03-05-2024 06:38 AM
I am configuring SNMPv3 TRAP on SG550X but the traps are not sent to the notification recipient.
I cannot see any packets from the switch to the recipient.
SNMPv2 works fine. can someone support me?
this is the configuration:
switch-1#show running-config
config-file-header
switch-1
v2.5.8.15 / RCBS3.1_930_871_084
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
....
....
snmp-server server
snmp-server engineID local 8000000903045fb9415bd4
snmp-server location Milan_LAB
snmp-server view snmp-v3-ReadOnly-View iso included
snmp-server community public ro view Default
snmp-server host 10.x.x.x. version 3 priv snmpuser
snmp-server group ciscogroup v3 priv
snmp-server engineid remote 10.x.x.x 800001010afa059e
encrypted snmp-server user snmpuser ciscogroup v3 auth sha pRXIr4XSuFUV0z24lnrsQkGis2QLeKPPtZ30GgGhdA4= priv dcuv9ECA6QUT9ND76fZzKSMv6YUXeBGaRKLDHcsUT5I=
03-06-2024 01:01 AM
>>> encrypted snmp-server user snmpuser ciscogroup v3 auth sha pRXIr4XSuFUV0z24lnrsQkGis2QLeKPPtZ30GgGhdA4= priv dcuv9ECA6QUT9ND76fZzKSMv6YUXeBGaRKLDHcsUT5I= <<<
-> this command looks wrong? some terminator missing here?
also I miss the snmp-server enable traps command in your output?
you may have modified the address in
snmp-server host 10.x.x.x. version 3 priv snmpuser to hide the real address
but if you are keen on security then you also need to hide the hashes in
snmp-server user snmpuser ciscogroup v3 auth sha***** priv *****
last: did you add the snmp-server engineid remote 10.x.x.x 800001010afa059e
before adding the snm-user ?
SNMP Remote Engine ID (cisco.com)
To configure a remote user, specify the IP address or port number for the remote SNMP agent of the device where the user resides. Also, before you configure remote users for a particular agent, configure the SNMP engine ID, using the command snmp-server engineID with the remote option. The remote agent's SNMP engine ID is needed when computing the authentication/privacy digests from the password. If the remote engine ID is not configured first, the configuration command will fail.
03-06-2024 01:08 AM
Hi Valerio, I'm agree with Pieterh...
It appears that your SNMPv3 TRAP configuration on the Cisco SG550X switch is missing a critical component: the actual SNMPv3 TRAP configuration. In the provided configuration snippet, only SNMPv3 informs are configured using the "snmp-server host" command, which sends SNMPv3 inform notifications to the specified recipient. However, SNMPv3 informs are confirmed messages, which require acknowledgment from the recipient.
To configure SNMPv3 TRAP notifications, you need to use the "snmp-server enable traps" command. Here's a basic example of how to configure SNMPv3 TRAP notifications on the Cisco SG550X switch:
snmp-server enable traps
snmp-server host 10.x.x.x version 3 priv snmpuser
This configuration tells the switch to send SNMPv3 TRAP notifications to the SNMPv3 user snmpuser at the IP address 10.x.x.x.
Make sure to replace 10.x.x.x with the actual IP address of your SNMPv3 notification recipient, and ensure that the SNMPv3 user and group are correctly configured with the appropriate authentication and privacy settings.
Additionally, ensure that any firewalls or ACLs are not blocking SNMP traffic between the switch and the notification recipient.
Once you have added the snmp-server enable traps command to your configuration and verified the SNMPv3 user settings, the switch should start sending SNMPv3 TRAP notifications to the specified recipient.
03-06-2024 01:40 AM
Hello
thanks for the feedback,
I have posted the output of show running config, do you expect to see " snmp-server enable traps" in such a output?
The configuration was made by graphical interface and trap setting was enabled.
It is also used by SNMPv2 which is working, right?
03-06-2024 03:29 AM
you posted only snippets of the configuration
yes I expected to see de command in the output , but may be omitted in the snippets
if you use the graphical interface after you enabled as above you need to configure some more
you can see different lines for informs and traps
03-06-2024 03:43 AM
actually the command is missing in the printout... no clue about the reason.
notification recipient is well configured; all the objects are configured.
03-06-2024 01:45 AM
Use this command to show debugs:
debug snmp packet
03-06-2024 02:05 AM
it does not work on this switch model
debug snmp packet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide