1. Home
  2. Cisco Systems
  3. Can't Poll SNMP

Can't Poll SNMP

Greetings, Having a little nail chewer here and I was hopeing someone could shed some expert advice. Config is working great but I can't seen to enable or allow SNMP on this router. My SNMP server keeps on saying it can't contact the device. I'm using the serial0 IP address (1.1.1.1). Any information would be greatly appreciated.

interface Serial0 ip address 1.1.1.1 255.255.255.252 ip access-group 101 in ip nat outside

! ip nat pool jad 5.5.5.5 5.5.5.5 netmask 255.255.255.248 ip nat inside source list 1 pool jad overload ip nat inside source static tcp 1.1.1.1 23 1.1.1.1 23 extendable ip nat inside source static 192.168.1.4 6.6.6.6 ip nat inside source static 192.168.1.3 2.2.2.2 ip classless ip route 0.0.0.0 0.0.0.0 1.1.1.2 no ip http server ! ! access-list 1 permit any access-list 101 permit ip any host 1.1.1.1 access-list 101 permit tcp any host 2.2.2.2 eq www access-list 101 permit tcp any host 2.2.2.2 eq 443 access-list 101 permit tcp any host 2.2.2.2 eq pop3 access-list 101 permit tcp any host 2.2.2.2 eq 1723 access-list 101 permit udp any host 2.2.2.2 eq 1723 access-list 101 permit tcp any host 2.2.2.2 eq 3389 access-list 101 permit udp any host 2.2.2.2 eq 444 access-list 101 permit gre any host 2.2.2.2 access-list 101 permit tcp any host 6.6.6.6 eq www access-list 101 permit tcp any host 6.6.6.6 eq ftp access-list 101 deny ip any any snmp-server community public RO

Reply to
pdyne
Loading thread data ...

You don't say where your snmp server is? Is it on the inside network or on the outside? Can you ping from the snmp server to the router?

Chris.

Reply to
Chris

Try creating a read or read/write string and using that. I also recommend using a source interface of your loopback, presuming you have one. Secondly, you have an access list that is only allowing traffic in from the IPs listed in ACL 101. Is your SNMP server enabled in that list? If not, there is an implicit deny and it will be blocked.

Reply to
Trendkill

There is a reason why they have an ACL in the nat config, and that's so you can properly specify which traffic should, and should not, be natted.

By saying all traffic is eligible for nat, you've invited the router to meddle with things such as responses from your SNMP server, and modify the packets so they aren't recognised when they arrive at your client.

Reply to
Martin Gallagher

I tried that but no luck,

Reply to
pdyne

access-list 101 permit ip any host 1.1.1.1

Reply to
pdyne

the SNMP server is in a remote location. What modification do you suggest?

Reply to
pdyne

The router is configured with snmp-server commands so it seems to think of itself as a server too.

You have static translations for 192.168.1.[34] so if I guess your internal network is 192.168.1.0/24, then an appropriate NAT ACL would be

! access-list 1 permit 192.168.1.0 0.0.0.255 !

You already have a static translation for 1.1.1.1:23 to 1.1.1.1:23 so it seems you have almost discovered this for yourself. Another symptom of an over broad ACL is an inability to telnet to the router outside i/f from outside.

Reply to
Martin Gallagher

Hi Martin, So just to confirm, if specify the allowed subnet to nat, i can remove the 1.1.1.1:23 to 1.1.1.1:23 ?

Thanks,

Reply to
pdyne

Yep. As long as the NAT ACL deosn't match 1.1.1.1, you should be good to go.

Reply to
Martin Gallagher

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.