Discussion:
[c-nsp] VRF aware syslog and snmps on IOS and IOS-XR
Jason Lixfeld
2011-02-02 03:50:47 UTC
Permalink
Just curious as to the status of vrf aware syslog and v vrf aware snmp traps on IOS and XR?

I've got these bits all configured on an XR and IOS box, but neither my station(s) aren't receiving traps or logs. The station(s) are able to poll these devices over the VRF, however.

! XR 4.0.1
!
logging console debugging
logging buffered 307200
logging buffered debugging
logging 10.219.50.253
logging source-interface Loopback1
!
snmp-server host 10.219.50.253 trap *
snmp-server community * RO
snmp-server trap-source Loopback21949
snmp-server ifmib ifalias long
snmp-server ifindex persist
snmp-server ifmib stats cache
snmp-server trap link ietf
!
interface Loopback2
description Loopback for Management
vrf management
ipv4 address 10.219.49.1 255.255.255.255
!

! IOS 12.2(52)EY1
!
logging history debugging
logging trap debugging
logging host 10.219.50.253 vrf management
logging host 10.219.50.253 sequence-num-session
!
snmp-server community * RO
snmp-server trap link ietf
snmp-server trap-source Loopback1
snmp-server host 10.219.50.254 vrf management * bgp isis cpu syslog mpls-ldp alarms mpls-vpn snmp
snmp ifmib ifalias long
snmp ifmib ifindex persist
!
interface Loopback1
description Loopback for management vrf
ip vrf forwarding management
ip address 10.219.49.3 255.255.255.255
!

Thanks in advance.
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Jason Lixfeld
2011-02-02 03:56:30 UTC
Permalink
Er.. Excuse the typo. That int lo2 should be int lo1. IP is correct, tho. Copy/paste fail.

--

Sent from my mobile device.
Post by Jason Lixfeld
Just curious as to the status of vrf aware syslog and v vrf aware snmp traps on IOS and XR?
I've got these bits all configured on an XR and IOS box, but neither my station(s) aren't receiving traps or logs. The station(s) are able to poll these devices over the VRF, however.
! XR 4.0.1
!
logging console debugging
logging buffered 307200
logging buffered debugging
logging 10.219.50.253
logging source-interface Loopback1
!
snmp-server host 10.219.50.253 trap *
snmp-server community * RO
snmp-server trap-source Loopback21949
snmp-server ifmib ifalias long
snmp-server ifindex persist
snmp-server ifmib stats cache
snmp-server trap link ietf
!
interface Loopback2
description Loopback for Management
vrf management
ipv4 address 10.219.49.1 255.255.255.255
!
! IOS 12.2(52)EY1
!
logging history debugging
logging trap debugging
logging host 10.219.50.253 vrf management
logging host 10.219.50.253 sequence-num-session
!
snmp-server community * RO
snmp-server trap link ietf
snmp-server trap-source Loopback1
snmp-server host 10.219.50.254 vrf management * bgp isis cpu syslog mpls-ldp alarms mpls-vpn snmp
snmp ifmib ifalias long
snmp ifmib ifindex persist
!
interface Loopback1
description Loopback for management vrf
ip vrf forwarding management
ip address 10.219.49.3 255.255.255.255
!
Thanks in advance.
_______________________________________________
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Jason Lixfeld
2011-02-02 06:15:44 UTC
Permalink
Sorry for the noise. Further testing suggests that I should also ask about vrf aware tacacs+ authentication.
Post by Jason Lixfeld
Er.. Excuse the typo. That int lo2 should be int lo1. IP is correct, tho. Copy/paste fail.
--
Sent from my mobile device.
Post by Jason Lixfeld
Just curious as to the status of vrf aware syslog and v vrf aware snmp traps on IOS and XR?
I've got these bits all configured on an XR and IOS box, but neither my station(s) aren't receiving traps or logs. The station(s) are able to poll these devices over the VRF, however.
! XR 4.0.1
!
logging console debugging
logging buffered 307200
logging buffered debugging
logging 10.219.50.253
logging source-interface Loopback1
!
snmp-server host 10.219.50.253 trap *
snmp-server community * RO
snmp-server trap-source Loopback21949
snmp-server ifmib ifalias long
snmp-server ifindex persist
snmp-server ifmib stats cache
snmp-server trap link ietf
!
interface Loopback2
description Loopback for Management
vrf management
ipv4 address 10.219.49.1 255.255.255.255
!
! IOS 12.2(52)EY1
!
logging history debugging
logging trap debugging
logging host 10.219.50.253 vrf management
logging host 10.219.50.253 sequence-num-session
!
snmp-server community * RO
snmp-server trap link ietf
snmp-server trap-source Loopback1
snmp-server host 10.219.50.254 vrf management * bgp isis cpu syslog mpls-ldp alarms mpls-vpn snmp
snmp ifmib ifalias long
snmp ifmib ifindex persist
!
interface Loopback1
description Loopback for management vrf
ip vrf forwarding management
ip address 10.219.49.3 255.255.255.255
!
Thanks in advance.
_______________________________________________
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Piotr Wojciechowski
2011-02-02 06:38:43 UTC
Permalink
Post by Jason Lixfeld
Sorry for the noise. Further testing suggests that I should also ask about vrf aware tacacs+ authentication.
Hi Jason,

afair SNMP is VRF-aware, haven't heard of exception with traps, tacacs+
and syslog are not yet.

Regards,
--
Piotr Wojciechowski (CCIE #25543) | "The trouble with being a god is
http://ccieplayground.wordpress.com | that you've got no one to pray to"
JID: ***@jabber.org | -- (Terry Pratchett, Small Gods)


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Ryan West
2011-02-02 06:55:04 UTC
Permalink
Post by Piotr Wojciechowski
Post by Jason Lixfeld
Sorry for the noise. Further testing suggests that I should also ask about vrf aware tacacs+ authentication.
Hi Jason,
afair SNMP is VRF-aware, haven't heard of exception with traps, tacacs+ and syslog are not yet.
TACACS+ is VRF-aware, at least in the ISR line.

aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
ip vrf forwarding cust1
!

-ryan

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Piotr Wojciechowski
2011-02-02 07:25:41 UTC
Permalink
Post by Ryan West
Post by Piotr Wojciechowski
Post by Jason Lixfeld
Sorry for the noise. Further testing suggests that I should also ask about vrf aware tacacs+ authentication.
Hi Jason,
afair SNMP is VRF-aware, haven't heard of exception with traps, tacacs+ and syslog are not yet.
TACACS+ is VRF-aware, at least in the ISR line.
I was talking about IOS XR only

Regards,
--
Piotr Wojciechowski (CCIE #25543) | "The trouble with being a god is
http://ccieplayground.wordpress.com | that you've got no one to pray to"
JID: ***@jabber.org | -- (Terry Pratchett, Small Gods)


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Oliver Boehmer (oboehmer)
2011-02-04 12:06:11 UTC
Permalink
Jason
Post by Piotr Wojciechowski
afair SNMP is VRF-aware, haven't heard of exception with traps,
SNMP traps are also vrf-aware in XR.
Post by Piotr Wojciechowski
tacacs+ and syslog are not yet.
indeed, last time I checked those were planned for 4.1 (along with DNS
and FTP/TFTP, if I recall correctly)

oli


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Loading...