Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
837
Views
1
Helpful
3
Replies

SNMP trap

Lusya Pirozh
Level 1
Level 1

‎08-30-2023 10:53 PM

Hi everybody.

Please help me deal with the SNMP trap.

On the cisco 3650, I configured the SNMP trap.

 

My_Switch#show running-config | and snmp

snmp-server trap-source Vlan1

snmp-server enable traps vlancreate

snmp-server host 150.150.3 version 2c my_test_community

My_Switch#

 

 

Now I need to catch them in zabbix.

Question, how do I find out which OID my cisco will send if I create a new vlan? Perhaps this is described somewhere in the documentation?

 

I agree, you can replay the event and see the OID in wireshark. Some of the ladders can be test-run with the test snmp trap command.

But what if I have a trap configured that is not in the test snmp trap command, or I can't reproduce the event because in a real network it will be an accident?

What should I do in this case?

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎08-31-2023 12:07 AM

This is SNMP Trap - so on your Zabbix you should have snmp Trap receiver in port 162 as listener - so all the traps will be send to NMS Server (in your case Zabbix)

But what if I have a trap configured that is not in the test snmp trap command, or I can't reproduce the event because in a real network it will be an accident?

if not configure no trap will be sent - and that will not able to recall or replay.

Always setup an syslog to send all the logs to syslog - so you have all information, also if any one changing the config, use TACACS for Accounting to see what commands issued by the user.

is that my understanding of your question correctly (excuse me if  i missed any of your points here)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Lusya Pirozh
Level 1
Level 1

‎08-31-2023 02:31 AM

Perhaps I expressed myself incorrectly ...
The question is as follows - cisco sends an SNMP trap, which will later receive Zabbix and, based on the received trap, Zabbix can generate an event.
I want to set up my own event for each SNMP trap. In order to do this, I need to somehow distinguish one SNMP trap from another.
This can be done by OID (which is transmitted to the SNMP trap), but I do not know which OID is transmitted with a specific trap.
Let's say the BGP neighborhood fell, cisco sent an SNMP trap. And what's inside this SNMP trap? Which OID exactly? Where can I read this?

0 Helpful

Dan Frey
Cisco Employee
Cisco Employee

‎09-07-2023 06:08 PM

This is documented in the mib files that can be downloaded from github: https://github.com/cisco/cisco-mibs/tree/main/v2.   Trap file gives the oid(s) for the trap

[root@Raggedtooth mibs]# more CISCO-BGP4-MIB.traps  
### THIS FILE WAS GENERATED BY MIB2SCHEMA

enterprise 1.3.6.1.4.1.9.9.187
	1 cbgpFsmStateChange
	2 cbgpBackwardTransition
	3 cbgpPrefixThresholdExceeded
	4 cbgpPrefixThresholdClear
	5 cbgpPeer2EstablishedNotification
	6 cbgpPeer2BackwardTransNotification
	7 cbgpPeer2FsmStateChange
	8 cbgpPeer2BackwardTransition
	9 cbgpPeer2PrefixThresholdExceeded
	10 cbgpPeer2PrefixThresholdClear

Example: take cbgpPeer2FsmStateChange and look for it in the corresponding CISCO-BGP4.my file.  

cbgpPeer2FsmStateChange NOTIFICATION-TYPE
    OBJECTS         {
                        cbgpPeer2LastError,
                        cbgpPeer2State,
                        cbgpPeer2LastErrorTxt,
                        cbgpPeer2PrevState
                    }

This trap has 4 varbinds that are also documened in the same file.    

cbgpPeer2LastError OBJECT-TYPE
    SYNTAX          OCTET STRING (SIZE  (2))
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The last error code and subcode seen by this
        peer on this connection.  If no error has
        occurred, this field is zero.  Otherwise, the
        first byte of this two byte OCTET STRING
        contains the error code, and the second byte
        contains the subcode."
    REFERENCE       "RFC 4271, Section 4.5." 
    ::= { cbgpPeer2Entry 17 }

cbgpPeer2State OBJECT-TYPE
    SYNTAX          INTEGER  {
                        idle(1),
                        connect(2),
                        active(3),
                        opensent(4),
                        openconfirm(5),
                        established(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The BGP peer connection state."
    REFERENCE       "RFC 4271, Section 8.2.2." 
    ::= { cbgpPeer2Entry 3 }
cbgpPeer2LastErrorTxt OBJECT-TYPE
    SYNTAX          SnmpAdminString
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "Implementation specific error description for
        bgpPeerLastErrorReceived." 
    ::= { cbgpPeer2Entry 28 }

cbgpPeer2PrevState OBJECT-TYPE
    SYNTAX          INTEGER  {
                        none(0),
                        idle(1),
                        connect(2),
                        active(3),
                        opensent(4),
                        openconfirm(5),
                        established(6)
                    }
    MAX-ACCESS      read-only
    STATUS          current
    DESCRIPTION
        "The BGP peer connection previous state."
    REFERENCE
        "RFC 1771, Section 8, A Border Gateway Protocol 4
         (BGP-4)." 
    ::= { cbgpPeer2Entry 29 }
Customers Also Viewed These Support Documents