Cisco ISE supported SNMP traps

Similar Messages

• What is the minimum server layer OEM version supports SNMP trap reception ?

  Hi:
  - I have been trying to enable SNMP trap reception on an OEM plug-in.
  - I turned on debug channel for recvlets.snmp and saw:
  2009-10-16 16:07:42,808 Thread-3028552624 ERROR recvlets.snmp: Duplicate threshold : test900, oracle_guide, interfaces, status
  and
  2009-10-16 16:09:08,382 Thread-3021634480 INFO recvlets.snmp: Trap received is to convert Data Point
  2009-10-16 16:09:08,379 Thread-3021634480 INFO recvlets.snmp: Sending Data Point ...
  2009-10-16 16:09:08,379 Thread-3021634480 INFO recvlets.snmp: Listening for TRAP
  So, it looks like the OEM agent can receive traps but no data point or alert appears.
  And, the agent always issues an error about duplicate thresholds.
  - Does the agent have to be patched ?
  My agent is:
  Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
  Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
  Agent Version : 10.2.0.5.0
  OMS Version : 10.2.0.1.0
  Protocol Version : 10.2.0.0.0
  Agent is Running and Ready
  - on the server layer, the oms is:
  Oracle Enterprise Manager 10g Release 10.2.0.1.0
  Copyright (c) 1996, 2005 Oracle Corporation. All rights reserved.
  Oracle Management Server is Up.
  Is a patch needed for OMS ?
  Should OMS be version 10.2.0.5.0 ?
  Thanks
  John
  Edited by: user8826739 on Feb 23, 2010 7:17 AM

  10.2.0.5 should be fine ...
  Dave

• 3750 Cluster and SNMP traps

  I have a 3750 cluster and I want to know what are the recommended snmp traps to be sent.  We definitely want to know when one of the switches in the cluster fails.
  I've read about snmp-server enable traps stackwise and snmp-server enable traps cluster.    What do these traps actually do?

  stackwise would be useful, here's a description:
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=ciscoStackWiseMIB&translate=Translate&submitValue=SUBMIT
  also have a look at:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/13ew/command/reference/S1.html#wp1126420

• Syslog traps vs SNMP traps

  Concerning the Syslog logging and SNMP traps, what is the difference.
  I have seen that syslog is more for troubleshooting, but does syslog, when set to log "debugging", offer the same level of information that SNMP traps do?
  For example, can you get real time config changes via syslog as you can with SNMP?
  If so, why use both?

  syslog will send whatever you can see on the CLI of the device at a maximum of a debug level as you say.
  for SNMP traps related to configuration changes, you can use the mibs depending on the events you want to know about.
  If we take for example the config traps, they are part of
  CISCO-CONFIG-MAN-MIB. That mib can send traps with the following OIDs:
  ftp://ftp.cisco.com/pub/mibs/oid/CISCO-CONFIG-MAN-MIB.oid
  When you will go through that you will realize that the CONFIG mib and the syslog provide you with the same information: the CONFIG mib will not have more information than the syslog message.
  If you use the snmp object navigator, you will find for every OID what the function is:
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en
  A good paper about what traps are part of which mib:
  http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a05.shtml
  SNMP traps are a good way to gather information from the router without spiking the cpu with turning on CLI debug level. The CLI debug level is usually the most complete information you can get from a router anyways.

• Enabled SNMP trap

  Hi Experts,
  When i configure Snmp trap in switches it is showing a list of commands, What exacatly is these are?
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  snmp-server enable traps tty
  snmp-server enable traps vtp
  snmp-server enable traps vlancreate
  snmp-server enable traps vlandelete
  snmp-server enable traps stpx
  snmp-server enable traps port-security
  snmp-server enable traps config
  snmp-server enable traps entity
  snmp-server enable traps copy-config
  snmp-server enable traps fru-ctrl
  snmp-server enable traps flash insertion removal
  snmp-server enable traps syslog
  snmp-server enable traps bridge
  snmp-server enable traps envmon fan shutdown supply temperature status
  snmp-server enable traps hsrp
  snmp-server enable traps bgp
  snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
  snmp-server enable traps ipmulticast
  snmp-server enable traps msdp
  snmp-server enable traps rtr
  snmp-server enable traps vlan-membership
  Does it cause more CPU utilization? Do i need to enable snmp traps to monitor network using solarwinds NPM. I have configured community string and snmpserver host address.
  Thanks
  Vipin

  Hi Vipin,
  We usually configure SNMP traps to monitor our network reachability and availability. If anything goes on Device whether it is a link down situation or any issue with protocol running on the Device. So, whenever anything goes wrong on the device it generates an SNMP Trap and notify you if you have configure SNMP-Server host to receive the notifications/traps.
  To configure SNMP host command following is the command that you need to configure:
  (config)#snmp-server host
  E.g.:
  snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
  Above trap will send you send you following information :
  >Authentication : if any one tries to poll the device using wrong community string
  >linkdown/linkup : if any of the interface/ports/links goes down it will notify you
  snmp-server enable traps bgp
  Above trap will send you traps regarding problems with BGP running on your Device
  Now I come to CPU part, yes it may spike CPU sometime if regular polling is done from the Management Server or if any MIB has long output. You can use Solarwinds NPM for the same however if it causes high cpu then you have to openup a TAC Case with NMS team to have the issue resolved.
  To know more about MIB's on your device you can execute command on your Device 'show snmp mib' and can translate the MIB's using following link to know more about particular MIB :
  http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.2.1.15
  Kindly let me know in case you have any other doubts.
  Thanks & Regards,
  Nikhil Gakhar

• Multiple domains authentication on Cisco ISE

  Hi,
  Does the current Cisco ISE supports for authenticating on multiple Active Directories ?
  I can only set Cisco ISE to join on single active directory and LDAP
  Does anyone have set Cisco ISE to support EAP-FAST with WPAD or PAC provisioning ?
  Thanks
  Pongsatorn

  Hi,
  We are into a situation where we need to authenticate users of two domains and these two domains are completely independent (no common DNS server). ISE is not able to resolve one of the domain using the DNS server settings and Adding a host entry for the domain name is not sufficient since Kerberos, GC and LDAP SRVs need to be resolvable as well.
  From what I know ISE 1.3 should supports disjointed domains and there is no requirement for ISE to have 2 way trust relationship with domains.
  Please share your experience if someone has faced similar situation before.
  Regards,
  Akhtar

• Cisco ISE Guest portal - smart card login

  Does anyone know if Cisco ISE support smart card login to the guest portal page?                    

  No it doesn't, you can test the same , while editing the wireless SSID profile, opting authentication method as smart card other than PEAP/EAP.

• Cisco ISE 1.2 and Cisco ACS 5.4 patch 6 and support for snmp version 3

  does anyone know if cisco ISE version 1.2 patch 8 and Cisco ACS 5.4 patch 6 support snmp version 3?
  ciscoISE/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  ciscoISE/admin(config)# snmp-server
  Ciscoacs/admin(config)# snmp-server ?
    community  Set community string
    contact    Text for mib object sysContact
    host       Specify hosts to receive SNMP notifications
    location   Text for mib object sysLocation
  Ciscoacs/admin(config)# snmp-server

  No support SNMP v3 on ISE v1.2 and 1.3 except for profilling
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/cli_ref_guide/ise_cli/ise_cli_app_a.html#12768
   http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/cli_ref_guide/b_ise_CLIReferenceGuide/b_ise_CLIReferenceGuide_chapter_0100.html#ID-1364-00000d30

• Cisco WLC 5508 not sending SNMP Traps

  Hello Everyone.
  I'm having a weird error on our WLC environment. We have an HA with two cisco WLC 5508 and i cannot get SNMP Traps working on a Windows PC running Kiwi Syslog server (free ed.).
  I can receive correctly Syslog messages, but not traps.
  I Tried also to send SNMP Traps from WLC to a different PC using Linux with snmptrapd and it works fine.
  I tried then to send from my Linux box a snmp trap to my Windows PC, and it works fine, but i still cannot receive anything from WLC.
  Using Wireshark to detect traffic, i cannot see any packet on udp port 162.
  I cannot figure out any problem with my scenario, but i can see the following errors on syslog:
  *rmgrTrasport: Mar 30 16:08:22.602: #RMGR-3-INVALID_PING_RESPONSE: rmgr_utils.c:270 Ping response from <my_windows_PC> is invalid. Ip address do not match.
  My WLC Version is 7.6.130.0
  Thank you for your support.

  I have gone through your query and found the following fruitful links ,please let me know if it helps and mark it correct answer if it is.
  https://www.manageengine.com/network-monitoring/help/userguide/processing_traps.html
  https://rscciew.wordpress.com/2014/10/12/snmp-configuration-on-wlc/
  Thanks :)

• Cisco ACS SNMP Traps

  Is it possible to send an SNMP trap from Cisco ACE 4710  for any configuration changes that  occurs?
  Regards,
  Hesham                 

  Hi Hesham,
  these are the traps which are supported by ACE.
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_0/configuration/administration/guide/snmp.html#wp1177230
  read section "ACE SNMP Notifications (Traps)"
  I do not see a trap which is useful for your requirement.
  regards,
  Ajay Kumar

• Curious message during activation of snmp traps in cisco router 2800

  I activated snmp traps in cisco router 2800 (I didn't specify a set of them, so all of them were activated). The thing is, when i configure "snmp-server enable traps", appears a message in the next line :
  " %Cannot enable both sham-link state-change interface traps.
     %New sham link interface trap not enabled "
  Anyway, traps are activated and are completely functional.
  I would like to know, why this message appears... and also what is the difference between  informs and traps, because I can activate both of the in a router to be sent to the network admin pc.
  Thanks in advance.

  Hi Marcelo,
  the snmp-server enable traps command enables just all types of traps that the IOS version supports.
  The message apperes because of this two, which are mutually exclusive:
  R1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interfaceR1(config)#snmp-server enable traps ospf cisco-specific state-change shamlink interface-old% Cannot enable both sham-link state-change interface traps.% Deprecated sham link interface trap not enabled.
  It's recommended to only enable the traps you really need.
  Informs were introduced with SNMPv2, and they have the same format and purpose as traps.
  The main difference is that traps are send in a hit-or-miss fashion whereas informs expect an acknowledge and will be re-send if unacknowledged.
  Hope that helps
  Rolf

• Will Cisco ISE appliances answer SNMP queries ?

  Hello,
  It is clear that ISE is able to send SNMP traps to a remote SNMP manager machine. It seems to be embeded on Cisco Application Deployment Engine (ADE) OS and explained on this documentation:
  http://www.cisco.com/en/US/partner/docs/security/ise/1.1/cli_ref_guide/ise_cli_app_a.html#wp1014133
  However it is not clear if ISE machines, regardless service persona type installed, will repond to SNMP queries coming from a remote SNMP manager.
  Will ISE appliances respond to SNMP queries, provided SNMP configuration is fine on ADE OS ??
  I would like to have a remote NOC to monitor first if ISE machine is up/down before a potential remote login on ISE for further troubleshhoting.
  Thanks in advance for your help.
  Jorge Mendes

  Solution
  Yes ISE will reponsed to the query and A similar  query is already discussed on the following page with solution to what is asked
  https://supportforums.cisco.com/thread/2165257

• I want to integrate SMS gateway to Cisco ISE 1.2 and my question is SMS notifications are supported for Guest self−registration

  I want to integrate SMS gateway to Cisco ISE 1.2 and my question is 
  SMS notifications are supported for Guest self−registration Services ? or it should be done by Sponsor 

  I'm not sure I understand the question.  Do you want to log in to the Sponsor Portal using AD credentials?
  Create an Identity Source Sequence using AD as an Authentication Source.  Go to Administration > Identity Management > Identity Source Sequences.  Either Edit or +Add a Sequence and choose from the Authentication Sources shown.
  Then choose that Identity Source Sequence by going to Administration > Web Portal Management > Settings.  Double-click Sponsor from the Left Menu and click Authentication Source.  Choose the Identity Source Sequence.  Click Save.
  I hope this helps.
  Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.
  Charles Moreton

• SNMP traps from Cisco 4404

  I have a Cisco 4404 WLC that sends its system logs to a syslog server (kiwicat), but I'm interested in getting the snmp traps sent over there as well.  I've configured the syslog server to accept the snmp on the right ports and I've confirmed that the syslog server can receive then by sending traps manually from other devices.
  I cannot seem to actually get the WLC to send the traps to the server.  the syslog stuff gets through ok, but not the snmp.  I've added the syslog server as an SNMP trap reciever and configured it as much as it needs to be and the only difference it seems to have made is to add more things to the main trap log on the 'monitor' tab on the WLC.  Am i missing something really basic?
  p.s. the WLC and the syslog server are separated by a firewall, but the syslog rules have been altered to also allow the snmp, should it attempt to go through.
  Any help would be gratefully received.

  Yes, I think the Network Devices need to be discovered first in order to receive traps and generate alerts.
  Juke Chou
  TechNet Community Support

• Does Cisco ISE 1.2 support Catalyst SRW224G4P and Small business ESW520 Switches?

  Hello all,
  Does Cisco ISE 1.2 support Catalyst SRW224G4P and Small business ESW520 Switches?
  Best regards.

  Hi there, the link below outlines the ISE supported Cisco hardware:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/compatibility/ise_sdt.html
  Thank you for rating helpful posts!