Cisco 7200 router doesn't respond to snmpget/snmpwalk, or sends traps to Nagios

nashpaz01 · ‎04-19-2015

Hi,

Please help! I've been beating my brains out trying to config a router 10.10.1.2 to receive and send snmp packets/traps with a Nagios server 192.168.1.2 , using these instructions:

http://www.cisco.com/c/en/us/td/docs/wireless/access_point/12-3_7_JA/configuration/guide/i1237sc/s37snmp.html

On the Nagios server 192.168.1.2 (Centos 6.4) I tried these commands and got nothing:

[root@tamaras-nagios ~]# snmpwalk -Os -c public -v 1 10.10.1.2
Timeout: No Response from 10.10.1.2
[root@tamaras-nagios ~]# snmpget -mALL -v2c -cpublic 10.10.1.2 all
Timeout: No Response from 10.10.1.2.

Also, traps aren't being received :-( There is a firewall between the two, but I've gone over its rules and there shouldn't be a problem. There's a ping from the Nagios to the Router and vice versa.

The Nagios works fine with other stations and network devices, so I imagine I've missed something in the router config. I'm going for a v2c snmp config but I don't mind v1 if it'll work.

These are the router specs:

Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
BOOTLDR: Cisco IOS Software, 7200 Software (C7200-KBOOT-M), Version 12.2(25)S9, RELEASE SOFTWARE (fc1)

(some chosen lines from the running config):
access-list 18 permit 192.168.1.2
snmp-server community public RO

snmp-server community ronni RW

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps vrrp

snmp-server enable traps ds1

snmp-server enable traps call-home message-send-fail server-fail

snmp-server enable traps tty

snmp-server enable traps gatekeeper

snmp-server enable traps eigrp

---
(all the snmp traps are enabled so I won't paste the whole list)
---
snmp-server host 192.168.1.2 version 2c public udp-port 161

snmp-server host 192.168.1.2 version 2c public

snmp-server manager

(output of show snmp host):

Notification host: 192.168.1.2 udp-port: 161 type: trap

user: public security model: v2c

Notification host: 192.168.1.2 udp-port: 162 type: trap

user: public security model: v2c

(output of show snmp host):

Chassis: 30929908

0 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

0 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

0 Get-next PDUs

0 Set-request PDUs

0 Input queue packet drops (Maximum queue size 1000)

39174 SNMP packets output

0 Too big errors (Maximum packet size 1500)

0 No such name errors

0 Bad values errors

0 General errors

0 Response PDUs

23567 Trap PDUs

SNMP Dispatcher:

queue 0/75 (current/max), 0 dropped

SNMP Engine:

queue 0/1000 (current/max), 0 dropped

SNMP logging: enabled

Logging to 192.168.1.2.162, 0/10, 7 sent, 0 dropped.

Logging to 192.168.1.2.161, 0/10, 4 sent, 0 dropped.

SNMP Manager-role output packets

0 Get-request PDUs

0 Get-next PDUs

0 Get-bulk PDUs

0 Set-request PDUs

15607 Inform-request PDUs

2786 Timeouts

0 Drops

SNMP Manager-role input packets

0 Inform request PDUs

0 Trap PDUs

0 Response PDUs

0 Responses with errors

SNMP informs: enabled

Informs in flight 0/25 (current/max)

Logging to 192.168.1.2.161

11704 sent, 0 in-flight, 2276 retries, 508 failed, 11196 dropped

nashpaz01 · ‎05-04-2015

Figured it out line by line.

I had a restriction on the interface:

control-plane host
management-interface FastEthernet0/0 allow ssh telnet

once I added:

management-interface FastEthernet0/0 allow snmp

and all is well :-)