from 10.1.1.2 on GigabitEthernet2/0.42
SNMP: Set request, reqid 1, errstat 0, errindex 0

SNMP: Packet send via UDP to 10.1.1.2.161

SNMP: Packet received via UDP from 10.1.1.2 on GigabitEthernet2/0.42

SNMP: Set request, reqid 2, errstat 0, errindex 0

<oid> = 1

%HA_EM-7-FMFD_SNMP_RESP_TIMEOUT: fh_fd_do_snmp_request_remote: SNMP response has timed out

SNMP: Packet send via UDP to 10.1.1.2.161
SNMP: Packet received via UDP from 10.1.1.2 on GigabitEthernet2/0.42
SNMP: Get request, reqid 3, errstat 0, errindex 0
SNMP: Packet send via UDP to 10.1.1.2.161
SNMP: Packet received via UDP from 10.1.1.2 on GigabitEthernet2/0.42
SNMP: Get request, reqid 4, errstat 0, errindex 0
<oid2> = NULL TYPE/VALUE
%HA_EM-7-FMFD_SNMP_RESP_TIMEOUT: fh_fd_do_snmp_request_remote: SNMP response has timed out

Correct Answer by Joe Clarke about 3 years 9 months ago

Do you have the SNMP agent enabled on your sending device?  You need that.  Try configuring:


snmp-server community PUBLIC RO

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Joe Clarke Wed, 11/06/2013 - 12:14
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It would be useful to see the actual OIDs as well as the time it takes for the response.  Posting the sniffer trace would be helpful, too.

malweth Thu, 11/07/2013 - 07:31
User Badges:

We are testing this with a cisco router (as configured in the original post) on 10.1.1.254 and cisco switch (embedded 3750) on 10.1.1.253.


The OID we're using is the ifAlias corresponding to GigabitEthernet0/1 on the switch. The description was set to "UNUSED" was changed to "TEST" and the wireshark capture shows the original, the successful change, and the verification of the change.


Here's the event manager policy we're using for this test:


event manager applet swtest
event none maxrun 120
action 000.0 info type snmp oid 1.3.6.1.2.1.31.1.1.1.18.10101 get-type exact community PUBLIC ipaddr 10.1.1.253
action 001.0 info type snmp oid 1.3.6.1.2.1.31.1.1.1.18.10101 set-type string TEST community PUBLIC ipaddr 10.1.1.253
action 002.0 info type snmp oid 1.3.6.1.2.1.31.1.1.1.18.10101 get-type exact community PUBLIC ipaddr 10.1.1.253
action 003.0 syslog msg "$_info_snmp_value"
!


The router output (timestamped) is in "snmp_debugs.txt"


The wireshark capture is in "SNMP_wireshark_capture.txt"


The switch is configured with:

snmp-server community PUBLIC RW

I had also read that SNMP SET was now supported in the Cisco Tcl EEM Library. Is documentation available for this? What is the command? The Tcl code version of this script works in the exact same way except that the SET operation command is invalid.


Thank you!

Joe Clarke Thu, 11/07/2013 - 17:14
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Can you enable and capture the following debugs as well:


debug event manager detector snmp

debug snmp timer

debug snmp header

malweth Tue, 11/12/2013 - 06:26
User Badges:

Joseph,


I have enabled the debugs and kept the original debug snmp packets running. The output is attached along with the wireshark output from this particular run.


Thank you for the help.

Correct Answer
Joe Clarke Tue, 11/12/2013 - 14:49
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Do you have the SNMP agent enabled on your sending device?  You need that.  Try configuring:


snmp-server community PUBLIC RO

malweth Wed, 11/13/2013 - 09:18
User Badges:

Thank you! That was the exact problem. We don't normally run v2c.


Why does the router need to be set up as a server on that community string when it is acting as a client? The end device is a server using that string.


Thanks again!!

Joe Clarke Wed, 11/13/2013 - 09:26
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The manager and agent are very tightly integrated.  It doesn't surprise me there is a requirement to be running the SNMP Server.

Actions

This Discussion

Related Content