Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1900
Views
0
Helpful
7
Replies

Cisco 1841 & SNMP issue

Go to solution
egua5261
Level 1
Level 1

‎05-01-2008 05:14 PM

Hi There,

I will appreciate if someone can assist with an issue I have been experiencing using a Cisco 1841, with SNMP. I have a monitoring server running MRTG and has configuration to poll data from the router via SNMP and it does not work. It does not seem the router is sending the SNMP information at all. Below are the configuration details,

1. Server run on internal IP 10.0.0.X. It also uses a public IP, so the internal IP is translated to the external IP via a NAT static rule on the firewall.

I have other entries on the mrtg file in the server which data is being collected without a problem.

2. The Router on the other end is a cisco 1841, Cisco IOS, (C1841-ADVSECURITYK9-M), Version 12.4(3g).

SNMP Configuration as follows, (excluding Password and Full IP on ACL 1)

access-list 1 permit 203.39.64.XX

snmp-server community <password> RO 1

snmp-server ifindex persist

This is the output of the 'show snmp' in the router,

TCN-Syd-News-internet#sh snmp

Chassis: FHK11241BTS

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

0 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

0 Trap PDUs

It seems to me as the router is not sending any SNMP data at all. I have configured the configuration in both end for many times and I can't still figure out why it's happening.

Please help!!!

Regards,

Esteban P.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to egua5261

‎05-01-2008 10:52 PM

It very well could be blocked by the ISP. Any device capably of filtering between the manager and the agent could be blocking the traffic. I agree that it looks like this particular ASA is allowing it.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee

‎05-01-2008 06:21 PM

According to this, the router is not RECEIVING the SNMP requests. You may have a firewall or other filter in between the server and the router which is blocking SNMP. You can run a "debug snmp packet" on the 1841 to confirm that the packets are not arriving.

0 Helpful

Go to solution
egua5261
Level 1
Level 1
In response to Joe Clarke

‎05-01-2008 10:10 PM

I have run 'debug snmp packet' on the router and in fact packets are not arriving.

There is an ASA firewall between the server and the router; however traffic is being allowed. See the following capture output from the firewall. I captured traffic from the server's internal IP and from its public IP as it is translated by the NAT static rule to the router. ( I have replaced with 'XXX', the last octects of all the IPs)

Capture from server's internal IP to router:

139: 15:28:53.170721 10.0.0.XXX.1988 > 210.193.207.XXX.161: udp 91

140: 15:28:55.170462 10.0.0.XXX.1988 > 210.193.207.XXX.161: udp 91

141: 15:28:57.179815 10.0.0.XXX.1988 > 210.193.207.XXX.161: udp 46

142: 15:28:59.169989 10.0.0.XXX.1988 > 210.193.207.XXX.161: udp 46

Capture from server's external IP to router:

40: 15:28:53.170737 203.39.64.XXX.1988 > 210.193.207.XXX.161: udp 91

41: 15:28:55.170462 203.39.64.XXX.1988 > 210.193.207.XXX.161: udp 91

42: 15:28:57.179815 203.39.64.XXX.1988 > 210.193.207.XXX.161: udp 46

Do you think snmp may be blocked within the service provider network? The internet service type in the router's end is routed.

Esteban

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to egua5261

‎05-01-2008 10:52 PM

It very well could be blocked by the ISP. Any device capably of filtering between the manager and the agent could be blocking the traffic. I agree that it looks like this particular ASA is allowing it.

0 Helpful

Go to solution
stephenshaw
Level 1
Level 1
In response to Joe Clarke

‎05-02-2008 04:23 AM

Hi,

I would question the port numbers that the firewall sees. Normally 161 and 162 are used for SNMP traffic. Why is the firewall seeing 91 and 46??

Steve

0 Helpful

Go to solution
Joe Clarke
Cisco Employee
Cisco Employee
In response to stephenshaw

‎05-02-2008 08:29 AM

Those are packet sizes. 161 is being used. Look further to your left.

0 Helpful

Go to solution
stephenshaw
Level 1
Level 1
In response to Joe Clarke

‎05-02-2008 09:47 AM

You are correct ......... I need to learn not to respond to posts until I've had my coffee!! Steve

0 Helpful

Go to solution
egua5261
Level 1
Level 1
In response to Joe Clarke

‎05-07-2008 04:29 PM

Hi Jclarke,

I just wanted to let you know that the ISP has confirmed they block SNMP on their network. They will be allowing it to my router though.

Thanks for your help

Esteban

0 Helpful
Customers Also Viewed These Support Documents