In this post, I will take you through the steps to configure SNMPv3 User and SNMPv3 traps. This is required to configure alerting and monitoring for your switch.
The following examples list how to configure SNMPv3 users/traps.
-
Enter
snmpconfig
--set
snmpv3 to create the SNMPv3 user.
switch:admin> snmpconfig --set snmpv3 SNMP Informs Enabled (true, t, false, f): [true] t SNMPv3 user configuration(snmp user not configured in FOS user database will
have physical AD and admin role as the default): User (rw): [snmpadmin1] fabric_admin Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 1 New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (1..4) [2] 4 New Priv Passwd: Verify Priv Passwd: Engine ID: [00:00:00:00:00:00:00:00:00] 80:00:05:23:01:0A:xx:xx:xx User (rw): [snmpadmin2] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] 1 New Auth Passwd: Verify Auth Passwd: Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (1..4) [2] Engine ID: [00:00:00:00:00:00:00:00:00] User (rw): [snmpadmin3] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2] Engine ID: [00:00:00:00:00:00:00:00:00] User (ro): [snmpuser1] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2] Engine ID: [00:00:00:00:00:00:00:00:00] User (ro): [snmpuser2] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2] Engine ID: [00:00:00:00:00:00:00:00:00] User (ro): [snmpuser2] Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3] Priv Protocol [DES(1)/noPriv(2)/AES128(3)/AES256(4)]): (2..2) [2] Engine ID: [00:00:00:00:00:00:00:00:00] SNMPv3 trap recipient configuration: SNMPv3 trap recipient configuration: Trap Recipient's IP address : [0.0.0.0] xx.yy.zz.00 UserIndex: (1..6) [1] Trap recipient Severity level : (0..5) [0] 5 Trap recipient Port : (0..65535) [162] Trap Recipient's IP address : [0.0.0.0] xx.yy.zz.11 UserIndex: (1..6) [2] Trap recipient Severity level : (0..5) [0] 5 Trap recipient Port : (0..65535) [162] Trap Recipient's IP address : [0.0.0.0] Trap Recipient's IP address : [0.0.0.0] Trap Recipient's IP address : [0.0.0.0] Trap Recipient's IP address : [0.0.0.0] Committing configuration.....done. switch:admin> snmpconfig --show snmpv3 SNMP Informs = 1 (ON) SNMPv3 USM configuration: User 1 (rw): fabric_admin Auth Protocol: MD5 Priv Protocol: AES256 Engine ID: 80:00:05:23:01:0A:xx:xx:xx User 2 (rw): snmpadmin2 Auth Protocol: MD5 Priv Protocol: noPriv Engine ID: 00:00:00:00:00:00:00:00:00 User 3 (rw): snmpadmin3 Auth Protocol: noAuth Priv Protocol: noPriv Engine ID: 00:00:00:00:00:00:00:00:00 User 4 (ro): snmpuser1 Auth Protocol: noAuth Priv Protocol: noPriv Engine ID: 00:00:00:00:00:00:00:00:00 User 5 (ro): snmpuser2 Auth Protocol: noAuth Priv Protocol: noPriv Engine ID: 00:00:00:00:00:00:00:00:00 User 6 (ro): admin Auth Protocol: noAuth Priv Protocol: noPriv Engine ID: 00:00:00:00:00:00:00:00:00 SNMPv3 Trap configuration: Trap Entry 1: xx.yy.zz.00 Trap Port: 162 Trap User: fabric_admin Trap recipient Severity level: 5 Trap Entry 2: xx.yy.zz.11 Trap Port: 162 Trap User: snmpadmin2 Trap recipient Severity level: 5 Trap Entry 3: No trap recipient configured yet Trap Entry 4: No trap recipient configured yet Trap Entry 5: No trap recipient configured yet Trap Entry 6: No trap recipient configured yetTo display the test traps associated with the real MIBs supported in Fabric OS:switch:admin> snmpTraps --show # |Mib Name |Supported Traps ---|----------------|-------------------------------- 001|SW-MIB |sw-track-changes-trap | |sw-fabric-watch-trap | |sw-fc-port-scn | |ip-v6-change-trap | |sw-pmgr-event-trap | |sw-event-trap | |sw-fabric-reconfig-trap | |sw-fabric-segment-trap | |sw-state-change-trap | |sw-zone-config-change-trap | |sw-port-move-trap | |sw-brcd-generic-trap | |sw-device-status-trap 002|FICON-MIB |link-rnid-device-registration | |link-rnid-device-deregistration | |link-lirr-listener-added | |link-lirr-listener-removed | |link-rlir-failure-incident 003|FA-MIB |conn-unit-status-change | |conn-unit-sensor-status-change | |conn-unit-port-status-change | |conn-unit-event-trap 004|MIB-2 |cold-restart-trap | |warm-restart-trap 005|IF-MIB |if-link-up-trap | |if-link-down-trap 006|RFC1157 |snmp-authetication-trap 007|HA-MIB |fru-status-change-trap | |fru-history-trap | |cp-status-change-trap 008|BD-MIB |bd-trap | |bd-clear-trap 009|T11-FC-ZONE-SERVER-MIB|t11ZsRequestRejectNotify | |t11ZsMergeSuccessNotify | |t11ZsMergeFailureNotify | |t11ZsDefZoneChangeNotify | |t11ZsActivateNotify
To send all traps to the configured recipients:switch:admin> snmpTraps --send Number of traps sent : 30
To send all traps to the recipient xx:yy:zz:00:switch:admin> snmpTraps --send -ip_address xx:yy:zz:00 Number of traps sent : 30
To send the sw-fc-port-scn trap to the configured recipients:switch:admin> snmpTraps --send -trap_name sw-fc-port-scn Number of traps sent : 1
To send the sw-fc-port-scn trap to the recipient xx:yy:zz:00:switch:admin> snmpTraps --send -trap_name sw-fc-port-scn -ip_address xx:yy:zz:00 Number of traps sent : 1
To unblock port traps on all the ports or on a specific port:switch:admin> snmptraps --unblock -ports ALL switch:admin> snmptraps --unblock -port 1/10
To block port traps on slot 1 and port 10:Switch:admin> snmptraps --block -port 1/10
How to disable SNMP user?
ReplyDelete