Monitoring

Cisco Device SNMP & NTP Configuration

SNMP

To monitor Cisco devices, SNMP access is all that is required. If Active Discovery and monitoring is not working, the possibilities are:

  • SNMP is not set up on the device. For a switch or router, there should be a configuration line such as "snmp-server community public RO" that usually will enable the SNMP daemon.
  • The SNMP community string configured in LogicMonitor is not correct for the device. To configure this, please refer to Defining Properties and Authentication Credentials.
  • The device has a restriction configured in the snmp-server command, which restricts the IP's that it will respond to. E.g. a snmp-server configuration line may in the form "snmp-server community public RO 2" would inclusively restrict SNMP responses to addresses included in access-list 2. In this case, the IP address of the collector would have to be permitted by adding it to access-list 2.
  • There is a firewall--either on the device itself, applied to one of the interfaces, or a separate device between the LogicMonitor collector and the switch--that is preventing SNMP traffic on port 161 UDP. For devices that require SNMP TRAP traffic to function, port 162 UDP may need to be unrestricted as well

For other Cisco devices, such as their Aggregation Services Routers (ASR) series, it may be necessary to enable the sending SNMP TRAPs in the device configuration in order to enable SNMPd for queries by our collector. From the CLI of the Cisco device, enter:

snmp-server enable traps
snmp-server host  version 2c  

If after examining the configuration on the router you cannot see why SNMP is not working, it may help to run debugging to see if the requests are getting to the device, and if they are being answered. From the CLI of the Cisco device, enter:

term mon
debug snmp packet 

This will display all SNMP packets that are arriving and being replied to. Also, please ensure that SNMP TRAP traffic on port 162 UDP is unrestricted between your collector machine and the monitored device.


NTP

NTP is also checked on many Cisco devices to ensure that time is correctly synchronized. So, if you use NTP access-groups, ensure the LogicMonitor collector is allowed to query the Cisco device and that port 123 TCP/UDP is unrestricted between the host and your collector machine.