You can use CISCO-FIREWALL-MIB to let your NMS understand which unit is active and which is standby. So, both decisions, to not share engineID anymore and migrate to netsnmp, were simply wrong. So far as netsnmp implementation on ASA is concerned, it is awful with plenty of bugs. Also, this affects how SNMP traps are sent before and after failover. NMS needs to rediscover engineID upon each failover, as IP moves to another unit in the pair, but engineID doesn't move. In 9.14 Cisco moved to netsnmp and also now each unit responds to polls with its own unique engineID (CSCvu47989 snmpwalk on ASA does not return back the LOCAL engine ID, but only the active ID). SNMP engineID is shared between units in ASA 9.13 and below. Well, we monitor both of them (ifMIB, CPU, memory, etc), because it's not possible to monitor standby interfaces/memory by polling active (although see MIBs below).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |