Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss SNMP- Simple Network Management Protocol with Cisco expert Tejas Shah. Tejas is a Senior Engineer for Network Management (NMS) at the Technical Assistance Center, Cisco Systems, Inc. Tejas has been with Cisco for eight years but during the last three years he has been with the Technical Assistance TAC Center working primarily on escalation cases where he troubleshoots complex issues related to SNMP protocol and applications build on top of SNMP that Cisco makes. Feel free to post any questions relating to SNMP- Simple Network Management Protocol. Remember to use the rating system to let Tejas know if youve received an adequate response.
Tejas might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 17. Visit this forum often to view responses to your questions and the questions of other community members.
I'm looking for a simple way to detect abnormal router reload (ie: software crash) through SNMP. I found that the whyReload object of the OLD-CISCO-SYS mib could be one way of doing it. The question I have is whether this MIB is still supported and/or will continue to be supported in the future ? Any other suggestions on how to achieve this monitoring ?
Thanks and regards
thanks for your post.. since whyReload is from OLD-CISCO-SYS, it is being deprecated (phased out). If you check out any release notes, there is a matrix for what mibs are being deprecated. Here is one for eg. :
The best bet for its replacement would be to monitor it via syslog.
Hope this helps.
Thanks for your answer. I understand that using the OLD-CISCO-SYS MIB is probably not a good idea ;-(
I already thought about using the syslog, but I didn't find a log message that indicates the reason of a router reload. Any suggestion ?
you are right about that.. syslogs will only tell you when device reloads. Currently there is no way of knowing why it reloads. There has been a bug filed on the CatOS in this regards :
OLD-CISCO-SYS-MIB whyReload is not supported in CATOS SW
If at a later time it does get implemented, it would be in CISCO-SYSTEM-MIB as per the bug notes.
Hope that helps..
We have cisco Works LMS 2.1 on my company and we have many problems to Import the 2950 Switches to RME (Note: afeter importing the device info RME need to query some info from the switch by SNMP in order to declare the new switch recheable). To solve the problem I increase the Time out value to 90 secs and the retrail to 4. Now it takes a cuple of minutes to Import the switches but they are imported.
The problem is that on the 2950 the CPU goes very high 90% to 95%. Did you know any know bug about this.
There are bugs on high CPU when polled via snmp.. The famous one is when polling the CISCO-FLASH-MIB. I think this issue need to be properly debugged and find out what really causes the CPU to shoot up. There is a bug specifically on 2950 on high CPU, but that is about SSH. I wasn't able to find one specific to your platform and SNMP and High CPU. How long is the CPU stay pegged at 90+% ?
It stays for 2 or 3 minutes at 90 + %
I know that this version of LMS can use SSH but now is not implemented on my server
By the way the IOS Version is 12.1(6)EA2c and the model of the switch is WS-C2950C-24
This one is from one of them but it does not reflect the real time it takes whent the switch is discovered for the first time.
CPU utilization for five seconds: 99%/3%; one minute: 84%; five minutes: 33%
0.00% 0.00% 0.00% 0 SNMP Timers
93.69% 78.82% 29.19% 0 IP SNMP
0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
0.00% 0.00% 0.00% 0 SNMP Traps
what you could do is try to first see what MIB is causing this high CPU and then block that using the view statements such as the ones defined at
I suspect it may be the flash-mib as you are running 12.1 code. I suggest opening a TAC case and have an engineer run the debug in conjunction with the view statement.
Hope this helps..
There is a bug for snmp and 2950's with certain IOS versions. I dont remember the exact version. THe snmp gets cause the switch cpu to go to 99% for abt 2-3 minutes as you described. We changed the versionn= to 12.1 (13) EA1 and resolved the issue.
Do a search for the bugs and you will find it.
On a remote access box such as a 5300, is there a way to get the user's IP address along with the user' modem port or ISDN channel?
you can try polling ciscoCallHistoryDestinationAddress from the CISCO-CALL-HISTORY-MIB for ISDN type scenario..
For modems, you can try polling the CISCO-MODEM-MGMT-MIB and see if you are able to see any ip addresses.. Of your interest would also be cmCallPhoneNumber and cmCallerID from the same mib.
