Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SNMP Over VPN Tunnel

Hi,

I've setup a GRE tunnel between 2 Cisco routers. I'd like to monitor one of the routers over the VPN tunnel, for bandwidth info. I've tried simply configuring snmp, which doesn't work. Having read up on the subject, it looks like I'll need to setup vrf routes. Would someone be able to provide me with some simple config on how I could setup SNMP monitoring of this router over the VPN tunnel?

Your help is much appreciated.

Thanks

7 REPLIES

Re: SNMP Over VPN Tunnel

Sorry - confused, SNMP is unicast UDP! So if you VPN tunnel works with all other types of IP traffic, SNMP will also work.

I would suggest you check your SNMP system, also check the version you are using.

HTH>

Re: SNMP Over VPN Tunnel

You might also want to look at using loopbacks for monitoring SNMP. I am monitoring devices through a GRE tunnel and I do not use vrf routes.

Hope that helps.

New Member

Re: SNMP Over VPN Tunnel

Hi,

Could you explain further how I would use loopbacks for this? Could you provide a sample config?

The current snmp config on this router is the same as my other Cisco routers which are working, i.e.

snmp-server host x.x.x.x public

snmp-server enable traps

I'm using SNMP v1. This is the output from show snmp

105 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

103 Illegal operation for community name supplied

0 Encoding errors

22 Number of requested variables

0 Number of altered variables

100 Get-request PDUs

3 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

127 SNMP packets output

0 Too big errors (Maximum packet size 1500)

81 No such name errors

0 Bad values errors

0 General errors

103 Response PDUs

22 Trap PDUs

Thanks

Blue

Re: SNMP Over VPN Tunnel

Hi:

You should really read all about SNMP and how to configure it on a Cisco device.

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html

The purpose of using a loopback interface is to tell the router to source that interface when sending SNMP traffic. Remember, without specifying that, the router will select the exit interface's IP address as the source interface from which SNMP traffic will be sourced (source IP address in the IP datagram). This may or may not mean anything to you -- it depends on which subnets are allowed across the tunnel.

HTH

Victor

Re: SNMP Over VPN Tunnel

If you create a loopback interface (which is logical) on each router and put it in a different subnet, you can access that IP by any link (assuming you have multiple WAN links or connectivity to the router).

config t

int loopback0

ip address 192.168.255.15 255.255.255.255

You will want the loopback subnet mask to be /32. Using your SNMP manager, point it to the loopback IP address instead of a physical address of the router. There is no specific SNMP config under the interface.

New Member

Re: SNMP Over VPN Tunnel

Hi,

it looks like the following command resolved the issue:

snmp-server community public RO

Thanks

Re: SNMP Over VPN Tunnel

Good to hear. Depending on your security req, you might want to append an ACL on the end.

snmp-server community public RO 50

access-list 50 permit 192.168.1.14

A helpful command for SNMP is snmp-server ifindex persist. That will make the ifindexes of your interfaces stay the same.

406
Views
20
Helpful
7
Replies