Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

we have two Cisco 3800 routers at two sites running GRE over IPsec. Almost every 23-24 hours, our trap collector would get two SNMP traps from both routers.

What are these? The tunnel is stable and how to stop them?

traps look like this:

Device: VPN1

Component:

Severity: Warning

Time: 2009/09/07 22:01:29.000

Message:

snmp trap ciscoMgmt.171.2.2

Event details:

ciscoMgmt = 2

ciscoMgmt.171.1.2.2.1.6.1.14.50.48.56.46.56.53.46.49.48.54.46.50.50.53.1.14.50.48.56.46.56.53.46.49.48.52.46.50.50.53.24 = PUja

ciscoMgmt.171.1.2.2.1.7.1.14.50.48.56.46.56.53.46.49.48.54.46.50.50.53.1.14.50.48.56.46.56.53.46.49.48.52.46.50.50.53.24 = PUha

ciscoMgmt.171.1.2.3.1.16.24 = 8640000

ciscoMgmt.171.1.4.2.1.1.2.24 = 2

monitor = localhost

oid = 1.3.6.1.4.1.9.9.171.1.4.2.1.1.2.24

Device: VPN1

Component:

Severity: Warning

Time: 2009/09/07 22:57:31.000

Message:

snmp trap ciscoMgmt.171.2.1

Event details:

ciscoMgmt = 86400

ciscoMgmt.171.1.2.2.1.6.1.15.50.48.56.46.48.56.53.46.49.48.54.46.50.50.53.1.15.50.48.56.46.48.56.53.46.49.48.52.46.50.50.53.25 = PUja

ciscoMgmt.171.1.2.2.1.7.1.15.50.48.56.46.48.56.53.46.49.48.54.46.50.50.53.1.15.50.48.56.46.48.56.53.46.49.48.52.46.50.50.53.25 = PUha

ciscoMgmt.171.1.2.3.1.15.25 = 86400

monitor = localhost

oid = 1.3.6.1.4.1.9.9.171.1.2.3.1.15.25

Each router has

snmp-server enable traps isakmp policy add

snmp-server enable traps isakmp policy delete

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

snmp-server enable traps ipsec cryptomap add

snmp-server enable traps ipsec cryptomap delete

snmp-server enable traps ipsec cryptomap attach

snmp-server enable traps ipsec cryptomap detach

snmp-server enable traps ipsec tunnel start

snmp-server enable traps ipsec tunnel stop

snmp-server enable traps ipsec too-many-sas

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

The first trap is a cikeTunnelStop trap which is generated when a phase 1 tunnel becomes inactive. The second is a cikeTunnelStart. This is generated when a phase 1 tunnel becomes active. If you do not want to see these traps, just remove the following from the config:

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

Cisco Employee

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

1. Yes, this timer is the IKE phase 1 timer (i.e. 86400 seconds). The third varbind in the cikeTunnelStart trap indicates the tunnel life time in seconds where as the third varbind in the cikeTunnelStop trap indicates the tunnel's lifetime in 100ths of a second. You can see 86400 and 8640000 in your sample traps respectively.

2. Unfortunately, a good tool does not yet exist for this. A lot of times, one must go to the IOS source code to see for certain what traps are associated to what keywords. The good news is a new tool is in the works to provide customers the ability to see what traps are tied to what configuration.

5 REPLIES
Cisco Employee

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

The first trap is a cikeTunnelStop trap which is generated when a phase 1 tunnel becomes inactive. The second is a cikeTunnelStart. This is generated when a phase 1 tunnel becomes active. If you do not want to see these traps, just remove the following from the config:

snmp-server enable traps isakmp tunnel start

snmp-server enable traps isakmp tunnel stop

New Member

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

thank you so much! I will remove them from configuration

1. which timeout value is this? from

"show crypto isakmp policy", I see 86400 seconds

2. where can I get this kind of SNMP traps info to associate them to isakmp tunnel? I googled these keywords but didn't get much.

Cisco Employee

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

1. Yes, this timer is the IKE phase 1 timer (i.e. 86400 seconds). The third varbind in the cikeTunnelStart trap indicates the tunnel life time in seconds where as the third varbind in the cikeTunnelStop trap indicates the tunnel's lifetime in 100ths of a second. You can see 86400 and 8640000 in your sample traps respectively.

2. Unfortunately, a good tool does not yet exist for this. A lot of times, one must go to the IOS source code to see for certain what traps are associated to what keywords. The good news is a new tool is in the works to provide customers the ability to see what traps are tied to what configuration.

New Member

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

for point 2, what is the best way to obtain clarification on these "strange traps"? TAC cases?

Cisco Employee

Re: how to stop trap "ciscoMgmt.171.2.1" & "ciscoMgmt.171.2.2"

Yes, TAC or the forum are your best resources for now.

488
Views
0
Helpful
5
Replies
CreatePlease to create content