Xlate count via SNMP on a ASA

Similar Messages

• ASA 5512 - monitor power supply status via snmp oid

  Device – ASA 5512 running 9.1(1).
  Show version:
  ASA-1# sh ver
  Cisco Adaptive Security Appliance Software Version 9.1(1)
  Device Manager Version 6.6(1)
  Compiled on Wed 28-Nov-12 11:15 PST by builders
  System image file is "disk0:/asa911-smp-k8.bin"
  Config file at boot was "startup-config"
  ASA-1 up 8 hours 38 mins
  Hardware:   ASA5512-K7, 4096 MB RAM, CPU Clarkdale 2792 MHz, 1 CPU (2 cores)
              ASA: 2048 MB RAM, 1 CPU (1 core)
  Internal ATA Compact Flash, 4096MB
  BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
  Issue: looking for a snmp OID to poll power supply status (Inbuilt Power Supply -  no redundant power supply in this scenario). Possibly what we see in show environment.
  CSE analysis:
  I tried using the OIDs belonging to CISCO-ENTITY-FRU-CONTROL-MIB , like cefcFRUPowerOperStatus and cefcFRUPowerAdminStatus but it didn’t return anything.
  NOTE: I have done all the snmp walks from the Linux server. Do I doubt it’s something to do from the snmp manager side.
  Couple of observations. The  CISCO-ENTITY-FRU-CONTROL-MIB talks about the field replaceable power supplies, so I doubt if it’s going to return the value for inbuilt power supply.
  Second, I noticed that there are snmp traps supported for power supply and threshold setting. See configuration below. Is it that only traps works for power supply and environment related details?
  Snmpwalk on cefcFRUPowerStatusEntry returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1 = No Such Object available on this agent at this OID
  Snmpwalk on cefcFRUPowerOperStatus returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1.2
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1.2 = No Such Instance currently exists at this OID
  Snmpwalk on cefcFRUPowerAdminStatus returns nothing:
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117.1.1.2.1.1
  SNMPv2-SMI::enterprises.9.9.117.1.1.2.1.1 = No Such Instance currently exists at this OID
  [root@tonbenso-eagle bin]#
  login as: root
  I tried polling the ciscoEntityFRUControlMIB to see what all values it return. It just returned enterprises.9.9.117.1.3.1.0 = INTEGER: 2. Meaning cefcMIBEnableStatusNotification is FALSE (value 2). Meaning cefcModuleStatusChange, cefcPowerStatusChange, cefcFRUInserted, cefcFRURemoved, cefcUnrecognizedFRU and cefcFanTrayStatusChange are prevented from being sent.
  Snmpwalk on ciscoEntityFRUControlMIB
  [1]+  Stopped                 ./snmpwalk -v2c -c public 172.16.169.29
  [root@tonbenso-eagle bin]# ./snmpwalk -v2c -c public 172.16.169.29 1.3.6.1.4.1.9.9.117
  SNMPv2-SMI::enterprises.9.9.117.1.3.1.0 = INTEGER: 2
  Object
  cefcMIBEnableStatusNotification
  OID
  1.3.6.1.4.1.9.9.117.1.3.1
  Type
  TruthValue
  Permission
  read-write
  Status
  current
  MIB
  CISCO-ENTITY-FRU-CONTROL-MIB ;   -   View Supporting Images
  Description
  "This variable indicates whether the system
  produces the following notifications:
  cefcModuleStatusChange, cefcPowerStatusChange,
  cefcFRUInserted, cefcFRURemoved,
  cefcUnrecognizedFRU and cefcFanTrayStatusChange.
  A false value will prevent these notifications
  from being generated."
  Found couple of bugs:
  CSCty32558 – but then this is for 5585 and I see it is fixed in 8.4
  CSCul90037 – New state
  Show snmp-server oidlist:
  http://www-tac.cisco.com/Teams/ks/c3/getLargeFile.php?srId=632222409&fileName=20141030-013905_ASA-show-snmp-server-oidlist.txt
  Show tech:
  Sh run | in snmp:
  ASA-1# sh run | in snmp
  snmp-server host asa 172.18.123.228 community *****
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps entity power-supply-presence power-supply-temperature  -----à I was talking about this trap above
  any help will be appreciated.

  Hi
  I've got an ASA with redundant power supplies. An ASA5585. So I have the need to monitor them. :-) So how can we do it?
  Also I've made a SNMP-Walk through the ASA v8.4(2)8 and it doesn't show up any ENV-MIB values. The
  1.3.6.1.4.1.9.9.13 tree is not available. Are you shure it's available on the ASA?
  Funny is also that the command "show snmp-server oidlist" from the 8.4 configuration guide is not available on the real CLI. I think the documentation guys were faster than the coders. ;-)
  Kind regards
  Roberto

• Interface errors (crc, in/output, collisions etc.) via snmp

  Hi,
  I'm trying to understand how to get interface errors via SNMP.  I do get stats via SNMP for ifInErrors / ifOutErrors etc, but I'm trying to get output via SNMP for the errors visible via the 'sh int x' command - CRC errors, input / output errors, collisions, runts. giants etc.).
  1) The SNMP ifInError / ifOutError seems to give an overall counter of all errors from the time the device has started - Am I correct about this?
  2) Is there any way I can get the interface-specific errors noted above via SNMP?
  Thanks,
  Mario

  Depends on the device and version of code, but most likely you will get what you want from the CISCO-IF-EXTENSION-MIB.  Look at objects like cieIfInRuntsErrs, cieIfInGiantsErrs, and cieIfInFramingErrs.  You will also get some ethernet-specific errors from the ETHERLIKE-MIB.

• How do I get the Username of an AnyConnect VPN session via SNMP?

  I would like to monitor the usernames of my AnyConnect sessions via SNMP.  This will allow me to monitor, graph, report, and alert using Solarwinds Orion (or any other SNMP software).
  I would like to monitor this on my ASA 5520. I have run the show snmp-server oidlist command and I can see all of the OID's that I can poll. However, the OID I would like to poll crasUsername (1.3.6.1.4.1.9.9.392.1.3.21.1.1) is not working.
  Does anyone know how I can monitor the username of a AnyConnect session via SNMP?
  Below is a link to a great MIB reference for ASA Remote Access Monitor OID list.
  http://www.mibdepot.com/cgi-bin/getmib3.cgi?i=1&n=CISCO-REMOTE-ACCESS-MONITOR-MIB&r=cisco&f=CISCO-REMOTE-ACCESS-MONITOR-MIB.my&v=v2&t=tree

  Hello PDX,
  Welcome to the HP Support Forums!
  To get your issue more exposure I would suggest posting it in the commercial forums since this is a commercial product. You can do this at Commercial Forums.
  Regards,
  JERENDS
  I work on behalf of HP
  Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to the left of the reply button to say “Thanks” for helping!

• Monitor the # of registered AP's on a 2504 via SNMP?

  Does anyone know the OID to determine the number of registered AP's on a WLC (specifically the AIR-CT2504).
  I've got both of the Airespace MIBs and have browsed through them but I can't seem to find the correct location.  I can find a list of all of the AP's registered but our monitoring software doesn't have the ability to 'count' that index.  As such, I'm looking for a count/summation of the total number of registered AP's via SNMP.
  Thanks!
  Brian

  It's an old post, but I had the same question. After some research I found a simple answer...
  Use this OID: .1.3.6.1.4.1.9.9.618.1.8.4.0
  If you want to also get the total number of Clients, use: .1.3.6.1.4.1.9.9.618.1.8.12.0
  It does not work on 7.0 - it does on 7.6 and 8.0.
  Best regards
  Christoph

• Xlate count and connection count

  Can a firewall show more XLATE created than CONNECTIONS?
  Is that theoretically possible to have more XLATEs than the total number of connections?. the reason I am asking, that assuming a Cisco 5510 has have maximum 130,000 total connections, however xlate limit on an ASA is considered as UNLIMITED.
  I am designing a large network having multiple CIsco ASAs deployed as multi context mode to cater various networks inside the organization. I want to create proper resources per class. So far Xlate count vs. connection count is not very clear.. I tried putting a very large value for xlate and the firewall accepted it, and still showed the total percentage as 0%
  Xlates           default          all      CA  unlimited                     
                   123                2       C 2147483647 4294967294      0.00%
                   All Contexts:      3                    4294967294      0.00%
  Whereas connection count is shown as
  Conns            default          all      CA  unlimited                     
                   123                2       C      65000     130000    100.00%
                   All Contexts:      3                        130000    100.00%
  Any help is highly appreciated.
  Thank you,
  FNK    

  Hi
  as far as i remember xlate is nat (regardless if it is static or not)
  and on the IOS systems it is the same, static entries are in the table.
  connections are actual session in the packetfilter/firewall sessions this is a differnet operation.
  Patrick

• Show conn info via snmp

  Hi,
  Does the ASA have an SNMP OID which will provide information like the show conn command ?

  2 years later, how's LLDP support via SNMP?
  If Cisco does not support LLDP via SNMP, please remove the wrong information from
  http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=2514&PlatformSel=231&fsSel=705
  Stop lying!

• Graphing via SNMP: percentagememoryusedaftergc

  I'm using RTMT to graph CCX Engine JVM Heap: percentagememoryusedaftergc
  Is this same counter available via SNMP?  If so, do you know the OID?  I'd like to monitor it via our SNMP graphing software rather than RTMT.
  Thanks                  

  Did you find if these counters are available via SNMP?  I just use RTMT performance logging to trend these values.  Also, I don't look at the "aftergc" counter, but rather, the "max" and "used" counters.  By grabbing both of these, I can produce a nice chart which shows a ceiling, a value, and their relationship.
  Just for fun, here's two different systems (the dashed lines) and how the JVM heap gets used and reclaimed throughout a four hour period of the day.  These two systems are on 8.5(1) with 256MB of JVM available to them.  Again, had I not had the "max" counter logging, you wouldn't be able to tell if this was from a 256MB or 512MB system.  Of course, if the values were floating above 256MB, you could reasonably assume the opposite.
  Anthony Holloway
  Please use the star ratings to help drive great content to the top of searches.

• Write mem via SNMP?

  Is there any way to perform a "write mem" or "copy run start" via SNMP (snmpget) on IOS, CatOS or PIX/ASA?

  Thanks! I thought it wasn't possible, but I should've searched:
  http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dd9fd99/0#selected_message
  In the above thread, Nadim gave an example in which ccCopyEntryRowStatus was set to "5:createAndWait", whereas in the URL you pointed out "createAndGo(4) : Create an entry" and "destroy(6) : Delete an entry" were suggested. Would you know what the differences are between 4 (createAndGo) and 5 (createAndWait), specifically which one would you choose to commit a "write mem"?
  Secondly, how is the random number below generated? Is that my choice?
  snmpset -v 1 -c private
  .1.3.6.1.4.1.9.9.96.1.1.1.1.2. integer 1
  .1.3.6.1.4.1.9.9.96.1.1.1.1.3. integer 4
  .1.3.6.1.4.1.9.9.96.1.1.1.1.4. integer 1
  .1.3.6.1.4.1.9.9.96.1.1.1.1.5. ipaddress ""
  .1.3.6.1.4.1.9.9.96.1.1.1.1.6. octetstring ""
  .1.3.6.1.4.1.9.9.96.1.1.1.1.14. integer 4

• How to Plot number and string in one row (data logger counter via MODBUS) ?

  hi all i made data log quantity using Digital Counter via modbus (RS-485) to monitoring quantity and reject that has and Name Operator, Machine and Part Number.
  i have problem about plot the number & string in one row, as shown on the picture below :
  how to move that string on one row ? i attach my vi.
  Thanks~
  Solved!
  Go to Solution.
  Attachments:
  MODBUS LIB Counter.vi ‏39 KB

  Hi rhiesnand,
  right now you add 2 new rows to your array.
  The solution is to concatenate both row parts to one bigger 1D array before adding that array as new row to your 2D array!
  Like this:
  Best regards,
  GerdW
  CLAD, using 2009SP1 + LV2011SP1 + LV2014SP1 on WinXP+Win7+cRIO
  Kudos are welcome

• How to check current input/output rate on router subintenterface via SNMP?

  How to check current input/output rate on router (2821, etc..) subintenterface via SNMP, like cacti monitoring system.
  I cant find OID to make this with snmpwalk.
  Or there is no way to check current load by this way? Only polling?
  P.S. Ethernet subinterface, of course.
  With great respect, S.A.

  Hi,
  Try to use:
  1.3.6.1.4.1.9.2.2.1.1.6 - InBitRate
  1.3.6.1.4.1.9.2.2.1.1.8 - OutBitRate
  1.3.6.1.4.1.9.2.2.1.1.28 - ifDescription

• Monitor OSPFv3 via SNMP not working - Is OSPFv3 MIB supported?

  I need to be able to query the OSPFv3-MIB via SNMP to track the status of OSPFv3.
  I have setup a 3945 router in a test lab network and I have configured it in an Ipv6 network with OSPFv3.  The router has an active OSPFv3 neighbor and I can use that neighbor to send/receive data (the routing is working fine).  However, when I walk the SNMP MIBs I don't get a response for the OSPFv3-MIB.  According to the Cisco SNMP Object Navigator this MIB should be located at 1.3.6.1.3.102.*.  Below is an example trying to query a particular OID from the OSPFv3 MIB.
  C:\>snmpwalk -v 2c -c public 197.16.18.1 1.3.6.1.3.102.1.5.1.8
  SNMPv2-SMI::experimental.102.1.5.1.8 = No Such Object available on this agent at  this OID
  I can walk other parts of the MIB (For example the OSPFv2 MIB) and get responses, so I know the router has SNMP turned on.
  Looking at the Cisco IOS Mib Locator tool (http://tools.cisco.com/ITDIT/MIBS/MainServlet?IMAGE_NAME=c3900-universalk9-mz.SPA.152-4.M3.bin) for the current software version I am running (c3900-universalk9-mz.SPA.152-4.M3.bin) on a 3945 router it claims that the OSPFv3 MIB is supported in this image.  
  Maybe I need to configure something else?  Maybe my SW doesn't really support this MIB?  Could it be that I have to query the router over Ipv6 to get the OSPFv3-MIB (I have only been trying Ipv4)?

  Hi ,
  As Vinod suggested , you need to configure the "SNMP CONTEXT"
  Configure:
  ==========
  Basic configuration consists of 4 steps:
  Configure mapping between VRF name and SNMP context :
  snmp-server vrf <vrf_1> context <context_1>
  Create community string corresponding to the VRF :
  snmp-server community <vrf_1> RW
  Define context string
  snmp-server context <context_1>
  Configure mapping between context and community:
  snmp-server community-map <vrf_1> context <context_1>
  (optional) Configure snmp server traps for this VRF community
  snmp-server host <IP> traps version 2c <vrf_1>
  For e.g:
  snmp-server vrf miki
  context miki_bgp
  snmp-server community miki RW
  snmp-server context miki_bgp
  snmp-server community-map miki context miki_bgp
  Hope it will help
  Thanks-
  Afroz
  ***Ratings Encourages Contributors ***

• How to restart base station via SNMP ?

  How to restart airport extreme via SNMP, with snmpwalk for example ? I can get a lot of information from base station with snmpwalk and airport-mib but still mystery what to poke when I want reboot base station over network.

  You are likely forgetting a step.
  Open AirPort Utility
  Click on the Time Capsule icon
  Click Edit in the small window that appears
  Now click the Base Station menu.....top of the screen....not the Base Station "tab" in the center of the screen
  Click Restart

• No ifIndex table when querying via SNMP

  Hello, looking for suggestions before opening up a TAC case.
  Just received a Nexus 3000 with NX-OS 6.0(2)U2(1) and when I attempt to walk the ifTable via SNMP the ifIndex table is not present. Walking the ifIndex table itself results in  "IF-MIB::ifIndex = No Such Instance currently exists at this OID". show interface snmp-ifindex is fine and the rest of the ifTable displays properly.
  My switch config is just a basic RO community with no ACL's or anything yet. A pair of the same switches with NX-OS 5.0(3)U5(1a) display the table no problem.
  Any suggestions, or has anyone else seen this?

  Did you navigate the FireFox plugin to the DB file that is in the Simulator app bundle:
  /Users/YOURUSERID/Library/Application Support/iPhone Simulator/User/Applications/SYSTEMGENERATED_NAME/YOURAPP.app
  or
  /Users/YOURUSERID/Library/Application Support/iPhone Simulator/User/Applications/SYSTEMGENERATEDNAME/Documents
  Message was edited by: xnav

• Incorrect bandwidth values via snmp?

  I have two cat 2900 16 port switches, for some reason when i read the bandwidth utiliz. values via snmp (PRTG, and MRTG give same results) i only show a steady 1-1.5 kbps up and down flow with occasianal spikes of the upstream to 2 or 3kbps..this is the same across all ports, now if i send something across the switch, nothing changes, nor is any other traffic i throw at the switch reflected... the peculiar thing is if i access the switch's web interface while conducting a 10.5 mbit transfer across the switch, i will see a spike of correct values (as i read on the hosts machines) reported by the snmp agents but only for 2 or 3 reads across 5 second periods..then its back to what i described again.. I've done factory resets on both and both of these snmp agents correctly read the bandwidht values from my dell and intel switches so i've ruled the agents out..
  any ideas?
  thanks, joe

  Thanks for the quick reply but thats not the problem. its not a units issue as i see somekind of traffic but when i'm maxing out the 100mbps port i see no change in the snmp reported graphs..but like i said i will see the actual values if i'm reloading or access the switches web interface.
  this is such a weird issue..and its affecting two swithces that are the same model but from different places.
  any ideas?