SNMP TRAPS and SLA

Unanswered Question
Jul 11th, 2010
User Badges:

HI


I am trying to configure IP SLA to send SNMP TRAPS but looks like doing some mistake ..


i have following configured

!

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;}

ip sla monitor 2

type echo protocol ipIcmpEcho 150.1.3.3 source-ipaddr 1.1.98.7

frequency 10

!

ip sla monitor schedule 2 start-time now recurring

!

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;} ip sla reaction-configuration 2 react rtt threshold-type immediate action-type trapOnly  

!

ip sla logging traps

!

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin;}

snmp-server community public RO

snmp-server enable traps rtr

snmp-server host 1.1.128.226 public 
           

1.1.98.7 is the loopback ip on my network. To test the snmp traps, i enabled debug snmp packets and shutdown loopback interface (1.1.98.7)

I don't see any snmp message in debug output ..


am i missing something or it is not possible to get traps directly from ip sla .. do i need EEM for this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Sun, 07/11/2010 - 22:21
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I think you need to add a reaction for timeout instead of rtt.  What is the status of this IP SLA collector?  I have a feeling it's in a timeout state versus an over threshold state.

Lokesh.Khanna Sun, 07/11/2010 - 22:28
User Badges:

HI


Yes, it is in Timeout state.

WIll it not treat as high RTT if it is down .. specially If the latency is above 5000 ms (default reaction cofniguration for RTT)


is there any way i can simulate the latency on rtrs ..

Joe Clarke Mon, 07/12/2010 - 08:10
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The collector has to complete for RTT to be high.  If it times out, it times out.  If you have some kind of QoS policy you can use to rate-limit the IP SLA traffic, that could be used to bump up the latency.  Else, you can artificially lower the threshold or just configure a timeout reaction to test trap functionality.

Lokesh.Khanna Mon, 07/12/2010 - 13:59
User Badges:

HI


I just tested traps using timeout option and it works ..


but it worked for me even if i didn't have "snmp-server enable traps rtr" & "ip sla monitoring trap"


Why do we need those commands if it works without them also ..

Joe Clarke Mon, 07/12/2010 - 15:46
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You only need "ip sla monitor trap" to produce syslog messages.  You will need to enable IP SLA or rtr traps, though.  What config did you have which produced a trap?  What trap did you receive?

Lokesh.Khanna Tue, 07/13/2010 - 13:08
User Badges:

HI


this is my cofnig -


ip sla 1
icmp-echo 65.65.3.3 source-ip 65.65.2.2
request-data-size 1500
frequency 10
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react rtt threshold-value 5 1 threshold-type immediate action-type trapOnly
ip sla enable reaction-alerts
logging trap debugging


!
snmp-server host 150.150.1.1 public  ipsla

!


R2#sh ip sla reaction-configuration 1
Entry number: 1
Index: 1
Reaction: rtt
Threshold Type: Immediate
Rising (milliseconds): 5
Falling (milliseconds): 1
Threshold CountX: 5
Threshold CountY: 5
Action Type: Trap only




R2#sh ip sla statistics
IPSLAs Latest Operation Statistics


IPSLA operation id: 1

Type of operation: icmp-echo

    Latest RTT: 12 milliseconds

Latest operation start time: *16:01:33.914 UTC Tue Feb 15 2000

Latest operation return code: Over threshold

Number of successes: 176

Number of failures: 0

Operation time to live: Forever


Am i missing something here. As per the sla stats, return code is over threshold and as per react-configuration, i am supposed to get snmp alert ..


if i change my react configuration to timeout, then i immedailty get snmp traco as soon as destination is not reachable ..

Joe Clarke Tue, 07/13/2010 - 13:13
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

What is the exact trap you receive for a timeout?

Lokesh.Khanna Tue, 07/13/2010 - 14:02
User Badges:

HI


I just created another ip sla with timeout in react-config .. below is my config



ip sla 2
icmp-echo 65.65.100.100 source-ip 65.65.2.2
frequency 10
ip sla schedule 2 life forever start-time now
ip sla reaction-configuration 2 react timeout threshold-type immediate action-type trapOnly

!


snmp-server community public RO
snmp-server enable traps ipsla
snmp-server host 150.150.1.1 public  ipsla


logging message-counter syslog
logging trap debugging


!


*Feb 15 16:52:48.074: %RTT-4-OPER_TIMEOUT: condition occurred, entry number = 2
*Feb 15 16:52:48.082: SNMP: Queuing packet to 150.150.1.1
*Feb 15 16:52:48.082: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 2
rttMonCtrlAdminTag.2 = 
rttMonHistoryCollectionAddress.2 = AAdd
rttMonCtrlOperTimeoutOccurred.2 = 1
*Feb 15 16:52:48.130: SNMP: Queuing packet to 150.150.1.1
*Feb 15 16:52:48.130: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 5
rttMonCtrlAdminTag.2 = 
rttMonHistoryCollectionAddress.2 = AAdd
rttMonReactVar.2 = 7
rttMonReactOccurred.2 = 1
rttMonReactValue.2 = 1
rttMonReactThresholdRising.2 = 0
rttMonReactThresholdFalling.2 = 0
rttMonEchoAdminLSPSelector.2 = 00 00  00 00  
*Feb 15 16:52:48.198: %RTT-3-IPSLATHRESHOLD: IP SLAs(2): Threshold Occurred for timeout


But i don't get traps from other ip sla instance which is monitoring RTT threshold values..

Joe Clarke Tue, 07/13/2010 - 14:08
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Post the full show run and show ver from this device.

Lokesh.Khanna Tue, 07/13/2010 - 14:26
User Badges:

sorry, it actually worked .. i just gave a restart to ip sla and it worked.


looks like router was already in threshold stage when i was activating reaction-config ..


but i am still confused which command is actualluy generating these traps since i have taken out some of the snmp config out and i stil get traps ..



below is the oputput of traps which i get when i restart ip sla .


*Feb 15 17:10:43.453: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.453: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.453: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 3
rttMonCtrlAdminTag.1 = 
rttMonHistoryCollectionAddress.1 = 41 41  03 03   
rttMonCtrlOperOverThresholdOccurred.1 = 1
*Feb 15 17:10:43.497: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.501: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.501: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 5
rttMonCtrlAdminTag.1 = 
rttMonHistoryCollectionAddress.1 = 41 41  03 03   
rttMonReactVar.1 = 1
rttMonReactOccurred.1 = 1
rttMonReactValue.1 = 12
rttMonReactThresholdRising.1 = 5
rttMonReactThresholdFalling.1 = 1
rttMonEchoAdminLSPSelector.1 = 00 00  00 00  
*Feb 15 17:10:43.585: SNMP: 150.150.1.1 queue overflow, dropping packet
*Feb 15 17:10:43.585: SNMP: Queuing packet to 150.150.1.1
*Feb 15 17:10:43.585: SNMP: V1 Trap, ent rttMonNotificationsPrefix, addr 65.65.2.2, gentrap 6, spectrap 5
rttMonCtrlAdminTag.1 = 
rttMonHistoryCollectionAddress.1 = 41 41  03 03   
rttMonReactVar.1 = 1
rttMonReactOccurred.1 = 1
rttMonReactValue.1 = 12
rttMonReactThresholdRising.1 = 5
rttMonReactThresholdFalling.1 = 1
rttMonEchoAdminLSPSelector.1 = 00 00  00 00 


#####


below is my running config and sh ver


R2#sh ver
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 19-Jun-09 15:13 by prod_rel_team


ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)


R2 uptime is 8 hours, 9 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T1.bin"



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.


A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html


If you require further assistance please contact us by sending email to
export@cisco.com.


Cisco 2811 (revision 53.50) with 237568K/24576K bytes of memory.
Processor board ID FTX0952C333
2 FastEthernet interfaces
4 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
62720K bytes of ATA CompactFlash (Read/Write)


Configuration register is 0x2102


R2#            


R2#sh run
Building configuration...



Current configuration : 2233 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
dot11 syslog
ip source-route
!
!
ip cef
!
!        
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!        
!
!
!
!
voice-card 0
!
!
!
!
!
vtp domain 29
vtp mode transparent
archive
log config
  hidekeys
!
!
!
!
!
!
!
!        
!
interface Loopback0
ip address 65.65.2.2 255.255.255.0
!
interface FastEthernet0/0
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 65.65.128.193 255.255.255.224
shutdown
duplex auto
speed auto
!
interface Serial0/2/0
ip address 65.65.13.2 255.255.255.224
encapsulation ppp
clock rate 2000000
!
interface Serial0/3/0
no ip address
shutdown
!
router ospf 65
router-id 65.65.2.2
log-adjacency-changes
network 65.65.2.2 0.0.0.0 area 1
network 65.65.13.2 0.0.0.0 area 1
network 65.65.128.193 0.0.0.0 area 1
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
ip sla 1
icmp-echo 65.65.3.3 source-ip 65.65.2.2
request-data-size 1500
frequency 10
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react rtt threshold-value 5 1 threshold-type immediate action-type trapOnly
!
!
!
!
!
!
snmp-server community public RO
snmp-server host 150.150.1.1 public
!
control-plane
!
!
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
!        
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end


R2#                                 
R2#

Joe Clarke Tue, 07/13/2010 - 21:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

The command "snmp-server host 150.150.1.1 public" is causing the traps to be sent, but they must be enabled.  Given this config, I would think a reload would mean traps would no longer be sent.  Typically, one would do:


snmp-server enable traps rtr

snmp-server host x.x.x.x traps public

Lokesh.Khanna Wed, 07/14/2010 - 12:55
User Badges:

HI


is it possible that the word "trapOnly" in "ip sla reaction-configuration 1 react rtt threshold-value 5 1 threshold-type immediate action-type trapOnly"

causing snmp trap to get generated.

I have rebooted router and i only have snmp-server host xxx public on my router defined and still i see traps going out.

Joe Clarke Thu, 07/15/2010 - 19:12
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

It is certainly possible, but I have not seen this behavior in the past.  This may be a bug.  I tested locally on a switch in my lab, and I cannot recreate, but I do not have your show ver.  I recommend you open a TAC service request if you want to pursue this further.

Actions

This Discussion