For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Zdenda's avatar
Zdenda
Icon for Cirrus rankCirrus
Jun 04, 2013

Snmp traps problem

Hi, I noticed our F5 stopped sending traps and I can't figure out if it is network problem or local problem in LB (it stopped working on 2 separated LB which are in same mgmt subnet, so I suspect network problem)

 

But when I tried tcpdump (tcpdump -i 0.0 ..) in LB and used this command to trigger trap:

 

logger -p local0.notice "01380002:4: Certificate 'test.com' in file tes.test.crt will expire on Mon Jan 14 18:15:24 2012 GMT"

 

I didn't see any traffic going from LB to trap receiver. But it's probably because TCPdump is not applied to mgmt interface..

 

 

Is there any way to verify that problem is not localy in LB (means it sends trap) but somewhere in network? I have limited access to network devices..

 

Thank you,

 

Zdenek

 

 

config
design

5 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 04, 2013
    But it's probably because TCPdump is not applied to mgmt interface..you can capture traffic on mgmt interface using eth0.

     

     

    e.g.

     

    tcpdump -nni eth0 udp port 162
  • Zdenda's avatar
    Zdenda
    Icon for Cirrus rankCirrus
    Jun 04, 2013

    Hi, thanks. I tried to check eth0 with TCPdump but I don't see any traffic going to port UDP 162 from mgmt port. I triggered logs by using logger.

     

    It still seems that LB stopped sending traps, but I can't figure out why.

     

    zdenek@LB(Active)(tmos) list sys snmp traps trap-source trap-community

     

    sys snmp {

     

    trap-community public

     

    trap-source none

     

    traps {

     

    i192_168_2_5_1 {

     

    community my_LB

     

    host 192.168.2.5

     

    }

     

    }

     

    }

     

     

    I tried to restart snmpd and alertd but it didn't help. I am running 10.2.4 version. And config seems to be untouched - the same I have in another boxes I run without problems.

     

  • Zdenda's avatar
    Zdenda
    Icon for Cirrus rankCirrus
    Jun 06, 2013

    Hi, did anyone of you troubleshooted SNMP traps in LB?

     

    I have no idea why it stopped working. Services like alertd and snmpd are running and when I try logger to trigger the event I didn't catch anything in mgmt interface.

     

    I also modified management routing for sure:

     

    sys management-route 192.168.2.5%0/32 {

     

    gateway 10.5.2.1%0

     

    }

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 07, 2013
    sys management-route 192.168.2.5%0/32 {

     

    gateway 10.5.2.1%0

     

    }i think %0 is not needed. have you tried to remove and add it back (without %0)?

     

     

    if still not working, i suggest openning a support case because another unit is working fine.
  • Laudec's avatar
    Laudec
    Icon for Nimbostratus rankNimbostratus
    Oct 21, 2013

    I don't know if you got this resolved. I remember seeing on askf5, that there could be a bug with snmp, if the ssl certificate is close to expiry that snmp stops working. Perhaps look at renewing the device certificate to resolve the issue.