×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

CPI 2.0 ASA with SNMP version 3

Answered Question
Dec 19th, 2013
User Badges:

Hi,


I'm struggling with polling ASA devices, specifically a 5512-X with SNMP v3. I applied a recent day 1 patch to add support for the ASA Next Generation series and expected it to be supported by now, but it looks like I've hit a bug as I'm using SNMP version 3. The ASA outputs the following when I attempt a synchronization from the CPI server:



Dec 19 2013 13:15:28 single_vf : %ASA-3-212005: incoming SNMP request (577 bytes) from IP address 1.2.3.4  Port 55967  Interface "inside" exceeds data buffer size, discarding this SNMP request.

Dec 19 2013 13:15:38 single_vf : %ASA-3-212005: incoming SNMP request (577 bytes) from IP address 1.2.3.4  Port 55967  Interface "inside" exceeds data buffer size, discarding this SNMP request.

Dec 19 2013 13:15:58 single_vf : %ASA-3-212005: incoming SNMP request (577 bytes) from IP address 1.2.3.4  Port 55967  Interface "inside" exceeds data buffer size, discarding this SNMP request.

Dec 19 2013 13:16:38 single_vf : %ASA-3-212005: incoming SNMP request (568 bytes) from IP address 1.2.3.4  Port 55967  Interface "inside" exceeds data buffer size, discarding this SNMP request.

Dec 19 2013 13:16:48 single_vf : %ASA-3-212005: incoming SNMP request (568 bytes) from IP address 1.2.3.4  Port 55967  Interface "inside" exceeds data buffer size, discarding this SNMP request.


This is the same bug as described in https://supportforums.cisco.com/thread/2204932 which occurs using LMS 4.2.3. I'm not sure if it has been fixed in LMS, but it sure hasn't in CPI.


Any comments from Cisco on this issue? Is this expected to be fixed in the next point release patch?

Correct Answer by gzelks about 3 years 2 months ago

We also experienced this problem.  The buffer full issue has been fixed in 9.2(1).

After a code update on our ASA 5515-X a sync (via SNMPv3) completed successfully in PI 2.1

Regards,

Greg.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Marvin Rhoads Thu, 12/19/2013 - 06:22
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

I noticed it on my ASA 5525-X with SNMPv3 as well after applying the update. It is running the latest ASA software - 9.1(4).


When I get some free time I will open a TAC case on it and see what they have to say.

mikaelbje Thu, 12/19/2013 - 08:42
User Badges:

Did you even get CPI to recognize the device? My next gen ASAs come up as unsupported devices in device work center even when using SNMPv2. The same applies to the 2960-Plus series switches.

mikaelbje Thu, 01/23/2014 - 01:22
User Badges:

Found the solution to the unsupported device issue:


1. Latest device packages must be installed on the CPI server

2. All previously unsupported devices added prior to the device pack install must be removed from the device work center and RE-ADDED to become recognized. Clicking Sync is not enough



The SNMPv3 issue still remains.

Correct Answer
gzelks Mon, 06/02/2014 - 16:42
User Badges:

We also experienced this problem.  The buffer full issue has been fixed in 9.2(1).

After a code update on our ASA 5515-X a sync (via SNMPv3) completed successfully in PI 2.1

Regards,

Greg.

Marvin Rhoads Mon, 06/02/2014 - 17:16
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Thanks for the update, Greg. +5!

It's always good to close the loop on these older threads as new information becomes available.

Actions

This Discussion

Related Content