Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM and SNMP v2

J,

you out there...got another question for you.

Configured SNMP community string on at 6509 FWSM. appears I can only set a RO (which is not a problem). I'm able to SSH to the FWSM IP, but when i config CiscoWorks Common Services to add the device, using standard credentials and the SNMP v2 community string, it bombs with the following error:

"session to device failed. Cause: Authentication failed on device."

It appears to be auth, but I'm certain, both the standard credentials and the SNMP community string are correct.

I ran an SNMP walk with OID .1.3.6.1.2.1.1.2 and it also fails with:

Failed to snmpwalk the device. Please check your community string and starting OID, and try again.

I thought possibly the SNMP timeout was catching me again, but after setting to 10secs, continues to fail.

Checked the ICServer.log, and nothing that would indicate the problem.

Any help would be appreciated.

Bruce

11 REPLIES
New Member

Re: FWSM and SNMP v2

some additional info from the IC_Server.log:

ERROR,[Thread-15],com.cisco.nm.rmeng.inventory.ics.core.CollectionController,547, Unreachable device com.cisco.nm.xms.xdi.DeviceAccessException: SnmpRequestTimeout on while performing SnmpGet at index = -1

Cisco Employee

Re: FWSM and SNMP v2

Please post your SNMP config from your FWSM.

New Member

Re: FWSM and SNMP v2

no snmp-server location

no snmp-server contact

snmp-server community

and i ran the snmp-server enable command

Cisco Employee

Re: FWSM and SNMP v2

You need to add a line like:

snmp-server host inside HOST poll community STRING

Where HOST is the IP address of the LMS server.

This is what you would do for the PIX/ASA. I assume there is a similar (if not the same) command for the FWSM.

New Member

Re: FWSM and SNMP v2

giving it a try right now...

i didnt think i needed that "host" statement...but, i was refering back to the V2 config on a 6513 switch.

New Member

Re: FWSM and SNMP v2

Hmmm..

Well, that doesnt appear to be the issue either.

when i run the command for snmp-server host, it prompts that there is only a VLAN available (which is a vlan that we use for access)...when i use the vlan, and then the IP of LMS, results are the same...authentication failure.

example:

FWNAME/context(config)# snmp-server host ?

configure mode commands/options:

Current available interface(s):

Cisco Employee

Re: FWSM and SNMP v2

Then there may be other rules preventing udp/161 traffic from making it to this module. Check to make sure this traffic is allowed.

New Member

Re: FWSM and SNMP v2

hmmm...its a test FW, so i have IP any any setup...

Cisco Employee

Re: FWSM and SNMP v2

The symptoms point to you either using the wrong community string, or SNMP traffic is being denied. You might want to enable some logging on the FWSM to see if the SNMP packets are arriving on the module.

New Member

Re: FWSM and SNMP v2

roger..i've pounded that community string in there multiple times, so i'm confident, it isnt that...access through the FW allows IP any...so, i'm scratchin the ole head right now...i'll turn on some logging and gather some anay on it...thanks for the thoughts...

New Member

Re: FWSM and SNMP v2

forgot to give ya some points for this one...here ya go

471
Views
3
Helpful
11
Replies
CreatePlease login to create content