Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multi-context FWSM versus SNMP...

Has anyone out there managed to get a multi-context FWSM module to enable polling of SNMP (RO) counters on any of the defined contexts?

I can't get it to work. Despite having the appropriate snmp-server statements in the config. The same statements that work fine with my ASA's. I notice a few others on the forum having the same problem. But no answers.

the logged message is (IP's altered)

Aug 6 14:34:10 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:11 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

Aug 6 14:34:12 13.81.3.100 OddVLANs %FWSM-3-710003: udp access denied by ACL from 13.1.1.222/35156 to CDC-TD-Core-Networks:13.81.3.100/161

3 REPLIES

Re: multi-context FWSM versus SNMP...

Can you post the related snmp config?

Have you configured snmp for trap only and trying to poll?

Syed

New Member

Re: multi-context FWSM versus SNMP...

Nope. It's configured for poll. I've also tried trap and poll together... And as an experiment, just trap. Nothing doing...

I've also got rules allowing the manager to access SNMP anywhere... And that works. It's only SNMP TO the contexts that doesn't work (Any of the contexts on the module).

Test/OddVLANs/act# sh run | in snmp-se

snmp-server host CDC-TD-Core-Networks 13.1.1.222 poll community comm version 2c

no snmp-server location

snmp-server contact email@domain.com

snmp-server community comm

snmp-server enable traps snmp linkup linkdown coldstart

snmp-server enable traps syslog

New Member

Re: multi-context FWSM versus SNMP...

Solved!!!!

Looks like the admin context snmp settings affect all the other contexts as well.

The admin context had a different listen port set for the snmp server by

snmp-server listen-port 163

changing that to

snmp-server listen-port 161

in the admin context kicked ALL the contexts into life. Looks like some of the settings are shared between contexts (i.e. not just AAA).

H

512
Views
0
Helpful
3
Replies