SNMP Monitoring for Virtual Appliances
The Cisco Secure Access Virtual appliances (VAs) support the Simple Network Management Protocol (SNMP), including versions SNMPv2c and SNMPv3. You can configure and enable SNMP in a VA to monitor the health of the VA and provide connectivity statistics. SNMP monitoring on a VA is disabled by default.
Table of Contents
- Enable SNMP Monitoring
- About SNMP Monitoring
- Standard OIDs Supported by the Virtual Appliance
- Extended OIDs Supported by the Virtual Appliance
Enable SNMP Monitoring
In the Secure Access VA, the SNMP configuration supports the SHA-1, DES-128, and AES-128 algorithms.
SNMPv2.x
Configure SNMPv2 with the config snmp command, for example:
config snmp configure -v2 <options> <args>
If your VA uses SNMP version 2.3 or earlier, configure SNMP with the support snmp command, for example:
support snmp <options> <args>
SNMPv3
When you configure SNMPv3 in your VA, provide a username and password. All other parameters are optional.
Configure SNMPv3 with the config snmp command, for example:
config snmp configure -v3 <options> <args>
Privacy Password
The SNMP privacy password is a string that can include 8–255 alphanumeric characters.
Note: The SNMP privacy password can not include special characters.
Configure SNMP in Secure Access Virtual Appliance
- Enter the Configuration Mode on the VA. Use the
configureoption with the SNMP command. See the SNMP Command Syntax for the list of command-line arguments. - Enable SNMP monitoring.
config snmp enable - Enter exit to return to the VA console.
SNMP Command Syntax
Usage: config snmp <options> <args>
The options parameter must be one of the following: configure | enable | disable | status
configure -v2 [ -c '<community string>' ]
Enables SNMP v2.
* c - Community string; The default Community string is 'public'.
-v3 -u '<username>' -p '<password>' [-a [MD5|SHA] -x [AES|DES] -X [password]]
Enables SNMP v3 with username and password.
* u - Username can include at most 32 alphanumeric characters.
* p - Password can include 8-12 alphanumeric characters.
* a - Optional password hash algorithm; Default SHA.
* x - Optional encryption algorithm; Default AES.
* X - Privacy password is used with the AES algorithm.
The privacy password can include 8-255 alphanumeric characters.
Special characters are not supported.
enable Enable SNMP.
disable Disable SNMP.
status Show the SNMP service status and Version information.
-h, --help Display this usage information.
About SNMP Monitoring
The Secure Access VA listens on port 161 for SNMP queries. The VA supports SNMP monitoring of:
- Health statistics—CPU, load, memory, disk space, and status.
- Connectivity statistics—Connectivity to Secure Access resolvers, connectivity to the local DNS servers, connectivity to the Active Directory (AD) connector, and connectivity to the Secure Access API.
Standard OIDs Supported by the Virtual Appliance
| Information | OID | Notes |
|---|---|---|
| Load | UCD-SNMP-MIB::laTable Load-1 (1 minute load): .1.3.6.1.4.1.2021.10.1.3.1 Load-5 (5 minute load): .1.3.6.1.4.1.2021.10.1.3.2 Load-15 (15 minutes load): .1.3.6.1.4.1.2021.10.1.3.3 | If the five minute load is consistently greater than .75 of the number of processor cores, the VA is running short of processing power. |
| CPU | UCD-SNMP-MIB:systemStats Percentage of user CPU time: .1.3.6.1.4.1.2021.11.9.0 Percentages of system CPU time: .1.3.6.1.4.1.2021.11.10.0 Percentages of idle CPU time: .1.3.6.1.4.1.2021.11.11.0 | |
| Memory Utilization | UCD-SNMP-MIB::memory Available swap: .1.3.6.1.4.1.2021.4.4.0 Total swap: .1.3.6.1.4.1.2021.4.3.0 | If the ratio of Available swap to Total swap is consistently lower than 0.5, the VA is running low on memory. |
| Disk Usage | Percentage of space used on data portion of disk: .1.3.6.1.4.1.8072.1.3.2.4.1.2.9.100.105.115.107.117.115.97.103.101.1 | If this value is consistently greater than 0.8, the VA may be running out of disk space. |
Note: Virtual Appliances support querying of the system OIDs 1.3.6.1.2.1.1.1 to 1.3.6.1.2.1.1.7.
Extended OIDs Supported by the Virtual Appliance
| Information | OID |
|---|---|
| VA status (dns) | .1.3.6.1.4.1.8072.1.3.2.4.1.2.7.116.104.105.115.100.110.115.1 |
| Connectivity to Secure Access resolvers (dns) | .1.3.6.1.4.1.8072.1.3.2.4.1.2.3.100.110.115.1 |
| Connectivity to local DNS servers (localdns) | .1.3.6.1.4.1.8072.1.3.2.4.1.2.8.108.111.99.97.108.100.110.115.1 |
| Connectivity to Secure Access (cloud) | .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.99.108.111.117.100.1 |
| Connectivity to AD connectors (ad) | .1.3.6.1.4.1.8072.1.3.2.4.1.2.2.97.100.1 |
| Queries per second over last 5 minutes* | .1.3.6.1.4.1.8072.1.3.2.4.1.2.4.113.112.115.53 |
| Queries per second over last 15 minutes* | .1.3.6.1.4.1.8072.1.3.2.4.1.2.5.113.112.115.49.53 |
The asterisk (*) denotes an OID which returns the throughput of the VA—the number of queries handled per second.
For the first 5 OIDs in the table above, search for the following sub-strings in the output:
- green—Indicates a status of Okay.
- red—Indicates a status of Not Okay.
- yellow—indicates a status of Partially Okay.
- white—indicates a status of Not Configured.
Note: If an SNMP probe against any of these OIDs results in a timeout, we recommend that you increase the timeout value when issuing the probe.
Test Virtual Appliance Deployments < SNMP Monitoring for Virtual Appliances > Troubleshoot Virtual Appliances
Updated 2 months ago