Re: snmp traps

MZydorczyk2 · ‎07-03-2008

We have one of our switches setup like this but we are not getting any traps from it. Is there something wrong?

set snmp enable

set snmp trap enable macnotification

set snmp trap 10.1.1.100 all port 162 owner CLI index 1

set port security 1/1-2 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 3/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 4/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set port security 5/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood enable

violation shutdown

set cam notification added disable 1/1-2

set cam notification removed disable 1/1-2

set cam notification added enable 3/1-48

set cam notification removed enable 3/1-48

set cam notification added enable 4/1-48

set cam notification removed enable 4/1-48

set cam notification added enable 5/1-48

set cam notification removed enable 5/1-48

set cam agingtime 1 14400

set cam notification enable

set cam notification interval 5

set cam notification historysize 10

We are trying to get macnotifications but we get nothing.

Our community string is blank in the config...

set snmp community read-only

set snmp community read-write

Could this be the problem?

Joe Clarke · ‎07-03-2008

Yes, you need at least one valid SNMP read-only community or SNMPv3 username. Other than that, your MAC notification config looks okay.

MZydorczyk2 · ‎07-03-2008

These traps go to a server so do you need the community string on the switch AND the server?

Joe Clarke · ‎07-03-2008

It depends on the trap server as to whether or not it cares about the community string in the trap. For example, Net-SNMP's snmptrapd now requires you to specify which community strings to allow. It will throw away traps with unknown community strings. You'll need to check your trap receiver's documentation to see what is required.

MZydorczyk2 · ‎07-03-2008

ok yeah we use net-snmp so I'll see about that.

MZydorczyk2 · ‎07-09-2008

Doesn't look like putting in a community string worked either. I don't think our version of net-snmp requires the community string in the server config because we do have a couple switches that ARE sending traps. I have looked and the config are the same but they still won't send any.

Joe Clarke · ‎07-09-2008

What are you doing on this switch to force a trap? One thing you could do since this is CatOS is to use the "test snmp" command to generate a test trap. Try:

test snmp trap cmnMacChangedNotification

You might want to put a sniffer on the SNMP manager to see if the traps are in fact getting to it. You can then work backwards to see if the trap is being dropped at any hop along the way.

MZydorczyk2 · ‎07-09-2008

I get a message that says "Trap number must be integer." Does this require some number?

Joe Clarke · ‎07-09-2008

What version of CatOS?

MZydorczyk2 · ‎07-09-2008

8.4(9)GLX

Joe Clarke · ‎07-09-2008

You'll need to specify generic and specific trap IDs. Try a simple linkUp trap:

test snmp trap 3

MZydorczyk2 · ‎07-09-2008

What do you mean trap id's? The 3 is the same thing as you last command?

Joe Clarke · ‎07-09-2008

Run the command:

test snmp trap 3

That should cause the switch to send a linkUp trap to all configured trap destinations.