snmp traps

Unanswered Question
Jul 3rd, 2008
User Badges:

We have one of our switches setup like this but we are not getting any traps from it. Is there something wrong?


set snmp enable

set snmp trap enable macnotification

set snmp trap 10.1.1.100 all port 162 owner CLI index 1

set port security 1/1-2 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 3/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 4/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 5/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set cam notification added disable 1/1-2

set cam notification removed disable 1/1-2

set cam notification added enable 3/1-48

set cam notification removed enable 3/1-48

set cam notification added enable 4/1-48

set cam notification removed enable 4/1-48

set cam notification added enable 5/1-48

set cam notification removed enable 5/1-48

set cam agingtime 1 14400

set cam notification enable

set cam notification interval 5

set cam notification historysize 10


We are trying to get macnotifications but we get nothing.


Our community string is blank in the config...


set snmp community read-only

set snmp community read-write

set snmp community read-write


Could this be the problem?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Thu, 07/03/2008 - 08:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yes, you need at least one valid SNMP read-only community or SNMPv3 username. Other than that, your MAC notification config looks okay.

MZydorczyk2 Thu, 07/03/2008 - 09:12
User Badges:

These traps go to a server so do you need the community string on the switch AND the server?

Joe Clarke Thu, 07/03/2008 - 09:14
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It depends on the trap server as to whether or not it cares about the community string in the trap. For example, Net-SNMP's snmptrapd now requires you to specify which community strings to allow. It will throw away traps with unknown community strings. You'll need to check your trap receiver's documentation to see what is required.

MZydorczyk2 Wed, 07/09/2008 - 07:28
User Badges:

Doesn't look like putting in a community string worked either. I don't think our version of net-snmp requires the community string in the server config because we do have a couple switches that ARE sending traps. I have looked and the config are the same but they still won't send any.

Joe Clarke Wed, 07/09/2008 - 07:57
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What are you doing on this switch to force a trap? One thing you could do since this is CatOS is to use the "test snmp" command to generate a test trap. Try:


test snmp trap cmnMacChangedNotification


You might want to put a sniffer on the SNMP manager to see if the traps are in fact getting to it. You can then work backwards to see if the trap is being dropped at any hop along the way.

MZydorczyk2 Wed, 07/09/2008 - 08:54
User Badges:

I get a message that says "Trap number must be integer." Does this require some number?

Joe Clarke Wed, 07/09/2008 - 10:18
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of CatOS?

Joe Clarke Wed, 07/09/2008 - 10:39
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You'll need to specify generic and specific trap IDs. Try a simple linkUp trap:


test snmp trap 3

MZydorczyk2 Wed, 07/09/2008 - 10:57
User Badges:

What do you mean trap id's? The 3 is the same thing as you last command?

Joe Clarke Wed, 07/09/2008 - 11:08
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Run the command:


test snmp trap 3


That should cause the switch to send a linkUp trap to all configured trap destinations.

Actions

This Discussion