Can SNMP traps account for PPPoE users on a router?

Answered Question
Mar 23rd, 2010

For auditing purposes I want to use SNMP traps to account for PPPoE users on a router?  I don't see a way to do this.  Is is possible?  If not, what's the best way to go about this?

Correct Answer by yjdabear about 6 years 11 months ago

"snmp-server enable traps pppoe" doesn't provide that typo of info, nor do I think it should anyway. OTOH, if you configure "aaa accounting" globally or "ppp accounting" per interface, the NAS (your rtr) can report such user info to the AAA (RADIUS  or TACACS) backend:

rtr# show accounting

Active Accounted actions on tty0, User (not logged in) Priv 1

 Task ID 1, EXEC Accounting record, 00:35:16 Elapsed

 task_id=1 service=shell 

Active Accounted actions on tty33, User ellie Priv 1

 Task ID 16, EXEC Accounting record, 00:00:17 Elapsed

 task_id=16 service=shell 

Active Accounted actions on Interface Async33, User tom Priv 1

 Task ID 17, Network Accounting record, 00:00:13 Elapsed

 task_id=17 service=ppp protocol=ip addr=10.0.0.1 

Then it's a matter of instrumenting a solution on the AAA server to alert/report however you want for the auditors. I'd think SNMP trap wouldn't be the first choice as the delivery mechanism in that case, as there're far more straight-forward options on a server.

Alternatively, If you believe such info can be obtained with some show commands on the router itself, and the router supports EEM, I'd suggest seeking a potential EEM-based solution over in the other Network Management forum (https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management), which can certainly generate SNMP trap accordingly.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
yjdabear Wed, 03/24/2010 - 10:53

What do you mean by "account for PPPoE users"? Send a trap every time a PPPoE user signs on or off?

csamuelps Wed, 03/24/2010 - 11:13

Yes, I'm looking for username, IP address, and time signed on/off.

Correct Answer
yjdabear Wed, 03/24/2010 - 16:22

"snmp-server enable traps pppoe" doesn't provide that typo of info, nor do I think it should anyway. OTOH, if you configure "aaa accounting" globally or "ppp accounting" per interface, the NAS (your rtr) can report such user info to the AAA (RADIUS  or TACACS) backend:

rtr# show accounting

Active Accounted actions on tty0, User (not logged in) Priv 1

 Task ID 1, EXEC Accounting record, 00:35:16 Elapsed

 task_id=1 service=shell 

Active Accounted actions on tty33, User ellie Priv 1

 Task ID 16, EXEC Accounting record, 00:00:17 Elapsed

 task_id=16 service=shell 

Active Accounted actions on Interface Async33, User tom Priv 1

 Task ID 17, Network Accounting record, 00:00:13 Elapsed

 task_id=17 service=ppp protocol=ip addr=10.0.0.1 

Then it's a matter of instrumenting a solution on the AAA server to alert/report however you want for the auditors. I'd think SNMP trap wouldn't be the first choice as the delivery mechanism in that case, as there're far more straight-forward options on a server.

Alternatively, If you believe such info can be obtained with some show commands on the router itself, and the router supports EEM, I'd suggest seeking a potential EEM-based solution over in the other Network Management forum (https://supportforums.cisco.com/community/netpro/network-infrastructure/network-management), which can certainly generate SNMP trap accordingly.

Actions

This Discussion