LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

August 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS August 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Whoops
From:	"Rajesh Nair (rajnair)" <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Wed, 23 Aug 2006 16:21:12 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (207 lines)

Also Alex, can you send us (unicast it to me and Prem if you don't want
to broadcast it) a "show tech" from the switch?  I want to check the
SNMP config you have on the switch.

-Rajesh. 

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Prem Ananthakrishnan
(prananth)
Sent: Wednesday, August 23, 2006 3:56 PM
To: [log in to unmask]
Subject: Re: Whoops

Hi Alex,

Save run>> Start will be a wr mem ..which should again be a SET. Can't
see the SET packet here though :( We need to confirm the CAM is sending
a SET to switch.

Can we get a sniffer trace going between the two when you write to the
switch? Also on the CAM, If you do 

 tcpdump -q -a -vvv dst <switch ip>

Are you able to see packets being sent, when you write to it? 

-Prem

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
Sent: Wednesday, August 23, 2006 3:41 PM
To: [log in to unmask]
Subject: Re: Whoops

Hi Prem,

Nice to hear from you - you guys are assets. 

My boss sent you that packet dump, so I am not sure, but here's one I
just did.  I turned on debugging then tried to "save the running config
to startup config" via the web interface:

If this is against protocol I don't have a problem doing this the
"normal" way - it's just that students starting coming back any minute
(literally) and if we can't get this up and running we have to move back
to in-line.  No one wants to do that!  I also think these types of
conversations are useful for the other list members.

http://oak.conncoll.edu/~aclan/terminal_log

Alex


Prem Ananthakrishnan (prananth) wrote:

>Hi Alex,
>
>I took a look at the information that was sent. Basically, we are not 
>seeing any SNMP SET packets coming into the switch.
>
>We can see GET/GETNEXT information when you are reading the switch 
>config. Don't worry about port 162 on CAM. That is for traps not for 
>SNMP Read/Write
>
>Was the
>
>debug snmp header
>Debug snmp packets
>
>Captured at the time you were writing to the switch?
>
>You are right that it happens through the read write community that has

>been defined
>
>Thanks
>Prem
>
>-----Original Message-----
>From: Perfigo SecureSmart and CleanMachines Discussion List 
>[mailto:[log in to unmask]] On Behalf Of Alex Lanstein
>Sent: Wednesday, August 23, 2006 1:56 PM
>To: [log in to unmask]
>Subject: Re: Whoops
>
>Just the man I was hoping to hear from :-P
>
>We do have a TAC case opened on this, waiting to hear back from 
>Jesse/Nate, who are waiting to hear from the engineers (is what what 
>you are?), but it seemed like something that someone on here might have

>encountered.
>
>We used to be inline, just moved out of band a few days ago.   When we 
>add the switch, it reads the mac, snmp location and contact 
>information, so it seems like its communicating fine.  Also, the switch

>can ping the manager and vice versa.
>
>We are running 4.0.2 and 12.2(25)FX on a C2960-LANBASE-M.  System image

>file is
>"flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin".  The

>image is stock from the vendor, we didnt upgrade it.
>
>When we add the switch, it brings us to the page where it shows the 
>port status, and it does read the vlan and whether or not the port is 
>linked properly.  I know it sounds like I'm saying "read" alot, which 
>could mean an issue with the RW community, but I swear I have it right.
>
>As per your suggestion, i tried swapping it to "link notification".  
>When I  add the switch, it doesnt throw an error with that mib anymore,

>but when I hit "save configuration", it says "failed to save the 
>running configuration."
>
>The error it spits back is:
>[Failure] Error:"No SNMP respone [1.3.6.1.4.1.9.9.215.1.1.5.0]."
>
>I looked that up, and it looks like the mac-notification, but i dont 
>see the MIB on my cam.  I tried snagging it from cisco and dropping it 
>into the dir and restarting snmpd, but no luck.
>
>Here are our SNMP settings for the switch:
>
>snmp-server community rwcommunity RW
>snmp-server community rocommunity RO
>snmp-server location BillHall
>snmp-server contact my_boss
>snmp-server enable traps snmp authentication linkdown linkup coldstart 
>warmstart snmp-server enable traps tty snmp-server enable traps cluster

>snmp-server enable traps entity snmp-server enable traps cpu threshold 
>snmp-server enable traps rtr snmp-server enable traps vtp snmp-server 
>enable traps vlancreate snmp-server enable traps vlandelete snmp-server

>enable traps flash insertion removal snmp-server enable traps 
>port-security snmp-server enable traps envmon snmp-server enable traps 
>MAC-Notification snmp-server enable traps copy-config snmp-server 
>enable traps config snmp-server enable traps bridge newroot 
>topologychange snmp-server enable traps stpx inconsistency 
>root-inconsistency loop-inconsistency snmp-server enable traps syslog 
>snmp-server enable traps vlan-membership snmp-server host CAM_IP 
>version 2c rwcommunity cluster vtp vlancreate vlandelete port-security 
>MAC-Notification copy-config config vlan-membership snmp !
>
>Certainly not ruling out the possibility that its a RW issue.  OK, so 
>question - in the profiles view there is snmp v1, 2, and 3.  How do I 
>know which one it's going to try?  I tried putting my password in v1 
>then hitting "save config" to copy ru st, that failed.  Tried the same 
>thing with v2, and that failed also.
>
>I get that a trap sends from the switch to the server, and that what 
>we're trying to do is have the server talk to the switch.  I'd assume 
>that just happens through the RW community.  Also, 162 on the CAM is 
>closed, not open, but I don't know if thats expected behavior or not.
>
>Any thoughts? 
>
>Alex
>
>
>Rajesh Nair (rajnair) wrote:
>
>  
>
>>Alex,
>>
>>Is this happening with one switch or several?  If its only happening 
>>with one switch, does everything work okay with Link-up instead?
>>Also,
>>    
>>
>
>  
>
>>what is the switch model and the IOS/CatOS version?
>>
>>-Rajesh. 
>>
>>-----Original Message-----
>>From: Perfigo SecureSmart and CleanMachines Discussion List 
>>[mailto:[log in to unmask]] On Behalf Of Lanstein, Alex C
>>Sent: Wednesday, August 23, 2006 11:42 AM
>>To: [log in to unmask]
>>Subject: Whoops
>>
>>Sorry, ignore my previous message's subject line, i hit reply and 
>>forgot to change it
>>
>>Regards,
>>
>>Alex Lanstein
>>Senior Software Engineer, Transitional Data Services Help Desk/Network

>>Junkie, Connecticut College Chief Coffee Drinker, LBCCHosting
>>860-625-4277
>>[log in to unmask]
>>
>> 
>>
>>    
>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU