Nexus 5548 SNMP Traps - err-disable

Zachary McGibbon · ‎11-05-2012

I'm trying to get our 5548s to send SNMP traps when a port goes into err-disable. To test, I'm looping ports on my FEX 101/1/1 to 101/1/2 and the port goes down due to BPDUs:

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-SPEED: Interface Ethernet101/1/2, operational speed changed to 1 Gbps

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_DUPLEX: Interface Ethernet101/1/2, operational duplex mode changed to Full

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet101/1/2, operational Receive Flow Control state changed to off

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet101/1/2, operational Transmit Flow Control state changed to on

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-SPEED: Interface Ethernet101/1/1, operational speed changed to 1 Gbps

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_DUPLEX: Interface Ethernet101/1/1, operational duplex mode changed to Full

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet101/1/1, operational Receive Flow Control state changed to off

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet101/1/1, operational Transmit Flow Control state changed to on

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_UP: Interface Ethernet101/1/2 is up in mode access

2012 Nov 5 15:13:10 spare5548p-nx1 %ETHPORT-5-IF_UP: Interface Ethernet101/1/1 is up in mode access

2012 Nov 5 15:13:10 spare5548p-nx1 %LLDP-FEX101-5-SERVER_ADDED: Server with Chassis ID 503d.e5c7.0b43 Port ID Eth101/1/2 management address 10.10.0.1 discovered on local port Eth101/1/1 in vlan 1 with enabled capability Bridge

2012 Nov 5 15:13:10 spare5548p-nx1 %LLDP-FEX101-5-SERVER_ADDED: Server with Chassis ID 503d.e5c7.0b42 Port ID Eth101/1/1 management address 10.10.0.1 discovered onlocal port Eth101/1/2 in vlan 1 with enabled capability Bridge

2012 Nov 5 15:13:11 spare5548p-nx1 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet101/1/2 is down (None)

2012 Nov 5 15:13:11 spare5548p-nx1 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet101/1/1 is down (None)

2012 Nov 5 15:13:11 spare5548p-nx1 %LLDP-FEX101-5-SERVER_REMOVED: Server with Chassis ID 503d.e5c7.0b42 Port ID Eth101/1/1 on local port Eth101/1/2 has been removed

2012 Nov 5 15:13:11 spare5548p-nx1 %LLDP-FEX101-5-SERVER_REMOVED: Server with Chassis ID 503d.e5c7.0b43 Port ID Eth101/1/2 on local port Eth101/1/1 has been removed

2012 Nov 5 15:13:11 spare5548p-nx1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet101/1/2 is down (Error disabled. Reason:BPDUGuard)

2012 Nov 5 15:13:11 spare5548p-nx1 %ETHPORT-2-IF_DOWN_ERROR_DISABLED: Interface Ethernet101/1/1 is down (Error disabled. Reason:BPDUGuard)

This works fine however it's not sending a trap to my trap server, my snmp config:

snmp-server host 192.168.0.100 traps version 2c public

snmp-server host 192.168.0.100 use-vrf default

snmp-server enable traps snmp authentication

snmp-server enable traps link cisco-xcvr-mon-status-chg

snmp-server enable traps stpx inconsistency

snmp-server enable traps stpx root-inconsistency

snmp-server enable traps stpx loop-inconsistency

spare5548p-nx1# sh snmp trap

--------------------------------------------------------------------------------

Trap type Description Enabled

--------------------------------------------------------------------------------

entity : entity_mib_change Yes

entity : entity_module_status_change Yes

entity : entity_power_status_change Yes

entity : entity_module_inserted Yes

entity : entity_module_removed Yes

entity : entity_unrecognised_module Yes

entity : entity_fan_status_change Yes

entity : entity_power_out_change Yes

link : linkDown Yes

link : linkUp Yes

link : extended-linkDown Yes

link : extended-linkUp Yes

link : cieLinkDown Yes

link : cieLinkUp Yes

link : connUnitPortStatusChange Yes

link : fcTrunkIfUpNotify Yes

link : fcTrunkIfDownNotify Yes

link : delayed-link-state-change Yes

link : fcot-inserted Yes

link : fcot-removed Yes

callhome : event-notify No

callhome : smtp-send-fail No

cfs : state-change-notif No

cfs : merge-failure No

fcdomain : dmNewPrincipalSwitchNotify No

fcdomain : dmDomainIdNotAssignedNotify No

fcdomain : dmFabricChangeNotify No

rf : redundancy_framework Yes

aaa : server-state-change No

license : notify-license-expiry Yes

license : notify-no-license-for-feature Yes

license : notify-licensefile-missing Yes

license : notify-license-expiry-warning Yes

vsan : vsanStatusChange No

vsan : vsanPortMembershipChange No

upgrade : UpgradeOpNotifyOnCompletion No

upgrade : UpgradeJobStatusNotify No

feature-control : FeatureOpStatusChange No

sysmgr : cseFailSwCoreNotifyExtended No

rmon : risingAlarm Yes

rmon : fallingAlarm Yes

rmon : hcRisingAlarm Yes

rmon : hcFallingAlarm Yes

config : ccmCLIRunningConfigChanged No

snmp : authentication Yes

link : cisco-xcvr-mon-status-chg Yes

vtp : notifs No

vtp : vlancreate No

vtp : vlandelete No

poe : portonoff No

poe : pwrusageon No

poe : pwrusageoff No

poe : police No

bridge : newroot No

bridge : topologychange No

stpx : inconsistency Yes

stpx : root-inconsistency Yes

stpx : loop-inconsistency Yes

I know that on IOS model switches it sends the ERR-Disable as part of the 'syslog' mib, however it doesn't seem that the Nexus has this option. This is what I'm using with SNMPTT to catch err-diables:

# --------------------------------------------------------------------------------

# Error disable

EVENT clogMessageGenerated .1.3.6.1.4.1.9.9.41.2.0.1 "Status Events" CRITICAL

FORMAT $*

MATCH $3: (ERR_DISABLE)

EXEC /usr/lib64/icinga/eventhandlers/submit_check_result $R "SNMP Trap" 2 "$*"

EXEC /usr/bin/printf "$*" | /bin/mail -r "SNMP Traps <root@localhost>" -s "SNMP ERR DISABLE TRAP - $r" root@localhost

NODES /etc/snmp/snmptt.nodes.cisco /etc/icinga/snmptt/snmptt.nodes.switches-datacentre

# --------------------------------------------------------------------------------

# BPDU Guard

EVENT clogMessageGenerated .1.3.6.1.4.1.9.9.41.2.0.1 "Status Events" CRITICAL

FORMAT $*

MATCH $3: (BLOCK_BPDUGUARD)

EXEC /usr/lib64/icinga/eventhandlers/submit_check_result $R "SNMP Trap" 2 "$*"

EXEC /usr/bin/printf "$*" | /bin/mail -r "SNMP Traps <root@localhost>" -s "SNMP BPDU TRAP - $r" root@localhost

NODES /etc/snmp/snmptt.nodes.cisco /etc/icinga/snmptt/snmptt.nodes.switches-datacentre

Does anyone know how to get these err-disables and bpdu guard from nexus via traps?

Version of my NXOS:

Software

BIOS: version 3.5.0

loader: version N/A

kickstart: version 5.1(3)N1(1)

system: version 5.1(3)N1(1)

power-seq: Module 1: version v3.0

Module 2: version v1.0

Module 3: version v2.0

uC: version v1.1.0.1

BIOS compile time: 02/03/2011

kickstart image file is: bootflash:///n5000-uk9-kickstart.5.1.3.N1.1.bin

kickstart compile time: 12/6/2011 22:00:00 [12/07/2011 01:30:01]

system image file is: bootflash:///n5000-uk9.5.1.3.N1.1.bin

system compile time: 12/6/2011 22:00:00 [12/07/2011 03:09:44]

Thanks

Mathiyarasan · ‎11-17-2017

Hello All,

We are using the Cisco Nexus 5548UP switch and all the SNMP traps are enabled on the switch end. however we have not received the notification on the monitoring tool when the fibre channel port went to errDisabled mode.

-------------------------------------------------------------------------------
Interface Vsan   Admin Admin   Status          SFP    Oper Oper   Port
                  Mode   Trunk                          Mode Speed Channel
                         Mode                                 (Gbps)
-------------------------------------------------------------------------------
fc1/29     xxxx   F      on      trunking         swl    TF      8    xxx
fc1/30     xxxx   F      on      errDisabled      swl    --           xxx

Also please confirm do we need to configure the MIB file (CISCO-ERR-DISABLE-MIB.my) on the NMS. also what will be the command for snmp-server enable traps in the Nexus switch end.

My current NX-OS version : 5.2(1)N1(9b)

Thanks,

Mathi

katerina.dardoufa · ‎08-26-2020

I know this post is old, but did anyone manage to enable error-disabled traps on NXOS? Is this supported on NXOS?

Thanks,

Katerina