Hope this helps,
I've been quickly educating myself in the operation of CiscoWorks 2000 and have encountered instances of SNMP discovery not locating devices that are more than one switch removed from the querying device; also, we have one case of a remote AS3550 that does not respond to CiscoWorks' SNMP polling (for perhaps the same reason, since it lies 2 hops away)... Is there a parameter that needs to be set for SNMP polling and discovery to detect devices that are 2 or more hops from the querying server? If so, may I have an example of where to look and the command syntax?
Hello Drumboy ;0)
Well if we are talking about doing discovery in Campus, we need to make sure on the following to begin with :
* "Jump Router Boundary" is checked in the discovery settings.
* CDP is enabled on all of the transit routers/switches
* SNMP timeout interval is adjusted according to the LAN/WAN settings
* also make sure there are not access-list blocking SNMP traffic on the transit devices.
* If going across WAN, make sure SNMP traffic is getting enough priority and is not getting dropped.
If just starting out with CW2000, there is really a good URL for deploying it at :
Hope this helps..
Thanks for getting us on a good start;
CDP is enabled on all our devices and we seem to meet the spec. requirements you mentioned; I'm going to read up on the document that you linked here and check the Jump Router Boundary settings once I get up to speed.
I've checked the "jump router boundaries" box and run a discover; the device was added to CW2000 and is listed under the 'Discovery Metrics' window, but not in any other. I ran a 'Mgmt. Station to Device' connectivity test using SNMP and it passed both read and write; however, after adding the device under "Resource Mgr. Essentials"/'Add Device', it returned a 'Not Responding' error with these details:
"Check DB status (running/stopped). Check DB tables for missing or NULL key value columns."
Any insight as to what the issue is, and how to correct?
I believe we should open up a TAC case so that debugs could be turned on RME side, and/or sniffer trace could be obtained to see what is really going on ?
Sounds like CSCdu09377. Workaround is to reload the device in question and then add it again in RME Inventory again.
I wish to get clarification on the following:
What is the difference between the following.Pls clarify:
Snmpbulkget, Snmpwalk and Snmpbulkwalk ?
Let me try to clarify :
- snmpget : This is the simplest of all, where the agent ask for a single MIB Object ID (OID). The request is very specific and must include the index at the end of the oid.
- snmpwalk : This query is bunch of snmpget-next. In other words, continuous snmpget's until the end of the table is reached. There is no need to provide the index for this type of query.
- snmpbulkget : With bulk in there, we are now talking about multiple snmpget's with multiple indexes. The key difference with bulk is that all the responses will be stuffed in a single pkt. There is a very elaborate discussion in one of O'Reily books at :
- snmpbulkwalk : This is the bulk version of regular snmpwalk. In contrast to snmpwalk, this information will typically be gathered in a single transaction with the agent, rather than one transaction per variable found. snmpbulkwalk is thus more efficient in terms of network utilisation, which may be especially important when retrieving large tables.
Hope this helps..
We have a number of voice gateways (2600, 3600, 5350) with E1 PRI links on PBXs. I want to poll the GWs and measure the utilized channels of the PRIs, ie how many active calls, how many allocated channels. What is the OIDs we have to poll?
Thanks in advance
Basically you could poll the cpmDS0Usage Table in the CISCO-POP-MGMT-MIB and you would be able to get the utilization info. There were some older bugs with this mibs, so I would suggest using a fairly recent release in whatever train you are using.
There are some really great tools at CCO at http://www.cisco.com/go/mibs. These tools can help you map the Mibs to IOS and also some search capability on key words.
Hope this helps..
Thanks for your reply. The problem is that the specific table is not supported on 2620-1 platforms. Is there an alternative for these platforms?
your observations are right on the money.. Basically in that case, what you may want to try the following MIBs instead :
Hope this helps..
We will implement site to site VPN technology using Cisco 3700 and 7200 boxes.
The IKE authentication mechanism we are planning to use is pre-shared keys.
My question is how can we use the VMS to manage those keys, is it possible to configure it in a way to do a periodic change of the keys, and how is basically the VMS is going to do that?
Also I have another question not related to IKE and VMS.
When is SNMPv3 going to be supported on Ciscoworks?
Thanks in advance and best Regards