Cisco :: Unidentified Traps And Interface Down Alerts LMS 4.2
Feb 4, 2013
Sometimes we have unidentified traps in our log, we don't know where they come from.
In high severity faults we see an active alert with device name “Unidentified” event name unresponsive but with a certain ip address.
What are these alerts about? Can I filter them?,A second issue I have is that I get interface down alerts. But when we log on to the device, there is no interface down at all. We can also ping the device from the lms server at that time. I have been told that the admin state and operational state has to be up.
View 1 Replies
ADVERTISEMENT
Oct 3, 2012
I am getting these unwanted entries on my syslog server.03/10/2012 12:57:48 172.21.113.20 Error 23898: Interface FastEthernet0/1, changed state to downI tried to stop them with no snmp trap link-status but it hasn;t worked.[CODE]
View 4 Replies
View Related
Jun 19, 2012
LMS 4.2. I am receiving the alert below in my email inbox. It was my understanding that DFM would not send alerts for interfaces that are shut down. Is this a bug? [code]
View 2 Replies
View Related
Nov 2, 2012
im having lms 4.2.2 and monitoring a cisco 7600 router interface ten gigabit ethernet x/x under dfm. When ever the interface is down due to any media issue i am not getting any alerts in dfm., the interface used to go down for more than 10 minutes. I am able to do an snmpwalk to this interface when the interface was down and getting the value as 2(for down). I am getting other information and configuration mode alerts in dfm for this device.
View 1 Replies
View Related
Nov 6, 2012
I am looking for a way to get CiscoWorks LMS 4 to send me an email alert when a switch port goers into a security violation (err-disabled).
View 2 Replies
View Related
Feb 2, 2012
I have been getting alerts on unused serial ports on my routers as being operational down. How can I stop these alerts?
View 5 Replies
View Related
Oct 14, 2012
I will be configuring port forwarding to a phone system on the network for remote management. I would like to have the ASA send an email alert when a connection has been made to the open port. Is this possible to do and if so how to configure it.
View 1 Replies
View Related
Jul 22, 2012
Can I configure the 2504 to send email notifications for particular alerts? how?
View 2 Replies
View Related
Oct 21, 2012
Under high severity Alerts Its showing following Error
An exception occurred.Please check the AAD.log file for further details.
AAD log shows This
22-Oct-2012|10:48:17.625|ERROR|AAD|TP-Processor6|DeviceManager|getHighSeverityAlerts()|.|com.cisco.nm.trx.afd.AlertRenderer.AFDException
[Code].....
View 2 Replies
View Related
May 27, 2011
From the WAP4410N admin pages or console you can enable e-mail alerts. You have to set the essential TO address and mail server address. Where can I put the FROM address ? From what I can see it uses the hostname value as from address. The hostname in my case is ap02. Then you could try setting a mail address in the hostname field, but thats not allowed.
[Code]....
View 3 Replies
View Related
Oct 4, 2012
On a Cisco ASA 8.4 code is it possible to receive an alert once a certain number of tcp/udp connections is reached? I'd like to see if I can get an email alert or syslog if the ASA reaches say 2,000 connections for example. Once I get an alert I could then investigate the cause of so many connections.
View 1 Replies
View Related
Mar 21, 2013
We are getting below logs in our Syslog, how could i stop this."%ASA-2-106017: Deny IP due to Land Attack from 161.233.167.65 to 161.233.167.65 "
View 1 Replies
View Related
Jul 11, 2011
in LMS 4.0, is it possible to send traps from IPM? I remember that this was impossible from LMS 3.x.
View 1 Replies
View Related
Feb 8, 2012
Is there any way to change the subject line of the email alerts that are sent? Right now mine are coming with the MAC address, date and time. I would like to remove the MAC address and date and time so that I can sort them into one folder when I sort my email by subject.
View 7 Replies
View Related
Mar 16, 2012
there are always some Traps more or less processed by LMS showing up in Fault Monitor View.Especially some Pass-Through or Unidentified Traps can be annoying if you want to keep the view clean.I wonder how to disable such Traps to not beeing displayd on the DFM Fault Monitor View?
View 1 Replies
View Related
Dec 21, 2011
We need IPM (LMS 4.1) to send and e-mail, sms o trap to NNM, is it possible??
View 2 Replies
View Related
Mar 26, 2013
I have recently noticed that in my WLC traps I keep finding lots of Mac addresses that have many hits on joining but it's the same MAC ADDRESS. Example Mac addresss'08:11:96:e4:1a:60,4Wed Mar 27 16:05:56 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate5Wed Mar 27 16:05:45 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate7Wed Mar 27 16:04:53 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate12Wed Mar 27 16:02:51 2013Client with MAC address 08:11:96:e4:1a:60 has joined profile corporate This has like 20 hits in the traps section and when I check my ISE this is also reflected on the authentication aspect. This is starting to occur with many different client laptops, why does it keep re-authenticatiing into the profile joined?Is there a Time to Live TTL setting I can set so it doesn't poll so often? The users aren't doing anything this is all occuring automcatically, I think it's the WLC 5508 controller not the ISE.
View 2 Replies
View Related
Jun 15, 2011
I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent. We definitely want to know when one of the switches in the cluster fails.
I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster. What do these traps actually do?
View 2 Replies
View Related
Jan 17, 2011
I have been experiencing wireless connectivity issues with one of our Cisco 1231G AP. Every now and then users would not be able to connect to the AP. To dive deeper into this issue, I would like to configure SNMP traps on this AP. We are using PRTG and there is an option to configure SNMP trap. However, I would need to now the OID of the AP. Also i need to check for interface up/down status for both fastethernet and the radio. PRTG should be able to notify me when there is any interface resets.
View 6 Replies
View Related
Jul 5, 2011
I've noted a number of traps reported correctly but with the wrong SSID in the detail on 7.0.116.0
View 1 Replies
View Related
Dec 18, 2011
I want to configure snmp-traps regarding stpx (root-inconsistency, loop-inconsistency) on a Cisco Nexus 1000V. The command "show snmp traps" lists stpx as a trap that could be configured and which is not at the moment.
MKBE1NX1# sh snmp trap
--------------------------------------------------------------------------------
Trap type Enabled
--------------------------------------------------------------------------------
entity : entity_mib_change Yes
entity : entity_module_status_change Yes
entity : entity_power_status_change Yes
[code].....
Nothing about stpx... Is there some other way to configure more traps?
View 2 Replies
View Related
Jan 30, 2012
Is there a way to send an SNMP trap form the ASA when port 80 is trying to be accessed??
We use the ASA5510 and also use ScanSafe Web Security. Web Security is great but we find ourselves worrying if user has edited their Browser connection settings to remove the proxy settings that we push down using Group Policy. We also cut off the users ability to make changes to those settings but it interferes when I need to troubleshoot a special program that cant use a proxy server. It just makes it harder for me. The other thing is that Group Policy only works for IE. Google Chrome will inherit the system settings in IE. So we have Safari and Firefox as well as a lot of others to worry about not getting the configuration. There is also debate about limitting the use of anything but IE and FireFox.
Without laying down the law and getting all sorts of hate mail and death threats I would like to run ScanSafe in such a way as to make sure each user receives the Group Policy settings and that is all.
I would now like to just set up an SNMP trap on the ASA for ANY traffic that is trying to get to port 80. Either get in in my syslog server or have the asa email me directly. Scansafe sends the Internet traffic out on 8080 to the Proxy towers.
I could block port 80 outbound but again, I limit my ability to troubleshoot on the fly. I would have to break this every time I need to troubleshoot.
View 1 Replies
View Related
Sep 21, 2011
Iam facing an issue with high cpu utilization of cisco 2600 router . When i give show cpu process command i can see three process are using high cpu those are as below
Router #sh proc cpu sorted
CPU utilization for five seconds: 90%/3%; one minute: 92%; five minutes: 87%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
79 34734981 380093 91388 61.99% 60.36% 55.28% 0 Syslog Traps
70 3468095320 810529544 4278 14.41% 16.05% 16.15% 0 Encrypt Proc
32 2386134243 2409465973 0 6.79% 6.40% 6.57% 0 IP Input
What may be causing this issue.
View 2 Replies
View Related
May 24, 2012
Had setup my ACE ,to send traps to SNMP server .but dont see any logs on the SNMP server from ACE.
SNMP configuration on ACE
logging enable
logging buffered 6
logging host 10.12.40.12 udp/514
[code].....
View 1 Replies
View Related
May 17, 2012
Trying to migrate the config run on IOS 12.1 to 12.2 ?It seems there's no snmop traps isdn command support on 12.2.
where i can enable trap on ISDN over IOS 12.2 (33) sxj1 running on C6500 chassis?
View 2 Replies
View Related
May 31, 2012
I am seeing SNMP coldstart traps that either are delayed by many hours or are false (e.g. right after receiving the coldstart trap a query to sysUptime shows the nodes been up for days).I seen this twice this week in a new network environment for me for two different C2900s running C2900-UNIVERSALK9-M Version 15.0(1)M3 Assuming the coldstart traps are coming from the actual source nodes, I am curious what could be going on here.
1) One guess I have is possibly the system clock changed could cause the SNMP agent to send a false cold start trap. Then my guess is in the device log I should see a system time change syslog message.
2) I recall hearing once that syslog and possible traps messages are held in configurable buffer who default value is 1 and if not sent are held and then suffer a delayed sent. Is it true for both traps and syslog ? In the past I assumed this was simply the logging history buffer and applicable to syslog traps only. My assumption in the past was that last trap or last syslog message is sometimes held on reload and sent immediately after restart regardless of device connectivity to the management target.
I always assumed coldstart traps are never delayed for any reason and that they were pretty accurate substitutes for system reload syslog messages. Does anyknow know any reason for false or delayed coldstart traps on a C2900 with IOS 15.0(1) ?
View 1 Replies
View Related
Nov 16, 2011
Cisco LMS 4.0: Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address? • Traps contain the original Device Agent IP to identify the source (Not the IP of LMS)?• Is possible to configure one logical IP address or Domain Name for redundant LMS:Cisco Security Manager 4.1:Is able to forward SNMP traps (ver. 2c) received from device registered with it to a configurable IP address?• Traps contain the original Device Agent IP to identify the source (Not the IP of Security Manager)? • Is possible to configure one logical IP address or Domain Name for redundant Security Manager?
View 0 Replies
View Related
Dec 7, 2011
I want to capture RPS related alarm on SNMP server for RPS2300 and cisco 3750d switch
View 1 Replies
View Related
Oct 20, 2010
My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky
[code].....
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
View 3 Replies
View Related
May 16, 2013
We have a catalyst 2950 switch running:
IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA6, RELEASE SOFTWARE (fc1)
This release doesnt have the snmp-server enable traps errdisable command.
Where to look on the cisco site for the next available release for me that would have this command in place?
View 2 Replies
View Related
Mar 24, 2003
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
View 2 Replies
View Related
May 23, 2012
During this time we've had two different Internet Service Providers as well as two different modems. Also we've had 9 different devices connected to modem wirelessly. ( 2 Desktops, 3 laptops, 2 Xbox 360s, and 2 Nintendo Dss ) And this desktop is the only one that has had any issues, it's also the oldest of the devices. So I doubt the issue lies within networking but more with the actual desktop. I've even conneceted the desktop straight to the modem with an ethernet cord, also to no avail.
View 1 Replies
View Related
Apr 25, 2011
ok i did the cmd ipconfig and it says media state disconnected.also i uninstall a network adapter it was the isatap one also it had a yellow mark one it so thats why i tryed to uninstall it i thought it would let me install it agian but it didnt so i did that add legacy hardware so now it shows it in the hidden devices tad with out that yellow mark also when i try the problem and solution found the isatap sayinf could not load driver software click on it and it says windows was able to successfully install device driver software but the driver software encountered a problem when it tried to run.the problem code is 31. the control panel tad would all was say microsoft windows came up saying window explorer has stopped working windows is checking for solution to the problem windows explorer the internet was working then and it still was i think it had that internet ball on it but when i try to use the internet it wouldnt connect
View 8 Replies
View Related
