Configuring SNMP Traps
Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers. Many enterprises use SNMP traps as part of a fault-monitoring solution, in addition to system logging. In Junos OS, SNMP traps are not forwarded by default, so you must configure a trap-group if you wish to use SNMP traps.
You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps.. The name of the trap group is embedded in SNMP trap notification packets as one variable binding (varbind) known as the community name.
To configure an SNMP trap:
- Create a single, consistent source address that Junos
OS applies to all outgoing traps in your device.
A source address is useful, because although most Junos OS devices have a number of outbound interfaces, using one source address helps a remote NMS to associate the source of the traps with an individual device
This example uses the IP address of the loopback interface (lo0) as the source address for all the SNMP traps that originate from the device.[edit groups global snmp]user@host# set trap-options source-address lo0
- Create a trap group in which you can list the types of
traps to be forwarded and the targets (addresses) of the receiving
remote management systems.[edit groups global snmp trap-group group-name]
This example creates a trap group called managers, allows SNMP version 2-formatted notifications (traps) to be sent to the host at address 192.168.1.15. This statement forwards all categories of traps.[edit groups global snmp trap-group managers]user@host# set version v2 targets 192.168.1.15
- Define the specific subset of trap categories to be forwarded.
For a list of categories, see Configuring SNMP Trap Groups.[edit groups global snmp trap-group group-name]user@host# set categories category
The following statement configures the standard MIB-II authentication failures on the agent (the device).[edit groups global snmp trap-group managers]user@host# set categories authentication
- At the top level of the configuration, apply the configuration
If you use a configuration group, you must apply it for it to take effect.user@host# set apply-groups global
- Commit the configuration.user@host# commit
- To verify the configuration, generate an authentication
This means that the SNMP agent received a request with an unknown community. Other traps types can also be spoofed as well.
This feature enables you to trigger SNMP traps from routers and ensure that they are processed correctly within your existing network management infrastructure. This is also useful for testing and debugging SNMP behavior on the switch or NMS.
Using the monitor traffic command, you can verify that the trap is sent to the network management system.
user@host> request snmp spoof-trap authenticationFailure
Spoof-trap request result: trap sent successfully