cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

SNMP OID Network Access Connection

Jerome_CARRIER
Nimbostratus
Nimbostratus

Hello, I would like to monitor the number of user connected on our platform with their VPN Edge Client.

 

What is the OID number to be able to monitored the number of users connected with VPN via our monitoring tool ?

 

BR

24 REPLIES 24

boneyard
MVP
MVP

there is unfortunately not one available by default, you have to create a script and hook it up to SNMP

 

look here for how to: https://support.f5.com/csp/article/K96612400

Jerome_CARRIER
Nimbostratus
Nimbostratus

thank's. But when I test to request the OID, I have an error : SNMP_EXCEPTION_NOSUCHOBJECT222

 

BR

boneyard
MVP
MVP

did you create the scripts?, restart SNMP daemon on F5?

Jerome_CARRIER
Nimbostratus
Nimbostratus

Yes I did...

boneyard
MVP
MVP

weird, what if you try locally, might have to change community string

snmpwalk -Os -c public -v 2c localhost .1.3.6.1.4.1.3375.2.100.1

 

Jerome_CARRIER
Nimbostratus
Nimbostratus

With localhost or the IP address of the Mgt, I have the same answer : Timeout: No Response from localhost. But the process is running....

Jerome_CARRIER
Nimbostratus
Nimbostratus

no it's working but I have this error now :

 

bigipTrafficMgmt.100.1 = No Such Object available on this agent at this OID

boneyard
MVP
MVP

not the answer you want, but something went wrong in the steps then

 

can you run

 

/config/snmp/ccuUsage.sh

do you get the current number then?

 

any errors in /var/log/ltm when you restarted the SNMP daemon?

Jerome_CARRIER
Nimbostratus
Nimbostratus

Yes I have 622.

 

And no error in ltm

Jerome_CARRIER
Nimbostratus
Nimbostratus

I found this OID :

 apmGlobalConnectivityStatCurConns ou 1.3.6.1.4.1.3375.2.6.1.5.3.0

 

By requesting this OID, I have the number of CCU licenses consumed. With this value, I see the CCU licenses consumed therefore the number of VPN connection on the plateform. Right or not ?

unfortunately not, if you compare that value against the output of

tmsh show apm license

it is different.

 

i tried a totally bad

/config/snmp/custom_mib.tcl

but that doesnt get me any errors.

 

can you share the content of your custom_mib.tcl

 

Jerome_CARRIER
Nimbostratus
Nimbostratus

0691T000008GiLMQA0.jpgHello, I found my error in .tcl. It' working now. When I try the snmpwalk command, I have this result :

 

bigipTrafficMgmt.100.1.0 = Gauge32: 37

 

But I would like to understand. If I see the dashboard, I see the same number about Active Access Session than the command and I have also 5 open about Network Access Connection (as you can see in the screenshot). What is the différence ? The number about Network Access Connection is not only the number of VPN connected on the system via the EdgeClient ? And the 37 active access session is only the number of session open on the system to reach our Sharepoint Web portal (without tunnel access) ?

 

I'm sorry if my question is stupid...

 

BR

great the SNMP works.

 

the result is interesting, can you also show the tmsh output to be sure. in principle that SNMP shows the connectivity license usage which is network access but also some other things.

 

see what counts as CCU and not: https://support.f5.com/csp/article/K13267

Jerome_CARRIER
Nimbostratus
Nimbostratus

Hello

 

Find a new screenshots where we see 36 active access sessions and 4 Network Access Connections. I attached also the result of several commands :

 

1/ snmpwalk -Os -c public -v 2c localhost .1.3.6.1.4.1.3375.2.100.1 where the result is 36 as the number of active access session we seen in the screenshot dashboard

2/ The result of tmsh show apm license where we see the information about licenses

3/ config # snmpwalk -Os -c public -v 2c localhost 1.3.6.1.4.1.3375.2.6.1.5.3.0 where normally whit this OID, we see the number of CCU licenses consumed and the number (4) is the same number than the number of Network Access Connections in the dashboard screenshot..

 

I added also a screenshot to see active sessions in the F5. We see 36 connections but for me this number include the portal access (without tunnel resource) AND the number of VPN connections. So for me, the result of the first command is the number of total connections on the system, not only the number of VPN connections.

 

For me, the CCU is the licenses used when in your policy, you define a tunnel resource and access session is only for access without tunnel or rewriting policy

 

 

 

0691T000008GiOLQA0.jpg

 

0691T000008GiOVQA0.jpg0691T000008GiOQQA0.jpg

 

thanks, i might not understand what you are now exactly asking.

 

to repeat my understanding: CCU is not equal to VPN access

 

1.3.6.1.4.1.3375.2.6.1.5.3.0 seems to show network access connection, which is nice information but that is not the only thing that counts towards CCU

 

1.3.6.1.4.1.3375.2.100.1 truly shows CCU and is important for your license limit

Jerome_CARRIER
Nimbostratus
Nimbostratus

sorry, I'm not clear...

 

My management request to me to have the information about the number of VPN connections on our system

that is four in above info

 

OID 1.3.6.1.4.1.3375.2.6.1.5.3.0 seems to show you that

 

but do keep in mind that the number itself is useful to know, but it isn't a license limit on itself

Dave_W
F5 Employee
F5 Employee

Hello Jerome, I believe that is correct. If you look here you can see what OIDs are available. You also have ones such as apmAccessStatCurrentActiveSessions and apmAccessStatTotalSessions:

 

http://www.mibdepot.com/cgi-bin/vendor_index.cgi?r=f5

Jerome_CARRIER
Nimbostratus
Nimbostratus

Hello

 

When I execute locally on the BIG-IP the command "snmpwalk -Os -c public -v 2c localhost .1.3.6.1.4.1.3375.2.100.1", it's working. But when I tried to launch this command from remote server with snmpwalk -Os -c public -v 2c IP_of_BIGIP .1.3.6.1.4.1.3375.2.100.1, the command failed. And if I try the same command but with another OID (1.3.6.1.4.1.3375.2.6.1.5.3.0 for example), it's working.. Do you know why ?

how does you SNMP config look, do you perhaps have a OID restriction there?

Jerome_CARRIER
Nimbostratus
Nimbostratus

Hello

 

No. I have juste add in SNMP/Agent/Configuration, the IP address of my monitoring tool and in SNMP/Agent/Agent (V1, V2c), the name of my community (not the public) and in source, the IP address of my monitoring tool...

 

BR

IPv4 devcentral : default Read Only

something like that? no value at OID right?

 

that just works for me locally and remote. i would do a packet capture to make sure your remote server sends the correct OID and it reaches the big-ip.

 

Jerome_CARRIER
Nimbostratus
Nimbostratus

when I try with a tool to request the oid .1.3.6.1.4.1.3375.2.100.1 from my monitoring server, I have this error : SNMP_EXCEPTION_NOSUCHINSTANCE223. But the other OID, I have no issue..

Jerome_CARRIER
Nimbostratus
Nimbostratus

it's working. I need to add .0 at the end of the OID...