OSPF Trap question

Answered Question
Apr 27th, 2010
User Badges:

Hello,


My service provider says their network mgmt platform will monitor this MIB for OSPF trap.


1.3.6.1.4.1.9.10.101


I looked it and saw this is CISCO-OSPF-TRAP-MIB.  My router 2811 runs OSPF on LAN side and run BGP on WAN side facing Service provider.  My goal is to send trap to the Service provider to auto-generate an alarm if I have OSPF neighbor down on the LAN.  I mean my LAN interface can still be up while lose the OSPF neighborship with LAN layer 3 devices and would like the router to be able to send that trap.


I checked the IOS support list and my IOS 12.4.22T1 has this exact MIB listed as supportable.


So in the router, I put in "snmp-server enable traps ospf" and the router generates all below traps related to ospf in it.  I have also set the target ip address of where this trap sends to with below config.


snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa

snmp-server host <ip address> <community-string>  frame-relay config ospf snmp


When we test this with service provider, we admin down the layer 3 device in the LAN and my router shows OSPF neighbor down while the LAN interface is up.  We asked service provider if they see any traps coming in and they said no.  Thus, no ticket is generated.


So my question is do we know which command specific in the router that I need to put in to enable the exact trap that will have this MIB OID 1.3.6.1.4.1.9.10.101 since service provider ONLY monitor any incoming trap with this OID in regards to OSPF?


Should I do debug ip packets next time when we test this again? I guess I want to see how I can have proof that the router did send out the trap to the WAN?  Which debug command will best to turn on to get that information so we can see if the router has generated that exact trap with that exact OID or not?


thanks,
joyce

Correct Answer by Joe Clarke about 7 years 3 weeks ago

The version of the OSPF-MIB loaded in Cisco.com is a bit old.  Try my tool at http://jaguar.ir.miami.edu/~marcus/snmptrans.html .  I try and keep the MIBs there more up-to-date.  If you need a recent copy of the OSPF-TRAP-MIB, I have posted it here.


The object, ospfNbrState is not the same as the trap ospfNbrStateChange.  The former is an object which will be a variable binding within the latter SNMP notification.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
blackladyJR Wed, 04/28/2010 - 07:45
User Badges:

I looked at the doc, but it seems to talk about multiple OSPF instances.  It does not seem to be related to my original questions.  Thanks.

Joe Clarke Wed, 04/28/2010 - 23:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Exactly what traps does your ISP care about?  The traps defined in the CISCO-OSPF-TRAP-MIB don't really sound like what you want.  It seems to me the ospfNbrStateChange trap from the OSPF-TRAP-MIB is closer to the situation you are describing.  If a neighbor changes state, then a trap will be generated.


That said, you've enabled all of the OSPF traps, and assuming is the provider's NMS IP, they should be receiving the traps.  Your idea of doing "debug snmp packet" is good to confirm the traps are being generated (I don't think you're going to see CISCO-OSPF-TRAP-MIB traps in your test, though).  If OSPF traps are being generated, then check to make sure udp/162 is open between your router and your provider's NMS.  You should also confirm the community string configured for your trap host matches what is configured on the provider's NMS.

blackladyJR Tue, 05/04/2010 - 06:30
User Badges:

Hi Joe,


Thanks very much for your reply.  ISP told me they are monitoring this OSPF-TRAP-MIB as that's the OID they gave me.  So you said this MIB is not related to ospf neighbor down then?  So when ospf neighbor down, the router will not generate this exact trap with this OID, is that correct?


If so, which OID will it generate then? 1.3.6.1.2.1.14.10.1.6 ospfNbrState ?


I looked up this ospfNbrState trap and click on the "view supported image".  In the supported image list, it does not have any ISR router in there and highest IOS is 12.3 in the list.


So does that mean this OID is an old one that not in ISR and 12.4 or above? So what is the replacement equivalent then?


All my customer wants is that when OSPF neighbor goes down while the interface on the router is still up (i.e. some outage on the LAN that only bring down the ospf neighbor but didn't cause the router LAN interface to go down as well), during this scenario, they just want to know if ISP can see this event and generate tickets.  So I talked to ISP and that's the MIB OSPF-TRAP-MIB 1.3.6.1.4.1.9.10.101 that they said they are monitoring. 


I think we can look at this in another angle, forget what ISP is monitoring as they are asking us what OID will the router be "sending" and they may be able to add that OID to their monitoring platform if needed.  So my questions are:


1.  In the event of the simple ospf neighbor down, in an 2811 ISR with 12.4T IOS, what is the OID trap that an ISR will generate and send out for this ospf down event?  And what is the exact OID? 

