Cisco :: Unidentified Traps And Interface Down Alerts LMS 4.2
Feb 4, 2013
Sometimes we have unidentified traps in our log, we don't know where they come from.
In high severity faults we see an active alert with device name “Unidentified” event name unresponsive but with a certain ip address.
What are these alerts about? Can I filter them?,A second issue I have is that I get interface down alerts. But when we log on to the device, there is no interface down at all. We can also ping the device from the lms server at that time. I have been told that the admin state and operational state has to be up.
I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
LMS 4.2. I am receiving the alert below in my email inbox. It was my understanding that DFM would not send alerts for interfaces that are shut down. Is this a bug? [code]
im having lms 4.2.2 and monitoring a cisco 7600 router interface ten gigabit ethernet x/x under dfm. When ever the interface is down due to any media issue i am not getting any alerts in dfm., the interface used to go down for more than 10 minutes. I am able to do an snmpwalk to this interface when the interface was down and getting the value as 2(for down). I am getting other information and configuration mode alerts in dfm for this device.
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
From the WAP4410N admin pages or console you can enable e-mail alerts. You have to set the essential TO address and mail server address. Where can I put the FROM address ? From what I can see it uses the hostname value as from address. The hostname in my case is ap02. Then you could try setting a mail address in the hostname field, but thats not allowed.
On a Cisco ASA 8.4 code is it possible to receive an alert once a certain number of tcp/udp connections is reached? I'd like to see if I can get an email alert or syslog if the ASA reaches say 2,000 connections for example. Once I get an alert I could then investigate the cause of so many connections.
Is there any way to change the subject line of the email alerts that are sent? Right now mine are coming with the MAC address, date and time. I would like to remove the MAC address and date and time so that I can sort them into one folder when I sort my email by subject.
there are always some Traps more or less processed by LMS showing up in Fault Monitor View.Especially some Pass-Through or Unidentified Traps can be annoying if you want to keep the view clean.I wonder how to disable such Traps to not beeing displayd on the DFM Fault Monitor View?
I have recently noticed that in my WLC traps I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS. Example Mac addresss'08:11:96:e4:1a:60,4Wed Mar 27 16:05:56 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate5Wed Mar 27 16:05:45 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate7Wed Mar 27 16:04:53 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate12Wed Mar 27 16:02:51 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?
I have been experiencing wireless connectivity issues with one of our Cisco 1231G AP. Every now and then users would not be able to connect to the AP. To dive deeper into this issue, I would like to configure SNMP traps on this AP. We are using PRTG and there is an option to configure SNMP trap. However, I would need to now the OID of the AP. Also i need to check for interface up/down status for both fastethernet and the radio. PRTG should be able to notify me when there is any interface resets.
I want to configure snmp-traps regarding stpx (root-inconsistency, loop-inconsistency) on a Cisco Nexus 1000V. The command "show snmp traps" lists stpx as a trap that could be configured and which is not at the moment.
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
Iam facing an issue with high cpu utilization of cisco 2600 router . When i give show cpu process command i can see three process are using high cpu those are as below
Router #sh proc cpu sorted CPU utilization for five seconds: 90%/3%; one minute: 92%; five minutes: 87% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 79 34734981 380093 91388 61.99% 60.36% 55.28% 0 Syslog Traps 70 3468095320 810529544 4278 14.41% 16.05% 16.15% 0 Encrypt Proc 32 2386134243 2409465973 0 6.79% 6.40% 6.57% 0 IP Input
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down 2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state 2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
During this time we've had two different Internet Service Providers as well as two different modems. Also we've had 9 different devices connected to modem wirelessly. ( 2 Desktops, 3 laptops, 2 Xbox 360s, and 2 Nintendo Dss ) And this desktop is the only one that has had any issues, it's also the oldest of the devices. So I doubt the issue lies within networking but more with the actual desktop. I've even conneceted the desktop straight to the modem with an ethernet cord, also to no avail.
ok i did the cmd ipconfig and it says media state disconnected.also i uninstall a network adapter it was the isatap one also it had a yellow mark one it so thats why i tryed to uninstall it i thought it would let me install it agian but it didnt so i did that add legacy hardware so now it shows it in the hidden devices tad with out that yellow mark also when i try the problem and solution found the isatap sayinf could not load driver software click on it and it says windows was able to successfully install device driver software but the driver software encountered a problem when it tried to run.the problem code is 31. the control panel tad would all was say microsoft windows came up saying window explorer has stopped working windows is checking for solution to the problem windows explorer the internet was working then and it still was i think it had that internet ball on it but when i try to use the internet it wouldnt connect