SCOM randomly sends snmp packets thru wrong interface
^Hello,
My SCOM environment is composed by 1 RMS, 2 MS monitoring 870 network devices (SNMP), and 1 MS monitoring 40 windows servers (Agent).
I configured a rule to process the cisco trap Authentication, that is send by a switch when, for example, a not authorized device tries
to read snmp counters.
All SCOM servers are multinic with a configuration similar to:
Interface 1 (VLAN 10)
IP: 10.10.10.10
Mask: 255.255.224.0
DNS: 10.10.10.100
Interface 2 (VLAN 5)
IP: 10.5.0.5
Mask: 255.255.0.0
Recently I had do add a new interface to monitor some snmp devices connected to a different network:
Interface 3 (VLAN 100)
IP: 193.138.100.150
Mask: 255.255.255.128
Gateway: 193.138.100.254
Since I enabled interface 3, the switches connected to VLAN 5 started to randomly generate authentication traps saying that the VLAN 100
IP address of the management server that manages them is trying to communicate but is not authorized
But even more strange, while we were trying to find the cause of the problem we notice that some of the traps are caused by the VLAN 100
IP address of a management server that do not manage the switches.
My two questions are:
1-
If the system has one interface connected directly to a network, why some times the snmp packets are sent thru other interface.
2-
If a management server do not manage a switch, why the switch receives snmp packets from it, where the header source ip is the ip of that
MS.
This is a critical problem for the network team because it causes a lot of
false “network device is down ” alerts and the alert generation is often suspended because it exceeds 50 alerts.
I tried strong host configuration, flush dns, interface binding, and static routes, without success… the problem remains.
Any help is appreciated
June 17th, 2011 12:12pm
binding order of ur nics?
i think "scom" doesn't know anything from below the tcp stack. it just sends traps from the host and lets the os decide how to send them.
Rob Korving
http://jama00.wordpress.com/
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2011 1:02pm
biding order (using first post interface names)
VLAN 5
VLAN 10
VLAN 100
eth1
eth0
June 17th, 2011 1:15pm
Suggest you set up persistent routes to control this. Microsoft Corporation
Free Windows Admin Tool Kit Click here and download it now
June 17th, 2011 2:10pm