O'Reilly logo

JUNOS Cookbook by Aviva Garrett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.15. Setting Up SNMPv3 Traps

Problem

You want SNMPv3 to generate traps about chassis and configuration events and send the traps to the NMS system.

Solution

For the chassis events, first configure the trap notification:

	[edit snmp v3]
	aviva@router1# set notify chassis-notification-list type trap
	aviva@router1# set notify chassis-notification-list tag chassis-trap-receivers

Next, define the traps to send:

	[edit snmp v3]
	aviva@router1# set notify-filter chassis- 
traps oid jnxChassisTraps include
	aviva@router1# set notify-filter chassis-traps oid jnxChassisOKTraps include

Identify the NMS systems (the targets) to receive the traps:

	[edit snmp v3]
	aviva@router1# edit target-address nms1
	[edit snmp v3 target-address nms1]
	aviva@router1# set address 10.0.10.1
	aviva@router1# set tag-list chassis-trap-receivers
	aviva@router1# set target-parameters nms1-parameters

Finally, configure which traps the NMS systems receive and the security used when sending the traps:

	[edit snmp v3]
	aviva@router1# edit target-parameters nms1-parameters
	[edit snmp v3 target-parameters nms1-parameters]
	aviva@router1# set parameters message-processing-model v3
	aviva@router1# set parameters security-model usm
	aviva@router1# set parameters security-level privacy
	aviva@router1# set parameters security-name nms1
	aviva@router1# set notify-filter chassis-traps

To set up traps that correspond to the JUNOS configuration management MIB extension we showed in Recipe 4.14, configure them in a similar way. First, set up the trap notification:

	[edit snmp v3]
	aviva@router1# set notify config-notification-list type trap
	aviva@router1# set notify config-notification-list tag config-trap-receivers

Next, define the trap to send:

	[edit snmp v3]
	aviva@router1# set notify-filter config-traps oid jnxCmNotifications include

Specify the NMS systems to receives the traps:

	[edit snmp v3]
	aviva@router1# set target-address nms2 address 192.168.15.27
	aviva@router1# set target-address nms2 tag-list config-trap-receivers
	aviva@router1# set target-address nms2 target-parameters nms2-parameters

Finally, configure which traps the NMS systems receive and the security used when sending the traps:

	[edit snmp v3]
	aviva@router1# set target-parameters nms2-parameters notify-filter config-traps
	aviva@router1# set target-parameters nms2-parameters parameters  
message-processing-
	model v3
	aviva@router1# set target-parameters nms2-parameters parameters security-model usm
	aviva@router1# set target-parameters nms2-parameters parameters security-level
	privacy
	aviva@router1# set target-parameters nms2-parameters parameters security-name nms2

Discussion

The configuration of SNMPv3 traps is much more involved than for SNMPv2, so let's look at each step of the process. The first part of this recipe sets up traps for the objects related to the hardware chassis components.

First, configure a notification. SNMPv3 defines two types of notifications: informational and trap. You want to set type trap. You'll also want to name the notification with the tag statement (here, chassis-trap-receivers) so that later in the configuration, you can associate the trap type with the NMS system that will be receiving the traps.

Second, create a filter that identifies which traps are sent to the NMS. Here, the filter named chassis-traps sends all traps from the Juniper chassis MIB.

Next, define the NMS systems to receive the trap notifications in the target-address statement hierarchy. Each target has a name, here nms1, which is the username of the NMS (also referred to as the security name). Then set the NMS system's address and associate a tag list and security parameters with it. Here, we associate the chassis-trap-receivers tag and the nms1-parameters security parameters, which we define next.

Finally, associate a trap notification filter with the target NMS system (here, the chassis-traps filter) and define the security to use in all trap message exchanges. SNMPv3 security has three components: the message-processing model, the security model, and the security level. The processing model is SNMPv1, SNMPv2, or SNMPv3, which corresponds to the v1, v2, and v3 options of the message-processing-model statement. The security model is SNMPv1, SNMPv2, or USM, corresponding to the v1, v2c, and usm options of the security-model statement. Finally, the security level can be noAuthnoPriv, authNoPriv, or authPriv, which match the none, authentication, and privacy options of the security-level statement. Bundled in with defining the security parameters is the username (security name) of the receiving NMS system. Here, the security-name nms1 statement associates the security parameters with the system we defined in the target-address nms1 statement hierarchy.

Check the configuration using the show snmp v3 command. The following output shows only the portion related to the trap notifications:

	aviva@router1> show snmp v3
	SNMP Target:
	Address        Address         Port         Parameters     Storage      Status
	name                                        name           type
	nms1           10.0.10.1       162          nms1-parame    nonvolatile  active
	Parameters     Security        Security          Notify    Storage      Status
	name           name            model/level       filter    type
	nms1-parameter nms1             usm/privacy      chassis   nonvolatile  active
	SNMP Notify:
	Notify               Tag                Type                Storage      Status
	name                                                        type
	trap-notification-li NMS-trap-receiver  trap                nonvolatile  active
	Filter               Subtree            Filter              Storage      Status
	name                                    type                type
	chassis- 
traps        1.3.6.1.4.1.2636.  include             nonvolatile  active

The Target and Parameters portions of the output list the NMS systems configured to receive traps and lists the security parameters. The Notify and Filter portions give information about the traps that will be sent.

Here's the traps portion of the SNMPv3 configuration file; you can see how all the pieces fit together:

	[edit snmp v3]
	target-address nms1 {
	    address 10.0.10.1;
	    tag-list NMS-trap-receivers;
	    target-parameters nms1-parameters;
	}
	target-address nms2 {
	    address 10.0.0.1;
	    tag-list config-trap-receivers;
	    target-parameters nms2-parameters;
	}
	target-parameters nms1-parameters {
	    parameters {
	         message-processing-model v3;
	         security-model usm;
	         security-level privacy;
	         security-name nms1;
	    }
	    notify-filter chassis-traps;
	}
	target-parameters nms2-parameters {
	    parameters {
	         message-processing-model v3;
	         security-model usm;
	         security-level privacy;
	         security-name nms2;
	    }
	    notify-filter config-traps;
	}
	notify chassis-notification-list {
	     type trap;
	     tag chassis-trap-receivers;
	}
	notify config-notification-list {
	     type trap;
	     tag config-trap-receivers;
	}
	notify-filter chassis-traps {
	     oid jnxChassisTraps include;
	     oid jnxChassisOKTraps include;
	}
	notify-filter config-traps {
	     oid jnxCmNotifications include;
	}

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required