The system generates SNMP traps according to operating
specifications defined in supported MIBs.
IP Hosts
Traps are sent to IP hosts. The IP hosts are configured
in a proprietary trap host table maintained by the router (the server).
Each entry in the table contains:
IP address of the trap destination
Community name (v1 or v2c) or username (v3) to send in
the trap message
SNMP format (v1 or v2) of the notification (trap) PDU
to use for that destination
Types of traps enabled to be sent to that destination
Trap filters configured for the destination
The maximum number of entries in the SNMP trap
host table in each virtual router is eight.
Trap Categories
The router supports the following trap categories:
environment—Power, temperature, fan, and memory
utilization traps
fileXfer—File transfer status change traps
haRedundancy—High availability and redundancy traps
inventory—System inventory and status traps
ip—Internet Protocol traps
ldp—LDP traps
link—SNMP linkUp and linkDown traps
log—System log capacity traps
mobileIpv4—Mobile IPv4 traps
mplste—Mplste traps
mrouter—Mrouter traps
ntp—E-series router proprietary traps
ospf—Open Shortest Path First traps
packetMirror—Packet mirroring traps; packet mirroring–related
SNMP categories and traps are visible only to authorized users. See JUNOSe Policy Management Configuration Guide for
information about using secure packet mirroring traps.
pim—Protocol Independent Multicast traps
ping—Ping operation traps in disman remops (remote
operations) MIB
radius—RADIUS servers fail to respond to accounting
and authentication requests traps, or servers return to active service
traps
routeTable—Maximum route limit and warning threshold
traps; when this trap is generated, the actual value of the exceeded
warning threshold is displayed.
snmp—SNMP coldStart, warmStart, authenticationFailure;
the trap option. The snmp-server enable traps snmp authentication command allows customized treatment for SNMP authentication failure
traps.
sonet—SONET traps
traceroute—Traceroute operation traps (in disman
remops MIB)
trapFilters—Global filters for SNMP trap recipients
vrrp—Virtual Router Redundancy Protocol traps
To enable global trap categories, use the snmp-server enable traps command. To enable trap categories
for a specific host, use the snmp-server host command.
Trap Severity Levels
The router provides a method of filtering traps
according to severity. Table 22 describes the
supported severity levels.
Table 22: Trap Severity
Descriptions
Severity Number
Severity Name
System Response
0
Emergency
System unusable
1
Alert
Immediate action needed
2
Critical
Critical conditions exist
3
Error
Error conditions exist
4
Warning
Warning conditions exist
5
Notice
Normal but significant conditions exist
6
Informational
Informational messages
7
Debug
Debug messages
You can set up one or more of the following types
of trap filters:
Global—Filters traps by type and severity level
across all trap categories
Per-category—Filters traps for a specific category
by type and severity level
Host-specific—Filters traps on a specific host
by type and severity level
Trap filters work as follows:
An event is posted to the SNMP agent.
The system determines whether the corresponding trap category
is globally enabled and whether the trap meets the minimum severity
level for the trap category. If the per-category filter is not defined
for this trap, the global trap severity applies.
If the trap does not meet these criteria, the system discards
the trap.
If the trap does meet these criteria, the trap goes to
the trap host processor.
The trap host processor determines whether the trap category
is enabled on the host and whether the trap meets the minimum severity
level set for the host.
If the trap does not meet these criteria, the system discards
the trap.
If the trap does meet these criteria, the trap is sent
to the trap recipient.
To set up global severity filters, use the snmp-server enable traps command. To specify the trap
severity level for a particular category, use the snmp-server
enable traps per-category-trapFilters command. To set
up a severity filter for a specific host, use the snmp-server
host command.
snmp-server enable traps
Use to enable and configure SNMP trap generation on a
global basis.
Traps are unsolicited messages sent from an SNMP server
(agent) to an SNMP client (manager).
Use to specify the trap severity level for a particular
category without overwriting the existing global severity level, which
applies to all enabled categories configured on the router.
If you change the global trap severity level (which applies
to all enabled categories) after you set the per-category trap severity
level, the global severity level takes precedence over the per-category
severity level.
If you do not configure the per-category severity level,
the global trap severity level (which applies to all enabled categories)
takes effect for that category.
Note:
This command does not modify the severity level set for specific
hosts using the snmp-server host command.
If you configure global severity levels for different
categories in succession, the last global severity level you configure
is applied to all categories.
Example 1—Configuring the per-category severity
level without changing the global severity level
Configure the global severity level as critical for all enabled trap categories by specifying the SONET trap category.
In this example, although you configure the category-specific
severity level as debug for the SONET category
in Step , the global severity
level remains unchanged as notice. This
behavior occurs because only the category-specific severity level
was configured in the last operation.
Example 2—Overwriting the global severity level
to the last-configured setting
Configure the global severity level as critical for all enabled trap categories by specifying the SONET trap category.
Although you specify the type of SNMP trap category when
you configure the global severity level, it takes effect for all enabled
trap categories on the router. In this example, after you issue the
second command, the global severity level is set as notice for all enabled trap categories.
Example 3—Overriding the global severity level for
a category with the per-category severity level
Configure the global severity level as critical for the SONET trap category in the command.
Configure the per-category severity level as debug for the SONET trap category. This setting overrides
the notice trap severity level that was
applicable for the SONET trap category.
The global severity level is configured as notice for all enabled trap categories except SONET,
whose severity level is set as debug. This
configuration occurs because the global severity level is overwritten
to the last configured value and the per-category severity level takes
precedence over the global severity level.
Use to specify the interface whose IP address is used
as the source address for all SNMP traps.
Note:
When there are multiple IP addresses configured on the IP interface
that is chosen as the SNMP trap source, the SNMP agent automatically
uses the primary IP address of the interface as the SNMP source address
on SNMP traps.
You can enable SNMP trap proxy, which allows you
to specify a single SNMP agent as the egress point for SNMP traps
from all other virtual routers. This feature removes the need to configure
a network path from each virtual router to a single trap collector.
You can enable SNMP trap proxy from either SNMP
or the CLI. Only one SNMP trap proxy can exist for a physical router.
The SNMP trap proxy does not forward global traps
that it receives from other virtual routers. The corresponding SNMP
agent handles global traps locally and does not forward them to the
SNMP trap proxy.
To configure the SNMP trap proxy:
Access the virtual router context.
Enable or disable the SNMP trap proxy.
snmp-server trap-proxy
Use to enable or disable the SNMP trap proxy.
Example
host1(config)#snmp-server trap-proxy enable
Use the no version to disable
the SNMP trap proxy.
SNMP uses the User Datagram Protocol (UDP) to send
traps. Because UDP does not guarantee delivery or provide flow control,
some traps can be lost in transit to a destination address. The Notification
Log MIB provides flow control support for UDP datagrams.
You should set up your management applications
to periodically request the recorded traps to ensure that the host
is up and the management applications have received all the generated
traps.
To identify the location of traps logged in the
notification log, the system assigns a consecutive index number to
each SNMP trap message transmitted from the E-series router. Clients
can use the index to detect missing traps.
(Optional) Enable the snmpTrap log to severity level info.
host1(config)#log severity info snmpTrap
Note:
Enabling the snmpTrap log provides the same information in the
router log as appears in the snmp-server notification log. However,
long trap strings may appear truncated.
log severity
Use to set the severity level for a selected category
or for systemwide logs.
Note:
For more information about this command, see the JUNOSe System Event Logging Reference Guide.
Example
host1(config)#log severity info snmptrap
Use the no version to return
to the default severity value (error) for the selected category. To
return all logs to their default severity setting, include an * (asterisk)
with the no version.
Use to set the maximum number of notifications kept in
all notification log tables.
The range is 1–500, which means that you can allocate
up to 500 notifications across all virtual routers on the router.
As you allocate the entry limits for virtual routers, the available
range changes to reflect the number of notifications that you have
allocated.
SNMP traps can be lost during startup of the E-series
router for one of the following reasons:
The SNMP agent begins sending SNMP traps to the host before
the line module is initialized.
If the SNMP proxy virtual router is initialized after
other virtual routers, traps generated by the other virtual routers
and sent to the proxy router are lost.
To recover SNMP traps that are lost during system
startup, the SNMP agent pings the configured trap host to identify
that there is a communication path between E-series router and host.
On successful ping acknowledgment, the lost traps are reconstructed
for each virtual router. In the case of scenario 1, the reconstructed
traps are sent to the proxy virtual router to be routed to the appropriate
hosts. In the case of scenario 2, the traps are sent directly to the
appropriate hosts.
You can configure the ping timeout window with
the snmp-server host command. The following
are guidelines for setting the maximum ping window:
If you are losing traps because of scenario 1, base the
maximum ping window time on the estimated time that it takes to establish
connectivity in a particular network. (For some configurations it
can take more than 30 minutes to establish connectivity.)
If you are losing traps because of scenario 2, we recommend
that you use the default value for the maximum ping window time, which
is one minute.
snmp-server host
Use to set the ping timeout for the host that is receiving
SNMP traps.
Use the pingtimeout keyword
to set the ping timeout window; the range is 1–90 minutes.
