[mrtg] Re: mrtg of Cisco routers via Internet fails
Radick, Don (IHG)
Don.Radick at ichotelsgroup.com
Tue May 11 14:45:27 MEST 2004
don't do this.
SNMP V1 (which is what MRTG / Perl uses) is insecure -
if you can run SNMP (v1) to your Internet routers, then anyone
else can also, and Cisco SNMP has vulnerabilities.
(A cracker can get control of your router pretty easily)
ADVICE: you MUST run SNMP v3 for security, but MRTG / Perl
does not support this:
>>MRTG does not support SNMP V3 because the perl module that Simon Leinen
>>wrote does not yet support SNMP V3.
>>There are plans to do this, but if you'd like to help I'm sure Simon would
>>appreciate it.
>>http://www.switch.ch/misc/leinen/snmp/perl/
hope this helps,
Don
-----Original Message-----
From: tom.voussure at sita.be [mailto:tom.voussure at sita.be]
Sent: Tuesday, May 11, 2004 8:11 AM
To: mrtg at list.ee.ethz.ch
Subject: [mrtg] mrtg of Cisco routers via Internet fails
Hi,
I monitor my network (cisco routers) with MRTG and it workes really
great...
But I have a problem with monitoring routers via Internet.
I have several Internet connection. Some or completely separated from our
main network.
So to monitor these routers, i have to go thru a firewall, on the internet,
to the other router.
(mrtg server --> firewall --> INTERNET --> router)
I always get the same error:
--base: Get Device Info on xxx at 210.88.234.215:
SNMP Error:
no response received
SNMPv1_Session (remote host: "210.88.234.215" [210.88.234.215].161)
community: ""xxx"
request ID: -1222128975
PDU bufsize: 8000 bytes
timeout: 2s
retries: 5
backoff: 1)
at /usr/local/mrtg-2/bin/../lib/mrtg2/SNMP_util.pm line 570
SNMPWALK Problem for 1.3.6.1.2.1.1 on xxx at 210.88.234.215.
at /usr/local/mrtg-2/bin/cfgmaker line 709
If a try a snmpget i get also "Timeout, no response from ..."
Now, I'm sure that the snmp settings on the router are correct. The router
is configured the same way as all my other routers.
The firewall settings are also correct. I get no deny's in the logs.
I've also tried changing the packetsize of the snmp-packets send by the
router, but it doesn't help....
Anybody any idea ?
thx,
tom
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list