2.  I have enabled "all" ospf trap in the router, but once we narrow down to a particular OID that is related to ospf neighbor down event, do you know which more specific command to enable in the router instead of enabling "all ospf" of them? 


thanks,

Joyce

Joe Clarke Tue, 05/04/2010 - 10:31
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The router will send the ospfNbrStateChange trap from the OSPF-TRAP-MIB which is supported on ISRs running 12.4T.  This is controlled by the config command:


snmp-server enable traps ospf state-change


The trap will look something like:


May  4 13:29:36 nms-server2 snmptrapd[28274]: 2010-05-04 13:29:36 14.32.100.91(via UDP: [0.0.0.0]->[14.32.100.91]:-666) TRAP, SNMP v1, community public

OSPF-TRAP-MIB::ospfTraps Enterprise Specific Trap (2) Uptime: 30 days, 22:49:09.47    

  OSPF-MIB::ospfRouterId = IpAddress: 14.32.12.45   

  OSPF-MIB::ospfNbrIpAddr = IpAddress: 14.32.100.75   

  OSPF-MIB::ospfNbrAddressLessIndex = INTEGER: 0   

  OSPF-MIB::ospfNbrRtrId = IpAddress: 192.168.1.1   

  OSPF-MIB::ospfNbrState = INTEGER: down(1)

blackladyJR Tue, 05/04/2010 - 13:33
User Badges:

Hi Joe,


Thanks for your assistance.


You have mentioned the ospfnbrstatechange is part of the ospf-trap-mib.  The OID for the ospf-trap-mib is 1.3.6.1.4.1.9.10.101 and I searched the details of this MIB in below URL.  I can't find the ospfnbrstate within this URL, am I looking at a wrong MIB?


http://tools.cisco.com/Support/SNMP/do/BrowseMIB.do?local=en&step=2&mibName=CISCO-OSPF-TRAP-MIB


What is the OID that ISR router 12.4T will generate when the ospf neighbor goes down?  I think that's the ultimate question from ISP that they want to know what OID that they need to monitor for ospf neighbor down.


thanks again,

Joyce

Joe Clarke Tue, 05/04/2010 - 13:36
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You're looking at the CISCO-OSPF-TRAP-MIB.  This is not the same thing as the OSPF-TRAP-MIB.  The OID of the ospfNbrStateChange trap is

1.3.6.1.2.1.14.16.2.2.
blackladyJR Tue, 05/04/2010 - 14:00
User Badges:

Joe,


Thanks so much.  Now I see I was looking at a wrong MIB.


I tried to search the OID that you provided - 1.3.6.1.2.1.14.16.2.2 but it sorts of die after .14.  The tree after .14 seems to end at 15 (ospfConformance), so there is no 16 to continue in the tree branch.  I must be doing something wrong that I can't pull up this OID to read the details.  You can tell I am new in the snmp area of knowledge.  Can you tell me how I can pull up the details of the OID that you provided to me?  Thanks a lot.

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.2.1.14.16.2.2&translate=Translate&submitValue=SUBMIT&submitClicked=true

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?objectInput=1.3.6.1.2.1.14&translate=Translate&submitValue=SUBMIT&submitClicked=true

Is it possible you can provide me the OID for the OSPF-TRAP-MIB itself? 

I tried another way to search by entering the OSPF-TRAP-MIB and it pulls up the content of this MIB and i saw the ospfnbrstate is in this MIB.  When I click on the hyperlink for this ospfnbrstate, it brings me to 1.3.6.1.2.1.14.10.1.6 instead of the OID you gave me.  So it shows this 1.3.6.1.2.1.14.10.1.6 and that's the one that is not in ISR or 12.4 IOS. 

thanks again.

Joyce

  

Correct Answer
Joe Clarke Tue, 05/04/2010 - 15:47
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The version of the OSPF-MIB loaded in Cisco.com is a bit old.  Try my tool at http://jaguar.ir.miami.edu/~marcus/snmptrans.html .  I try and keep the MIBs there more up-to-date.  If you need a recent copy of the OSPF-TRAP-MIB, I have posted it here.


The object, ospfNbrState is not the same as the trap ospfNbrStateChange.  The former is an object which will be a variable binding within the latter SNMP notification.

blackladyJR Tue, 05/04/2010 - 16:14
User Badges:

Hi Joe,


You have explained my confusion so the cisco tool that I have been using is outdated   (no wonder I didn't know why can't find it).


I have a final dumb question.  So the trap that the ISR router will be sending for ospf neighbor down will be 1.3.6.1.2.1.14.16.2.2 so that's the OID that I need to tell ISP if they are "monitoring" this exact OID, is that correct? 

How about the "parent" of this trap OID?  Is it just 1.3.6.1.2.1.14.16?  If so, if ISP says they monitor this 1.3.6.1.2.1.14.16, will that means anything that branches within this parent will be seen?  I mean if ISP monitors this 1.3.6.1.2.1.14.16, then any event falls within this such as

1.3.6.1.2.1.14.16.2.2 or

1.3.6.1.2.1.14.16.2.1 or

1.3.6.1.2.1.14.16.2.16...etc will be covered and be seen by ISP then?


OR does ISP needs to specific the specific exact 1.3.6.1.2.1.14.16.2.2 in their platform in order to see this particular event?

Will the debug snmp packets be able to see the trap that shows the OID in the debug as well?  Last time we did the test and ISP says they didn't see anything, they asked if we can show OID that the trap went out of router.  Will this debug snmp packet command supply that info?

thanks again,

Joyce



Joe Clarke Tue, 05/04/2010 - 23:20
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

If the ISP watches for all traps with an OID of 1.3.6.1.2.1.14.16, that should catch everything the customer requires.  Yes, the "debug snmp packet" should show this when traps are sent out.

Actions

This Discussion