I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?
I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
View 4 Replies View RelatedI have been experiencing wireless connectivity issues with one of our Cisco 1231G AP. Every now and then users would not be able to connect to the AP. To dive deeper into this issue, I would like to configure SNMP traps on this AP. We are using PRTG and there is an option to configure SNMP trap. However, I would need to now the OID of the AP. Also i need to check for interface up/down status for both fastethernet and the radio. PRTG should be able to notify me when there is any interface resets.
View 6 Replies View RelatedI want to configure snmp-traps regarding stpx (root-inconsistency, loop-inconsistency) on a Cisco Nexus 1000V. The command "show snmp traps" lists stpx as a trap that could be configured and which is not at the moment.
MKBE1NX1# sh snmp trap
--------------------------------------------------------------------------------
Trap type Enabled
--------------------------------------------------------------------------------
entity : entity_mib_change Yes
entity : entity_module_status_change Yes
entity : entity_power_status_change Yes
[code].....
Nothing about stpx... Is there some other way to configure more traps?
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
Had setup my ACE ,to send traps to SNMP server .but dont see any logs on the SNMP server from ACE.
SNMP configuration on ACE
logging enable
logging buffered 6
logging host 10.12.40.12 udp/514
[code].....
Trying to migrate the config run on IOS 12.1 to 12.2 ?It seems there's no snmop traps isdn command support on 12.2.
where i can enable trap on ISDN over IOS 12.2 (33) sxj1 running on C6500 chassis?
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
View 0 Replies View RelatedI want to capture RPS related alarm on SNMP server for RPS2300 and cisco 3750d switch
View 1 Replies View RelatedWe have a catalyst 2950 switch running:
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
This release doesnt have the snmp-server enable traps errdisable command.
Where to look on the cisco site for the next available release for me that would have this command in place?
My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky
[code].....
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
I am building a few 3750 stacks, I want to be able to poll/monitor each individual switch in the stack but as it only has 1 ip associated with the stack how can I do this. I am polling the uplink interfaces but as I only have uplinks on the top and bottom switch I am blind to a switch going down in the middle of the stack.
View 4 Replies View RelatedI have a cat 3750 switch with the folowing snmp v3 config:
-snmp-server group admin v3 priv
-snmp-server user lmsadmin admin v3 auth md5 password1 priv aes 256 password2
The credentials on the device in LMS are as folowing:
where Auth. password = password1 and private password = password2:
When I run a credentials verification job, I get the following error message:
Error performing SNMP operation.
I have tried this on LMS version 4.0 and 4.1 with the same result.
I want to make my switch send trap when failed SSH login is detected. I found the "login Enhancement" feature and enabled the trap and logging for the failed attempt.
3750# sh run | in login
aaa authentication login default local
login delay 1
[Code].....
We are currently monitoring approximately 50 locations each having one or more cisco devices, Catalyst 3750 and 3560.Locations are connected via CWDM.We would like to monitor interface errors, signal loss and power on CWDM SFP transceivers on Catalyst 3560 and Catalyst 3750 switches. We tried to get these values (as shown using „sh interface transceiver“ command) using SNMP but we didn't get any SNMP result. What MIB or other functions/ modules/ features need to be used/activated on switch?Do we need any additional piece of hardware?
View 25 Replies View RelatedIs there anyway to pull the usernames and passwords from a switch via SNMP or write a new username and password to switch via SNMP. I have switch that was apparently misconfigured and i am not feeling like driving all the way down there to console in.
View 2 Replies View RelatedI want to enable SNMP and track the status/ of the interfaces in switches.
We have Two- cat 3750 (L3 switch) and Nine-cat 2960 (L2)
How to configure the SNMP. any Links provides the required info with an example of configuring snmp will be really useful.
we have OPEN NMS, SPLUNK, MYSQL monitoring tools.
I have a snmp trap sent every 30 seconds from one of my cisco switches (a stack of 3750 to be precise): ccStatusMemberStatusChange. Do you know what it is and why it is sent continuously?
View 1 Replies View RelatedWe have a stack setup with 2 C3750x-12s and 5 C3750x-48p switches. We have two of these stacks. One is working and responding with snmp just fine. Our second one is showing the errors in the logThe only difference i see between the two stacks right now are the sw versions.
View 1 Replies View RelatedI am having a lab switch. Recently I am getting "%SCHED-3-SEMLOCKED: SNMP ENGINE attempted to lock a semaphore, already locked by itself" message and the switch has started to hang a little bit. I just want to know what this log means and how to trouble shoot.
I'm using C3750, version 12.2(25)SEE3
in LMS 4.0, is it possible to send traps from IPM? I remember that this was impossible from LMS 3.x.
View 1 Replies View Relatedthere are always some Traps more or less processed by LMS showing up in Fault Monitor View.Especially some Pass-Through or Unidentified Traps can be annoying if you want to keep the view clean.I wonder how to disable such Traps to not beeing displayd on the DFM Fault Monitor View?
View 1 Replies View RelatedWe need IPM (LMS 4.1) to send and e-mail, sms o trap to NNM, is it possible??
View 2 Replies View RelatedI have recently noticed that in my WLC traps I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS. Example Mac addresss'08:11:96:e4:1a:60,4Wed Mar 27 16:05:56 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate5Wed Mar 27 16:05:45 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate7Wed Mar 27 16:04:53 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate12Wed Mar 27 16:02:51 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
View 2 Replies View RelatedI've noted a number of traps reported correctly but with the wrong SSID in the detail on 7.0.116.0
View 1 Replies View RelatedSometimes we have unidentified traps in our log, we don't know where they come from.
In high severity faults we see an active alert with device name “Unidentified” event name unresponsive but with a certain ip address.
What are these alerts about? Can I filter them?,A second issue I have is that I get interface down alerts. But when we log on to the device, there is no interface down at all. We can also ping the device from the lms server at that time. I have been told that the admin state and operational state has to be up.
Iam facing an issue with high cpu utilization of cisco 2600 router . When i give show cpu process command i can see three process are using high cpu those are as below
Router #sh proc cpu sorted
CPU utilization for five seconds: 90%/3%; one minute: 92%; five minutes: 87%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
79 34734981 380093 91388 61.99% 60.36% 55.28% 0 Syslog Traps
70 3468095320 810529544 4278 14.41% 16.05% 16.15% 0 Encrypt Proc
32 2386134243 2409465973 0 6.79% 6.40% 6.57% 0 IP Input
What may be causing this issue.
We currently had to RMA both PIX 525s due to increasing crc errors. After swapping the old ones with the new we are still seeing crc errors on all gig interfaces. We have swapped the gig nic's and the sfp's and the fiber patch cables, yet still the crc errors continue to climb.
Another thing that's interesting is that when we disconnect the secondary we see an increase in throughput.
a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover. the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened. the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.
View 5 Replies View RelatedOur subscriber is suffering from bug CSCti52867. The file system check repairs errors but we are still experiencing the read-only file system. We can ssh into sub but there is no prompt to enter commands. None of the services are started so there is no web interface. Firmware update cd updated firmware to 3.6 but problem still exists.We have successful backups from pub. How to reinstall/restore sub after hardware failure? This is the first time I've ever had to work with dr.
View 5 Replies View RelatedI have a cluster of three layer three switches. Is it possible to build just one IPsec/GRE tunnel to the entire switch cluster or will I have to build an independent tunnel for each switch? I'm pretty sure you can't terminate GRE to an HSRP address, and I think that's the only way to build routing redundancy into a switch cluster.
View 2 Replies View RelatedHow many Ap's I can have in a 541N Cluster? I have heard 6 or 10.
View 2 Replies View Related