Also Alex, can you send us (unicast it to me and Prem if you don't want
to broadcast it) a "show tech" from the switch? I want to check the
SNMP config you have on the switch.
-Rajesh.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Prem Ananthakrishnan
(prananth)
Sent: Wednesday, August 23, 2006 3:56 PM
To: [log in to unmask]
Subject: Re: Whoops
Hi Alex,
Save run>> Start will be a wr mem ..which should again be a SET. Can't
see the SET packet here though :( We need to confirm the CAM is sending
a SET to switch.
Can we get a sniffer trace going between the two when you write to the
switch? Also on the CAM, If you do
tcpdump -q -a -vvv dst <switch ip>
Are you able to see packets being sent, when you write to it?
-Prem
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
Sent: Wednesday, August 23, 2006 3:41 PM
To: [log in to unmask]
Subject: Re: Whoops
Hi Prem,
Nice to hear from you - you guys are assets.
My boss sent you that packet dump, so I am not sure, but here's one I
just did. I turned on debugging then tried to "save the running config
to startup config" via the web interface:
If this is against protocol I don't have a problem doing this the
"normal" way - it's just that students starting coming back any minute
(literally) and if we can't get this up and running we have to move back
to in-line. No one wants to do that! I also think these types of
conversations are useful for the other list members.
http://oak.conncoll.edu/~aclan/terminal_log
Alex
Prem Ananthakrishnan (prananth) wrote:
>Hi Alex,
>
>I took a look at the information that was sent. Basically, we are not
>seeing any SNMP SET packets coming into the switch.
>
>We can see GET/GETNEXT information when you are reading the switch
>config. Don't worry about port 162 on CAM. That is for traps not for
>SNMP Read/Write
>
>Was the
>
>debug snmp header
>Debug snmp packets
>
>Captured at the time you were writing to the switch?
>
>You are right that it happens through the read write community that has
>been defined
>
>Thanks
>Prem
>
>-----Original Message-----
>From: Perfigo SecureSmart and CleanMachines Discussion List
>[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
>Sent: Wednesday, August 23, 2006 1:56 PM
>To: [log in to unmask]
>Subject: Re: Whoops
>
>Just the man I was hoping to hear from :-P
>
>We do have a TAC case opened on this, waiting to hear back from
>Jesse/Nate, who are waiting to hear from the engineers (is what what
>you are?), but it seemed like something that someone on here might have
>encountered.
>
>We used to be inline, just moved out of band a few days ago. When we
>add the switch, it reads the mac, snmp location and contact
>information, so it seems like its communicating fine. Also, the switch
>can ping the manager and vice versa.
>
>We are running 4.0.2 and 12.2(25)FX on a C2960-LANBASE-M. System image
>file is
>"flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin". The
>image is stock from the vendor, we didnt upgrade it.
>
>When we add the switch, it brings us to the page where it shows the
>port status, and it does read the vlan and whether or not the port is
>linked properly. I know it sounds like I'm saying "read" alot, which
>could mean an issue with the RW community, but I swear I have it right.
>
>As per your suggestion, i tried swapping it to "link notification".
>When I add the switch, it doesnt throw an error with that mib anymore,
>but when I hit "save configuration", it says "failed to save the
>running configuration."
>
>The error it spits back is:
>[Failure] Error:"No SNMP respone [1.3.6.1.4.1.9.9.215.1.1.5.0]."
>
>I looked that up, and it looks like the mac-notification, but i dont
>see the MIB on my cam. I tried snagging it from cisco and dropping it
>into the dir and restarting snmpd, but no luck.
>
>Here are our SNMP settings for the switch:
>
>snmp-server community rwcommunity RW
>snmp-server community rocommunity RO
>snmp-server location BillHall
>snmp-server contact my_boss
>snmp-server enable traps snmp authentication linkdown linkup coldstart
>warmstart snmp-server enable traps tty snmp-server enable traps cluster
>snmp-server enable traps entity snmp-server enable traps cpu threshold
>snmp-server enable traps rtr snmp-server enable traps vtp snmp-server
>enable traps vlancreate snmp-server enable traps vlandelete snmp-server
>enable traps flash insertion removal snmp-server enable traps
>port-security snmp-server enable traps envmon snmp-server enable traps
>MAC-Notification snmp-server enable traps copy-config snmp-server
>enable traps config snmp-server enable traps bridge newroot
>topologychange snmp-server enable traps stpx inconsistency
>root-inconsistency loop-inconsistency snmp-server enable traps syslog
>snmp-server enable traps vlan-membership snmp-server host CAM_IP
>version 2c rwcommunity cluster vtp vlancreate vlandelete port-security
>MAC-Notification copy-config config vlan-membership snmp !
>
>Certainly not ruling out the possibility that its a RW issue. OK, so
>question - in the profiles view there is snmp v1, 2, and 3. How do I
>know which one it's going to try? I tried putting my password in v1
>then hitting "save config" to copy ru st, that failed. Tried the same
>thing with v2, and that failed also.
>
>I get that a trap sends from the switch to the server, and that what
>we're trying to do is have the server talk to the switch. I'd assume
>that just happens through the RW community. Also, 162 on the CAM is
>closed, not open, but I don't know if thats expected behavior or not.
>
>Any thoughts?
>
>Alex
>
>
>Rajesh Nair (rajnair) wrote:
>
>
>
>>Alex,
>>
>>Is this happening with one switch or several? If its only happening
>>with one switch, does everything work okay with Link-up instead?
>>Also,
>>
>>
>
>
>
>>what is the switch model and the IOS/CatOS version?
>>
>>-Rajesh.
>>
>>-----Original Message-----
>>From: Perfigo SecureSmart and CleanMachines Discussion List
>>[mailto:[log in to unmask]] On Behalf Of Lanstein, Alex C
>>Sent: Wednesday, August 23, 2006 11:42 AM
>>To: [log in to unmask]
>>Subject: Whoops
>>
>>Sorry, ignore my previous message's subject line, i hit reply and
>>forgot to change it
>>
>>Regards,
>>
>>Alex Lanstein
>>Senior Software Engineer, Transitional Data Services Help Desk/Network
>>Junkie, Connecticut College Chief Coffee Drinker, LBCCHosting
>>860-625-4277
>>[log in to unmask]
>>
>>
>>
>>
>>
|