| |
|
|
The Simple Network Management Protocol (SNMP) communicates management information between the network management stations and an SNMP agent on the Avici router.
Use the procedures described in this chapter to configure the SNMP agent on the Avici router to send reports (traps) to up to five network management stations when certain events or errors occur.
This chapter describes the procedures to:
- Enable SNMP on the Avici router
- Enable/disable trap reporting
- Enable display of SNMP packets and/or headers
- Display SNMP statistics, enabled traps, hosts, trap-source and counters
Related Information
Administrators should be familiar with SONET and IP operation and theory before configuring the Avici router to run SNMP. The following are recommended as further reading:
- RFC 1157 - A Simple Network Management Protocol (SNMP), J. Case and M. Fedor, May 1990
- SNMP, SNMPv2, SNMPv3, and RMON 1 and 2, William Stallings, 1999, Addison-Wesley. ISBN 0-201-48534-6
RFC Information
This implementation of SNMP Version 3 complies with the following RFCs:
- RFC 2573 SNMP Applications
- RFC 2574, User-Based Security Model (USM) for SNMP
- RFC 2575, View-Based Access Control Model (VACM) for SNMP
- RFC 2576, Coexistence between Version 1, Version 2, and Version 3 of Internet-standard Network Management Framework.
- RFC 2558, Definitions of Managed Objects for the SONET/SDH Interface Type
Configuring SNMP
There are two distinct sets of tasks to configure SMNP on the Avici router:
- Globally configure SNMP hosts, SNMP administrative information, and enable SNMP
- On each SONET interface, configure the SNMP traps to be sent to the SNMP host.
Configuring Global SNMP
Use the procedures described in this section to configure the global attributes of SNMP on the Avici router.
PROCEDURE: Use the following steps to configure SNMP hosts, administrative information, and enable SNMP on the Avici router:
Step 1 Use the snmp-server host command to:
- Register one or more remote hosts to receive traps from the Avici router.
- Use the ipaddress | hostname argument to specify the host by ip address or hostname.
- Use the snmpv1 | snmpv2 | snmpv3 argument to define the SNMP version of trap to send whenever the agent sends a trap to the given host. The default option is to send Version 1.
- If selecting snmpv1 or snmpv2, use the community-name argument to define a trap community string used whenever the agent sends a trap to the given host. If you do not configure a community string the default string, (SNMP_trap) is used.
- If selecting snmpv3 version, use the user-name argument to define an SNMP user whenever the agent sends a trap to the given host. There is no default SNMP user. To create a user, use the snmp-server user command.
- Use the trap-category argument to select up to fifteen (15) categories of traps allowed on this SNMP host. To allow all categories of traps, do not specify any category.
- Valid values for trap-category are:
Step 2 Repeat Step 1 for up to 5 SNMP hosts.
Step 3 Use the snmp-server community command to:
- Enable SNMP
- Set the community string.
- Set the read and write access privileges for the SNMP community.
- Associate a standard access-list with this community.
- Set restrictions to a named MIB view for the community.
Step 4 Use the snmp-server location command to identify the location of the Avici router (sets the text for MIB object syslocation 1.3.6.1.2.1.1.6). The field may be up to 255 alphanumeric characters.
Step 5 Use the snmp-server contact command to identify the contact person and the directions for contacting that person (sets the text for MIB object syslcontact 1.3.6.1.2.1.1.4). The field may be up to 255 alphanumeric characters.
Step 6 Use the snmp-server trap-source command to configure an interface as the source address for SNMP traps. If no trap source is explicitly configured, the trap source address defaults to the BGP router id. If the BGP router id is not configured, the source address is the IP address of ethernet 0.
Step 7 Use the snmp-server enable traps command to enable or disable reporting of specific traps to a trap host.
NOTE If a host is not explicitly configured to get specific trap categories using the snmp-server host command, that host will receive the traps specified by the snmp-server enable traps command.
- By default, all traps except the following are enabled:
Step 8 Use the show snmp command to display the SNMP configuration.
- In the following example:
- The snmp-server host command defines a server host, configures the SNMP agent to use the SNMPv1 trap format, and to send bay controller, environment and module traps.
- The snmp-server community command enables SNMP on the Avici router, defines the community string as AVIsys1, and sets access to for the SNMP community to read-only. A standard access-list list1 is associated with this host.
- The snmp-server location command defines the sysLocation MIB object (sets the text for MIB object syslocation 1.3.6.1.2.1.1.6). The field may be up to 255 alphanumeric characters. This text will appear in the Location: field in the output of the show snmp command.
- The snmp-server contact command defines the MIB object sysContact (sets the text for MIB object syslocation 1.3.6.1.2.1.1.4). The field may be up to 255 alphanumeric Pcharacters. This text will appear in the Contact: field in the output of the show snmp command.
- The snmp-server trap-source loopback 0 command configures interface loopback 0 as the source address for SNMP traps.
- The snmp-server enable-traps command enables 1 trap.
- The no snmp-server enable-traps command disables 1 trap.
- The show snmp command displays SNMP configuration:
router#show snmp
Name:router
Contact:snmp@avici.comshow sn
Location:Sunnyvale Lab Bldg. 14 Row 7
EngineId : 0011223344556677P8899
Engine Boots : 0
Name: router
Contact: Avici Systems, Inc.
101 Billerica AveNorth Billerica, MA 01862
Phone: 1-TSR-BY-AVICI (1-877-292-8424)
Email: support@avici.com
Web: www.avici.comLocation: Massachusetts
28 SNMP Packets Input
0 SNMP Errors
0 Bad SNMP Version Errors
0 Bad Community Name Errors
0 Bad Community Uses Errors
0 ASN Parse Errors
0 Too Big Errors
0 No Such Name Errors
0 Bad Values Errors
0 Read Only Errors
0 General Errors
0 Unknown Security Models
0 Unavailable Contexts
0 Total Request Variables
0 Get Requests
0 Get-Next Requests
0 Set Requests
0 Total Set Variables
42 SNMP Packets Output
0 Too Big Errors
0 No Such Name Errors
0 Bad Values Errors
0 General Errors Unavailable Contexts
0 Get Response
42 Traps Sent
0 SNMP Errors
0 Invalid Message Report PDUs
0 Unknown PDU Handler Report PDUs
0 Unknown Context Report PDUs
0 Unsupported Security Level Report PDUs
0 Not in time Window Report PDUs
0 Unknown Username Report PDUs
0 Unknown Engine ID Report PDUs
0 Wrong Digest Report PDUs
0 Decryption Error Report PDUs
Trap Configuration
SNMP Authentication Enabled
Fan Enabled
Temperature Enabled
Voltage Enabled
Link Up/Down Enabled
Sonet Enabled
BGP Enabled
OSPF Enabled
Bay Controller Enabled
Module Enabled
Rmon Enabled
PIM Enabled
SNMP LDP Enabled
TE Enabled
QoS Enabled
Host : 192.32.228.11 Type : trap User : SNMP_trap Security Model: V2 Security Level: noauth Trap Category : bgp environment link-up-down ospf rmon snmp sonet bay-controller module pim msdp ldp te comp-link qos gbe
Host : 10.5.1.110 Type : trap User : SNMP_trap Security Model: V1 Security Level: noauth Trap Category : bgp environment link-up-down ospf rmon snmp sonet bay-controller module pim msdp ldp te comp-link qos gbe
SNMP View
View Name : internetview Subtree OID : internet View Type : included View Name : v1default Subtree OID : iso View Type : included
SNMP Group
Group Name : Boston22 Security Model : V3 Security Level : noauth Read View : v1default Write View : <none> Notify View : notifyname Access List : level2users
SNMP User
User Name : engineerbill Auth Protocol : md5 Priv Protocol : des56 Access List : <none>
Configuring SNMP on Interfaces
Use the procedures described in this section to:
- Configure individual POS interfaces to enable or disable SNMP traps.
- Configure event thresholds to trigger SNMP traps.
SNMP Default Settings
IPriori includes a variety of default settings for SNMP. You can accept many of these defaults and therefore skip some steps of configuring SNMP on a POS interface. The defaults are as follows:
Modifying SNMP Settings
Use the procedures described in this section to modify the SNMP default settings.
Modifying Link-Status
By default, SNMP sends a trap every time an interface changes state from link-up to link-down or vice versa.
Use the no snmp trap link-status command to disable the interface from sending the link-up/link-down traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#no snmp trap link-status
router(config-if)#end
Modifying SONET Link Up/Link Down Traps
By default, SNMP sends a trap every time a SONET interface experiences a defect and a second trap when the defect clears. Defects include:
- LOS
- LOF
- AIS
- RFI
- SONET path "admin down"
Use the no snmp trap sonet link-status command to disable SNMP sending SONET link up/link down SNMP traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/15/1
router(config-if)#no snmp trap sonet link-status
router(config-if)#end
router#
Modifying SONET Line Traps
IPriori supports the following SONET line traps:
By default, the failure traps and failure clear traps are enabled and all other SONET line traps are disabled.
Use the snmp trap sonet line command to enable additional traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#snmp trap sonet line ses-rising
router(config-if)#end
Enabling SONET Line-Far-End Traps
IPriori supports the following SONET Line-Far-End traps:
By default, these traps are not enabled.
Use the snmp trap sonet line-far-end command to enable one or more of these traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#snmp trap sonet line-far-end es-rising
router(config-if)#snmp trap sonet line-far-end ses-rising
router(config-if)#snmp trap sonet line-far-end uas-rising
router(config-if)#end
router#
Modifying SONET Path Traps
IPriori supports the following SONET path traps:
By default, the failure traps and failure clear traps are enabled, and all other SONET path traps are disabled.
Use the snmp trap sonet path command to enable additional trap(s):
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#snmp trap sonet path ses-rising
router(config-if)#end
router#
Enabling SONET Path-Far-End Traps
IPriori supports the following SONET Path-Far-End traps:
By default, these traps are not enabled.
Use the snmp trap sonet path-far-end command to enable one or more of these traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#snmp trap sonet path-far-end es-rising
router(config-if)#snmp trap sonet path-far-end ses-rising
router(config-if)#snmp trap sonet path-far-end uas-rising
router(config-if)#end
router#
Modifying SNMP Section Traps
IPriori supports the following SONET section traps:
By default, only the failure traps and failure clear traps are enabled and all other SONET section traps are disabled.
Use the snmp trap sonet section command to enable additional SONET section traps:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#snmp trap sonet section sefs-rising
router(config-if)#end
router#
Modifying Event Thresholds
SONET thresholds control how many times an event occurs on a SONET connection within a 15 minute interval before an SNMP trap is generated.
By default, all thresholds are set at 1.
NOTE These commands define the thresholds for various events that occur on a SONET section. You must use the associated snmp trap sonet command to send traps when these thresholds are exceeded.
Use the procedures described in this section to change the thresholds for individual POS interfaces.
Modifying SONET Line Thresholds
SONET line thresholds are threshold values for events occurring in the line layer of a SONET connection.
SONET line thresholds are configured using the sonet threshold line command.
SONET line-far-end thresholds are threshold values for events occurring in the line layer at the remote end of a SONET connection.
SONET line-far-end thresholds are configured using the sonet threshold line-far-end command.
In the following example, the sonet threshold line ses command configures POS interface 1/1/1 to send an SNMP trap when the number of SES encountered by a SONET/SDH line in a particular 15 minute interval rises above a threshold of 5:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#sonet threshold line ses 5
router(config-if)#end
router#
In the following example, the sonet threshold line-far-end es command configures POS interface 1/1/1 to send an SNMP trap when the number of ES encountered by a SONET/SDH line in a particular 15 minute interval rises above a threshold of 10:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#sonet threshold line-far-end es 10
router(config-if)#end
router#
Modifying SONET Path Thresholds
SONET path thresholds are threshold values for events occurring in the path layer at the local end of a SONET connection.
SONET path thresholds are configured using the sonet threshold path command.
SONET path-far-end thresholds are threshold values for events occurring in the path layer at the remote end of a SONET connection.
SONET path-far-end thresholds are configured using the sonet threshold path-far-end command.
In the following example, the sonet threshold path ses command configures POS interface 1/1/1 to send an SNMP trap when the number of ES encountered by the local end of the SONET/SDH path layer in a particular 15 minute interval rises above a threshold of 3:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#sonet threshold path ses 3
router(config-if)#end
router#
In the following example, the sonet threshold path-far-end ses command configures POS interface 1/1/1 to send an SNMP trap when the number of severely error seconds (SES) encountered by the remote end of a SONET/SDH path in a particular 15 minute interval rises above a threshold of 4:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#sonet threshold path-far-end ses 4
router(config-if)#end
router#
Modifying SONET Section Thresholds
SONET section thresholds are threshold values for events occurring in the local end of the section layer of a SONET connection.
SONET section thresholds are configured using the sonet threshold section command.
In the following example, the sonet threshold section command configures POS interface 1/1/1 to send an SNMP trap when the number of SEFS encountered by a SONET/SDH section in a particular 15 minute interval rises above a threshold of 5:
router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface pos 1/1/1
router(config-if)#sonet threshold section sefs 5
router(config-if)#end
Enabling SNMP Debugging
You can use the SNMP debugging commands to display SNMP packets and traps, or the type of variable bindings in SNMP packets.
SNMP debugging is supported for one session per Avici router. The session can be either a console session or a telnet session. If one SNMP debug session is already underway, using this command results in the following error message:
Error: SNMP Debug has already started
Debugging SNMP Headers
Use the debug snmp headers command to configure SNMP to display more information about SNMP headers. Use the debug snmp headers log to direct the debug output to the log file.
In the following example, the debug snmp headers command enables SNMP debugging:
router#debug snmp headers
SNMP packet header debugging is on
Sample output from a get next request with debug snmp headers enabled, appears as follows:
SNMP: Packet received via UDP from 10.1.2.183
SNMP: Get next, reqid 3, errstat 0, erridx 0
SNMP: Response, reqid 3, errstat 0, erridx
SNMP: Packet received via UDP from 10.1.2.183
SNMP: Get bulk request, reqid 4, errstat 0, erridx 1
SNMP: Response, reqid 4, errstat 0, erridx 0
Debugging SNMP Packets
Use the debug snmp dump-packets command to display the type of variable bindings in SNMP packets.
In the following example, the debug snmp dump-packets command enables SNMP packet debugging:
router#debug snmp dump-packets
SNMP packet header debugging is on
Sample output from a get next request with debug snmp dump-packets enabled, appears as follows:
DEBUG:SNMP:dump-packets: Dumping received packets
30 2a 02 01 00 04 09 53 4e 4d 50 5f 74 72 61 70 * 0 *.....SNMP_trap*
a1 1a 02 02 00 c3 02 01 00 02 01 00 30 0e 30 0c *.......0.0.*
06 08 2b 06 01 02 01 04 02 00 05 00 *..+....0.*
| |
|
|
Copyright © 2005
Avici Systems Inc.
Avici® and TSR®
is a registered trademark of Avici Systems Inc.
IPriori™, Composite Links™, SSR™, QSR, and NSR® are
trademarks of Avici Systems Inc.
Source
File Name: SNMP.fm
HTML File Name: SNMP.html
Last Updated: 02/25/05 at 15:19:26