Does anyone know what version of SNMP traps are supported on CatOS? Ideally, I want to be able to configure SNMPv3, but it seems as though I can only find examples of configuration for SNMPv1. Can anyone assist? The config I have applied for SNMPv1 is:
set snmp trap 188.8.131.52 string
set snmp trap enable all
Solved! Go to Solution.
CatOS supports v1, v2c, and v3 traps after 5.4. See http://www.cisco.com/en/US/docs/switches/lan/catalyst5000/catos/6.x/configuration/guide/snmp.html#wp1022235 for more details.
I can't seem to configure SNMPv2c traps though - and I followed this document to configure SNMPv3 traps, yet when I performed a capture, the switch was not sending these out.
The config I tried for SNMPv3 is:
set snmp view videfault 1 included
set snmp access group1 security-model v3 authentication read videfault write videfault notify videfault
set snmp notify notifytable1 tag router trap
set snmp targetaddr PC param p1 10.49.31.173
set snmp targetparams p1 user snmp3_user security-model v3 message-processing v3 authentication
set snmp user snmp3_user authentication sha testtest
set snmp group group1 user snmp3_user security-model v3
This looks mostly right. You're missing an important argument on your targetaddr, though. Make sure you configure:
set snmp targetaddr PC param p1 tag router
The thing is, the version of CatOS I am running does not have the version 2c option after the set snmp trap
When configuring the host, it sends v1 by default.
I am using v8.4(11)GLX for a Cisco 4006. The link I posted should refer to the release notes for that hardware and that specific CatOS version.
Okay, on the Cat4K, you need to do something SNMPv3-like to enable v2c traps:
set snmp group v2cgroup user v2cuser security-model v2c non
set snmp notify not1 tag v2ctrap trap
set snmp targetpar p1 user v2cuser security-model v2c message v2c non
set snmp targetaddr addr2 param p1 10.1.1.1 udpport 162 udpmask 0
Ok, I tried that but I still coulf not get it to send v2c traps.
Nevertheless, I am really wanting to send SNMPv3 traps with AuthNoPriv. The exact configuration I have for SNMP is:
set snmp user user1v3 authentication sha XXXXX
set snmp community read-only public
set snmp view videfault 1 included nonvolatile
set snmp access group1v3 security-model v3 authentication read videfault write videfault notify videfault nonvolatile
set snmp notify notifytable1 tag routers trap nonvolatile
set snmp targetaddr CAM param p1 10.49.31.173 udpport 162 maxmsgsize 484 timeout 1500 retries 3 nonvolatile taglist routers
set snmp targetparams ip user user1v3 security-model v3 message-processing v3 authentication
set snmp group group1v3 user user1v3 security-model v3 nonvolatile
set snmp trap enable all
set snmp trap 10.49.31.173 traps port 162 owner CLI index 1
With the last line in, it sends SNMPv1 traps to 10.49.31.173. When I remove the last line, it does not send SNMPv3 traps (which is what I thought the above config would do without that line and what the documentation seems to suggest).
I could be missing something... any ideas?
Grr, found what I was missing. I've been playing around so much that the params were different between the targetparams and targetaddr statements.
Initially, my issue before I started playing around was that I did not have the 'taglist' command at the end of the targetaddr command, which is probably what it was not sending any traps.
Thanks for your help
Ok... officially, the CatOS 8.4(11)GLX for Cisco 4000's sucks. SNMPv3 traps just stopped working all of a sudden. Also, SNMPv3 read/write works for around 2 hours, and then stops working. Looks like I have to use SNMPv1 or 2c.