Setting Up SNMPv3 Traps

Problem

You want SNMPv3 to generate traps about chassis and configuration events and send the traps to the NMS system.

Solution

For the chassis events, first configure the trap notification:

	[edit snmp v3]
	aviva@router1# set notify chassis-notification-list type trap
	aviva@router1# set notify chassis-notification-list tag chassis-trap-receivers

Next, define the traps to send:

	[edit snmp v3]
	aviva@router1# set notify-filter chassis- 
traps oid jnxChassisTraps include
	aviva@router1# set notify-filter chassis-traps oid jnxChassisOKTraps include

Identify the NMS systems (the targets) to receive the traps:

	[edit snmp v3]
	aviva@router1# edit target-address nms1 
	[edit snmp v3 target-address nms1 ]
	aviva@router1# set address 10.0.10.1 
	aviva@router1# set tag-list chassis-trap-receivers 
	aviva@router1# set target-parameters nms1-parameters 

Finally, configure which traps the NMS systems receive and the security used when sending the traps:

	[edit snmp v3]
	aviva@router1# edit target-parameters nms1-parameters 
	[edit snmp v3 target-parameters nms1-parameters ]
	aviva@router1# set parameters message-processing-model v3 
	aviva@router1# set parameters security-model usm 
	aviva@router1# set parameters security-level privacy 
	aviva@router1# set parameters security-name nms1 
	aviva@router1# set notify-filter chassis-traps 

To set up traps that correspond to the JUNOS configuration management MIB extension we showed in Recipe 4.14, configure them in a similar way. First, set up the trap notification:

	[edit snmp v3]
	aviva@router1# set notify config-notification-list type trap
	aviva@router1# set notify config-notification-list tag config-trap-receivers

Next, define the trap to send:

	[edit snmp v3]
	aviva@router1# set notify-filter config-traps oid jnxCmNotifications include

Specify the NMS systems to receives the traps:

	[edit snmp v3]
	aviva@router1# set target-address nms2 address 192.168.15.27
	aviva@router1# set target-address nms2 tag-list config-trap-receivers
	aviva@router1# set target-address nms2 target-parameters nms2-parameters

Finally, configure which traps the NMS systems receive and the security used when sending the traps:

	[edit snmp v3]
	aviva@router1# set target-parameters nms2-parameters notify-filter config-traps
	aviva@router1# set target-parameters nms2-parameters parameters 
message-processing-
	model v3
	aviva@router1# set target-parameters nms2-parameters parameters security-model usm
	aviva@router1# set target-parameters nms2-parameters parameters security-level
	privacy
	aviva@router1# set target-parameters nms2-parameters parameters security-name nms2

 

Discussion

The configuration of SNMPv3 traps is much more involved than for SNMPv2, so let's look at each step of the process. The first part of this recipe sets up traps for the objects related to the hardware chassis components.

First, configure a notification. SNMPv3 defines two types of notifications: informational and trap. You want to set type trap. You'll also want to name the notification with the tag statement (here, chassis-trap-receivers) so that later in the configuration, you can associate the trap type with the NMS system that will be receiving the traps.

Second, create a filter that identifies which traps are sent to the NMS. Here, the filter named chassis-traps sends all traps from the Juniper chassis MIB.

Next, define the NMS systems to receive the trap notifications in the target-address statement hierarchy. Each target has a name, here nms1, which is the username of the NMS (also referred to as the security name). Then set the NMS system's address and associate a tag list and security parameters with it. Here, we associate the chassis-trap-receivers tag and the nms1-parameters security parameters, which we define next.

Finally, associate a trap notification filter with the target NMS system (here, the chassis-traps filter) and define the security to use in all trap message exchanges. SNMPv3 security has three components: the message-processing model, the security model, and the security level. The processing model is SNMPv1, SNMPv2, or SNMPv3, which corresponds to the v1, v2, and v3 options of the message-processing-model statement. The security model is SNMPv1, SNMPv2, or USM, corresponding to the v1, v2c, and usm options of the security-model statement. Finally, the security level can be noAuthnoPriv, authNoPriv, or authPriv, which match the none, authentication, and privacy options of the security-level statement. Bundled in with defining the security parameters is the username (security name) of the receiving NMS system. Here, the security-name nms1 statement associates the security parameters with the system we defined in the target-address nms1 statement hierarchy.

Check the configuration using the show snmp v3 command. The following output shows only the portion related to the trap notifications:

	aviva@router1> show snmp v3
	SNMP Target:
	Address Address Port Parameters Storage Status
	name name type
	nms1 10.0.10.1 162 nms1-parame nonvolatile active
	Parameters Security Security Notify Storage Status
	name name model/level filter type
	nms1-parameter nms1 usm/privacy chassis nonvolatile active
	SNMP Notify:
	Notify Tag Type Storage Status
	name type
	trap-notification-li NMS-trap-receiver trap nonvolatile active
	Filter Subtree Filter Storage Status
	name type type
	chassis- 
traps 1.3.6.1.4.1.2636. include nonvolatile active

The Target and Parameters portions of the output list the NMS systems configured to receive traps and lists the security parameters. The Notify and Filter portions give information about the traps that will be sent.

Here's the traps portion of the SNMPv3 configuration file; you can see how all the pieces fit together:

	[edit snmp v3]
	target-address nms1 {
	 address 10.0.10.1;
	 tag-list NMS-trap-receivers;
	 target-parameters nms1-parameters;
	}
	target-address nms2 {
	 address 10.0.0.1;
	 tag-list config-trap-receivers;
	 target-parameters nms2-parameters;
	}
	target-parameters nms1-parameters {
	 parameters {
	 message-processing-model v3;
	 security-model usm;
	 security-level privacy;
	 security-name nms1;
	 }
	 notify-filter chassis-traps;
	}
	target-parameters nms2-parameters {
	 parameters {
	 message-processing-model v3;
	 security-model usm;
	 security-level privacy;
	 security-name nms2;
	 }
	 notify-filter config-traps;
	}
	notify chassis-notification-list {
	 type trap;
	 tag chassis-trap-receivers;
	}
	notify config-notification-list {
	 type trap;
	 tag config-trap-receivers;
	}
	notify-filter chassis-traps {
	 oid jnxChassisTraps include;
	 oid jnxChassisOKTraps include;
	}
	notify-filter config-traps {
	 oid jnxCmNotifications include;
	}


Router Configuration and File Management

Basic Router Security and Access Control

IPSec

SNMP

Logging

NTP

Router Interfaces

IP Routing

Routing Policy and Firewall Filters

RIP

IS-IS

OSPF

BGP

MPLS

VPNs

IP Multicast



JUNOS Cookbook
Junos Cookbook (Cookbooks (OReilly))
ISBN: 0596100140
EAN: 2147483647
Year: 2007
Pages: 290
Authors: Aviva Garrett

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net