This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SNMPWALK

Hi there,

Thanks for reading!

I ran snmpwalk against my Cisco 2951 /K9.

It scanned and dumped a text file of OIDs which has none of the traps I'm looking for: LinkUp, LinkDown, ColdStart, WarmStart. 

Are those obscured behind OID numbers?

I ran snmpwalk because when I try to add the OID in the Poller Utility, it throws an error: OID not supported.

Thanks!

  • traps are one-way notifications from the device, you need to configure them in the trap receiver.

    they are very different from the MIB variables retried by snmpwalk

    what are you trying to do?

  • Hi Richard,

    Thanks for writing.  This is on my edge router so I think i'm going bail on traps.  For security, I don't want to put a route to my inside network on that router so any snmp v3 / trap traffic is going across the internet.

    What I want to do is monitor that edge router for basic connectivity: linkup, linkdown, etc.

    Don't I need a poller to do that?  That's where the OID stuff crossed my radar.

    Am I making this harder than it has to be?

    Thanks again for writing!

    Bob

  • I don't have any good advice here because it depends on your network architecture.

    I would suggest that perhaps you need a secure non-internet-routed management network that connects your networking equipment so you can manage the equipment. You can then firewall that network away from your users (source of most network outages IME, oh how they do like to loop up ports...) and the nefarious beings on the outer fringes of the Internet. If you have a management VLANs/VRF you then have the option to use CoS, so even if some tries to DoS you, you can still reach the management interface.

    the default out of the box NPM poller should be able to grab the SNMP ifState from the router, so you don't need a custom poller... punching a small port udp/161 through your firewall from your border router(s) to your management station should not pose a significant risk (I assume you have RPF checks on your border to drop inbound martians)

  • I have seen other people use traps on the edge network, specifically for bgp neighbor state changes.  Source the traps from the inside interface and couple it with a ACL and it should work.

    -Amit

    Loop1 Systems

    Field Engineer