Wednesday, November 25, 2009

F5 BIGIP: Verify/Restart SNMP Daemon

Just in case you need to check the status and/or restart the SNMP daemon of the bigip (i.e., because it has stopped responding to SNMP polling), enter the following commands via the CLI:

For BIGIP v4
  1. Check the SNMP daemon status:
    /etc/bigstart/status/S40snmpd status

    The correct output should be:
    Status snmpd: (pid xxxxx) is running
    Status bigsnmpd: (pid yyyyy) is running
    Status rlxsnmpd: is not running


  2. If the result is different from above (i.e., bigsnmpd is not running), restart the SNMP daemon:
    /etc/bigstart/status/S40snmpd restart



For BIGIP v9
  1. Check the current status of the SNMP daemon:
    bigstart status snmpd


  2. Restart the SNMP daemon
    bigstart restart snmpd


  3. Verify status of the SNMP daemon:
    bigstart status snmpd


    4. Example:
    [root@bigip:Active]~# bigstart status snmpd
    snmpd run (pid 12707) 90 days, 1 start
    [root@bigip:Active]~# bigstart restart snmpd
    [root@bigip:Active]~# bigstart status snmpd
    snmpd run (pid 4822) 6 seconds, 2 starts
    [root@bigip:Active]~#
Posted by at No comments:
Labels: , ,

Wednesday, November 11, 2009

CatOS : SYS-2-MOD_TEMPSENSORFAIL flood from X6148A-GE-45AF

CSCsl37513
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl37513

SYS-2-MOD_TEMPSENSORFAIL:Module w/ X6148A-GE-45AF and CatOS

Symptom:
Numerous WS-X6148 linecards generate the following error:
%SYS-2-MOD_TEMPSENSORFAIL:Module # temperature sensors failed, please %powercycle the module


Conditions:
No production impact related to this message.

Workaround:
Powercycle module as requested by the error message.
  • set module power down module_number
  • set module power up module_number

Permanent Fix:
Upgrade IOS/CatOS to the below versions or later:
8.7(0.22)FW124
8.7(1.62)LAR
8.6(5.7)
8.7(0.22)BUB48
12.2(33.3.13)SXH
12.2(33)SXH4
Posted by at No comments:
Labels: , , ,

IOS: IP SLA : SNMP : Router crashes and reloads if up for more than 497 days

CSCsa57468
rttmon-mib does not return getnext value when queried via snmp

Symptom:
Concord poller crashes when polling a router that has been configured with IP SLA. Infact this DDTS will surface when doing snmp gets for the objects mentioned in the Conditions section below coming from any NMS (e.g. Concord, IPM, Spectrum, etc.)

Conditions:
The SNMP GETNEXT request is sent to the router for the following OIDs:
  • rttMonJitterStatsCompletions
  • rttMonStatsCaptureCompletions
  • rttMonStatsTotalsInitiations
  • rttMonStatsCaptureEntry (rttMonStatsCaptureCompletion etc.)
  • rttMonStatsCollectEntry
  • rttMonStatsTotalsEntry
  • rttMonJitterStatsEntry
  • rttMonHTTPStatsEntry.
The router does not return the next index of these OIDs, but the same index. This happens only when the router has been up and running for longer than 497 days.

Affected IOS Versions:
  • 12.2(15)T
  • 12.2SXH

Workaround:
This problem is only happening when polling the CISCO-RTTMON-MIB via snmp get. Use the IOS CLI to avoid it.

Permanent Fix:
Upgrade the IOS version.

Fixed in:
  • 12.3(14.12)M
  • 12.4(1.5)M
  • 12.2(33)SRC
  • 12.2(40)SE
  • 12.2(44)SE
  • 12.3(11)T6
  • 12.3(11)YW
  • 12.3(14)T2
  • 12.4(1.8)T
  • 12.4(1a)M
  • 12.2(33)SXI
  • 12.2(32.8.80)SR
  • 12.2(32.8.11)XID112.9
  • 12.2(33.1.7)SXH
  • 12.2(33)SXH2
  • 12.2(33)SB
  • 12.2(32.8.99a)SR133
  • 12.2(32.8.11)XJC153.1
Posted by at No comments:
Labels: , , ,

Sunday, November 8, 2009

IOS: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key

Symptoms:
The device getting numerous %SSH-3-PRIVATEKEY syslogs, usually followed by a traceback such as the following:

Nov 7 02:40:49.542 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for
-Process= "SSH Process", ipl= 0, pid= 148
-Traceback= 61D48360 61D44B24 61D462C4 6053BD88 6053BD6C
Nov 8 02:16:22.452 GMT: %SSH-3-PRIVATEKEY: Unable to retrieve RSA private key for
-Process= "SSH Process", ipl= 0, pid= 148
-Traceback= 61D48360 61D44B24 61D462C4 6053BD88 6053BD6C


Explanation:
Often seen if hostname or domain name of the router has been changed.

Workaround/Fix:

  • Remove existing RSA Key:
    crypto key zeroize rsa
  • Gnerate RSA key with the following commands:

    show crypto key mypubkey rsa
    crypto key gen rsa general-keys label label
    ip ssh rsa keypair-name label

    where label = unique label/identifier
Posted by at 4 comments:
Labels: , , ,
Subscribe to: Posts (Atom)