Cisco :: 7.0.116.0 / WLC Generating Traps With Wrong SSID
Jul 5, 2011I've noted a number of traps reported correctly but with the wrong SSID in the detail on 7.0.116.0
View 1 RepliesI've noted a number of traps reported correctly but with the wrong SSID in the detail on 7.0.116.0
View 1 RepliesDoes Cisco WLC 5508 runnig code 6.0.196.0 allows you to generate CSR? Or do you have to use OPENSSL like in previous versions?
View 16 Replies View RelatedI am unable to see the interface down alarms on my cisco works LMS 4.0 .
This problem is happening only for the Gigabit interfaces , i m receiving the alarms for the POS interfaces . The router status is showning as known .i have also added this interface in poller also .
I've got a a customer that is using a single sign on product that uses agents installed on the customer's domain controllers. This works fine accept for one scenario. When the customer transitions from a wired to wireless connection or vice versa. We have determined the reason for this is that the DCs are not getting Windows logon events ie 540 on 2003 servers or 4624 on 2008+. The users have files shares mapped onto member servers but refreshing those is not hitting the DCs.
Any way to ensure hitting a domain resource generates a logon event on a DC without directly mapping a resource on a DC. If it matters there are 50 domain controllers and around 200 member servers spread all over 48 states.
We are using CISCO LMS 4.2.3 in our network in India, we are facing a issue regarding alarm generation for a protocol flap/down, especially when BGP / OSPF neighbourship got flapped.These flapping will result in the data service degradation , by which we came to know that some protocol flap may occurred at router end & then we go for the manual check by login into the router.After escalating the same to cisco we came to know that it is a bug of Cisco LMS. using any other method/technique to view the protocol down alarms automatically for cisco routers.
View 2 Replies View RelatedI have ACS 5.2 and would like to know if I can schedule a report to be sent to my email address each Sunday for example for all the failed and succeeded attempts for devices authentication.
View 3 Replies View RelatedI am attemtping to install new ssl certs on our 5.3 cluster. I was able to generate the CSR on the Primary host. When I attempt to generate the csr on the secondary host, I receive the following error:
This System Failure occurred: Error while remotely calling Primary to create: com.cisco.nm.acs.im.certificate.CertificateRequest Object{ request=[B@144cead, privateKey=null, encryptedPrivateKeyPassword=[B@5ce155, certificateSubject=CN=xxxx.xxxxxx.net, keyLength=2048, digest=SHA1, timeStamp=null, friendlyName=null, guid=[B@1cd99ca, description=null, name=xxxx.xxxx.net, version=0, id=0}. Your changes have not been saved.Click OK to return to the list page.
Both hosts are running identical versions:
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.3.0.40
Internal Build ID : B.839
We are using CISCO LMS 4.2.3 in our network in India, we are facing a issue regarding alarm generation for a protocol flap/down, especially when BGP / OSPF neighbourship got flapped.These flapping will result in the data service degradation , by which we came to know that some protocol flap may occurred at router end & then we go for the manual check by login into the router.after escalating the same to cisco we came to know that it is a bug of Cisco LMS. using any other method/technique to view the protocol down alarms automatically for cisco routers.
View 1 Replies View RelatedWe have Cisco 3945 Router and generating crashinfo while firing PRI from this Router.
View 1 Replies View RelatedRecently I had came across 1 issue where one of the server IP had conflicted with VIP of Nexus core switch. The blade server was physically connected to Nexus Distribution switch which in turn connects to Nexus core. Neither Nexus core nor distribution had generate any logs in regards to IP conflict which ideally happens on Cisco catalyst switches. I haven't find any document on cisco as well as on internet for this issue . I dont know what logging need to enable on Nexus for this specific case . There are different logging levels define for every feature like hsrp, ip,monitor etc...
We have Nexus 7k with latest release 4.2(6) Software
BIOS: version 3.22.0
kickstart: version 4.2(6)
system: version 4.2(6)
in LMS 4.0, is it possible to send traps from IPM? I remember that this was impossible from LMS 3.x.
View 1 Replies View Relatedthere are always some Traps more or less processed by LMS showing up in Fault Monitor View.Especially some Pass-Through or Unidentified Traps can be annoying if you want to keep the view clean.I wonder how to disable such Traps to not beeing displayd on the DFM Fault Monitor View?
View 1 Replies View RelatedWe need IPM (LMS 4.1) to send and e-mail, sms o trap to NNM, is it possible??
View 2 Replies View RelatedRegion : UnitedKingdom
Model : TD-W8951ND
Hardware Version : V5
Firmware Version : 22.05.2012
ISP :
I have a TD-W8951ND v5 on the latest firmware.
I recently broke my broadband data cap which surprised me as I had not been using the internet much.
I only have tablet which I switched off having first checked the router to make sure there were no other wireless connections and adding MAC address filtering to be sure no one else was stealing my bandwidth. With just my router connected to the ISP, my ISP has recorded 170MB of downloaded data in 3.5 hours. Switching off the router stops the traffic being recorded (as you would expect), but when switched back on the large data transfers start up again.
I have plugged in an older router (not wireless) and no traffic is generated, so it seems to be the TP-Link router rather than my ISP or ADSL circuit that is at fault.
I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
View 4 Replies View RelatedI have recently noticed that in my WLC traps I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS. Example Mac addresss'08:11:96:e4:1a:60,4Wed Mar 27 16:05:56 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate5Wed Mar 27 16:05:45 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate7Wed Mar 27 16:04:53 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate12Wed Mar 27 16:02:51 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
View 2 Replies View RelatedI have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?
I have been experiencing wireless connectivity issues with one of our Cisco 1231G AP. Every now and then users would not be able to connect to the AP. To dive deeper into this issue, I would like to configure SNMP traps on this AP. We are using PRTG and there is an option to configure SNMP trap. However, I would need to now the OID of the AP. Also i need to check for interface up/down status for both fastethernet and the radio. PRTG should be able to notify me when there is any interface resets.
View 6 Replies View RelatedSometimes we have unidentified traps in our log, we don't know where they come from.
In high severity faults we see an active alert with device name “Unidentified” event name unresponsive but with a certain ip address.
What are these alerts about? Can I filter them?,A second issue I have is that I get interface down alerts. But when we log on to the device, there is no interface down at all. We can also ping the device from the lms server at that time. I have been told that the admin state and operational state has to be up.
I want to configure snmp-traps regarding stpx (root-inconsistency, loop-inconsistency) on a Cisco Nexus 1000V. The command "show snmp traps" lists stpx as a trap that could be configured and which is not at the moment.
MKBE1NX1# sh snmp trap
--------------------------------------------------------------------------------
Trap type Enabled
--------------------------------------------------------------------------------
entity : entity_mib_change Yes
entity : entity_module_status_change Yes
entity : entity_power_status_change Yes
[code].....
Nothing about stpx... Is there some other way to configure more traps?
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
Iam facing an issue with high cpu utilization of cisco 2600 router . When i give show cpu process command i can see three process are using high cpu those are as below
Router #sh proc cpu sorted
CPU utilization for five seconds: 90%/3%; one minute: 92%; five minutes: 87%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
79 34734981 380093 91388 61.99% 60.36% 55.28% 0 Syslog Traps
70 3468095320 810529544 4278 14.41% 16.05% 16.15% 0 Encrypt Proc
32 2386134243 2409465973 0 6.79% 6.40% 6.57% 0 IP Input
What may be causing this issue.
Had setup my ACE ,to send traps to SNMP server .but dont see any logs on the SNMP server from ACE.
SNMP configuration on ACE
logging enable
logging buffered 6
logging host 10.12.40.12 udp/514
[code].....
Trying to migrate the config run on IOS 12.1 to 12.2 ?It seems there's no snmop traps isdn command support on 12.2.
where i can enable trap on ISDN over IOS 12.2 (33) sxj1 running on C6500 chassis?
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
View 0 Replies View RelatedI want to capture RPS related alarm on SNMP server for RPS2300 and cisco 3750d switch
View 1 Replies View RelatedMy group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky
[code].....
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
We have a catalyst 2950 switch running:
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
This release doesnt have the snmp-server enable traps errdisable command.
Where to look on the cisco site for the next available release for me that would have this command in place?
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
View 2 Replies View RelatedIs it possible to assign a single ssid to multiple interface groups by assigning the ssid to multiple AP groups?
I have buildings geographically dispersed that are configured with multiple vlans in interface groups so that I can maintain an addressing scheme of dhcp assigned addresses per building. Each building is also further grouped as AP groups. I'd like to know if by assigning the same wlan ssid to each of the AP groups, will I maintain addressing integrity for each building? I'm thinking it will work.
Do the buildings have to be outside AP range of each other to avoid problems?
5508 controller
7.2.110.0 code
6 buildings
6 interface groups
1 ssid
I have a CME on the other end of my MPLS network. When troubleshooting phone issues i setup a phone on the CME system in question and point its TFTP server to the address of the CME router. Now, i need to point this phone to another CME but it keeps registering with the previous one no matter what i do (the TFTP server is pointed to the new CME). I have tried turning off the auto register, and i have deleted the ephone and its mac address all together but it always registers with the wrong CME.
The phone is a 7962 with a 7914 expansion module.
PIX 525 6.3(4)120
I am trying to allow clients coming in from my "DMZ6" interface with source IPs from the subnet 192.168.2.0 /24 to ping and access hosts on my "DMZ1" interface with destination IPs in the subnet 10.5.11.0 /24. I think I have the associated static NATs and the ACLs set up to allow this to happen. What I have noticed from syslog messages is that the PIX is trying to build the TCP connection to the "Inside" interface, rather than to DMZ1. Even though the destination host (10.5.11.12) is directly connected on DMZ1, the PIX is still trying to send the traffic to the "Inside" instead. I tried adding a host route to force 10.5.11.12 /32 pointing to DMZ1 and the PIX still tries to send the packets Inside. This only seems to happen when I try to go from DMZ6 to DMZ1. If I try to access hosts located in DMZ3 for example, which is also a directly connected interface on the PIX, it appropriately builds the connection to DMZ3. Here are the pertinent rules. Why would the PIX want to build the connection to the Inside, even though it knows that the destination host IP is directly connected to DMZ1?
ip address DMZ1 10.5.11.1 255.255.255.0
ip address DMZ6 10.5.16.1 255.255.255.0
ip address inside 10.5.18.17 255.255.255.240
[Code].....