SNMP Trap Support On CatOS

Answered Question
Feb 23rd, 2009
User Badges:

Hi,


Does anyone know what version of SNMP traps are supported on CatOS? Ideally, I want to be able to configure SNMPv3, but it seems as though I can only find examples of configuration for SNMPv1. Can anyone assist? The config I have applied for SNMPv1 is:


set snmp trap 1.1.1.1 string

set snmp trap enable all


Thanks,

goulin

Correct Answer by Joe Clarke about 8 years 3 weeks ago

Your targetparams name is wrong. You have "set targetparams ip" when it should be "set targetparams p1". Other than that, this looks right to me. I have this working on a 6500 running 8.5(3), but I do not have a Cat4K on which to test.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
goulin Mon, 02/23/2009 - 17:08
User Badges:

I can't seem to configure SNMPv2c traps though - and I followed this document to configure SNMPv3 traps, yet when I performed a capture, the switch was not sending these out.


The config I tried for SNMPv3 is:


set snmp view videfault 1 included

set snmp access group1 security-model v3 authentication read videfault write videfault notify videfault


set snmp notify notifytable1 tag router trap

set snmp targetaddr PC param p1 10.49.31.173

set snmp targetparams p1 user snmp3_user security-model v3 message-processing v3 authentication


set snmp user snmp3_user authentication sha testtest



set snmp group group1 user snmp3_user security-model v3


Joe Clarke Mon, 02/23/2009 - 22:32
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

This looks mostly right. You're missing an important argument on your targetaddr, though. Make sure you configure:


set snmp targetaddr PC param p1 tag router

goulin Mon, 02/23/2009 - 22:41
User Badges:

Is that for v2c or v3? I actually have both the targetaddr and targetparams configured, yet I can't get it to work.

Joe Clarke Mon, 02/23/2009 - 22:48
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

That is for v3. For v2c, just configure:


set snmp trap 10.1.1.1 public version 2c

goulin Mon, 02/23/2009 - 22:51
User Badges:

The thing is, the version of CatOS I am running does not have the version 2c option after the set snmp trap . It does not seem to allow you to specify a version to set traps, which is why I was confused, because I was following the release notes for the CatOS version I am running:


http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.3and8.4glx/configuration/guide/snmp.html#wp1046035')">http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.3and8.4glx/configuration/guide/snmp.html#wp1046035


When configuring the host, it sends v1 by default.

Joe Clarke Mon, 02/23/2009 - 22:54
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What version of CatOS are you using?

goulin Mon, 02/23/2009 - 22:57
User Badges:

I am using v8.4(11)GLX for a Cisco 4006. The link I posted should refer to the release notes for that hardware and that specific CatOS version.

Joe Clarke Mon, 02/23/2009 - 23:12
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Okay, on the Cat4K, you need to do something SNMPv3-like to enable v2c traps:


set snmp group v2cgroup user v2cuser security-model v2c non

set snmp notify not1 tag v2ctrap trap

set snmp targetpar p1 user v2cuser security-model v2c message v2c non

set snmp targetaddr addr2 param p1 10.1.1.1 udpport 162 udpmask 0

taglist v2ctrap

goulin Tue, 02/24/2009 - 15:49
User Badges:

Ok, I tried that but I still coulf not get it to send v2c traps.


Nevertheless, I am really wanting to send SNMPv3 traps with AuthNoPriv. The exact configuration I have for SNMP is:


set snmp user user1v3 authentication sha XXXXX

set snmp community read-only public

set snmp view videfault 1 included nonvolatile

set snmp access group1v3 security-model v3 authentication read videfault write videfault notify videfault nonvolatile

set snmp notify notifytable1 tag routers trap nonvolatile

set snmp targetaddr CAM param p1 10.49.31.173 udpport 162 maxmsgsize 484 timeout 1500 retries 3 nonvolatile taglist routers

set snmp targetparams ip user user1v3 security-model v3 message-processing v3 authentication

set snmp group group1v3 user user1v3 security-model v3 nonvolatile

set snmp trap enable all

set snmp trap 10.49.31.173 traps port 162 owner CLI index 1


With the last line in, it sends SNMPv1 traps to 10.49.31.173. When I remove the last line, it does not send SNMPv3 traps (which is what I thought the above config would do without that line and what the documentation seems to suggest).


I could be missing something... any ideas?

Correct Answer
Joe Clarke Tue, 02/24/2009 - 15:55
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Your targetparams name is wrong. You have "set targetparams ip" when it should be "set targetparams p1". Other than that, this looks right to me. I have this working on a 6500 running 8.5(3), but I do not have a Cat4K on which to test.

goulin Tue, 02/24/2009 - 15:58
User Badges:

Grr, found what I was missing. I've been playing around so much that the params were different between the targetparams and targetaddr statements.


Initially, my issue before I started playing around was that I did not have the 'taglist' command at the end of the targetaddr command, which is probably what it was not sending any traps.


Thanks for your help

goulin Mon, 03/02/2009 - 13:44
User Badges:

Ok... officially, the CatOS 8.4(11)GLX for Cisco 4000's sucks. SNMPv3 traps just stopped working all of a sudden. Also, SNMPv3 read/write works for around 2 hours, and then stops working. Looks like I have to use SNMPv1 or 2c.

Actions

This Discussion