Configuring SNMP Traps

 

Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers. Many enterprises use SNMP traps as part of a fault-monitoring solution, in addition to system logging. In Junos OS, SNMP traps are not forwarded by default, so you must configure a trap-group if you wish to use SNMP traps.

You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps.. The name of the trap group is embedded in SNMP trap notification packets as one variable binding (varbind) known as the community name.

To configure an SNMP trap:

  1. Create a single, consistent source address that Junos OS applies to all outgoing traps in your device.

    A source address is useful, because although most Junos OS devices have a number of outbound interfaces, using one source address helps a remote NMS to associate the source of the traps with an individual device

    This example uses the IP address of the loopback interface (lo0) as the source address for all the SNMP traps that originate from the device.

  2. Create a trap group in which you can list the types of traps to be forwarded and the targets (addresses) of the receiving remote management systems.

    This example creates a trap group called managers, allows SNMP version 2-formatted notifications (traps) to be sent to the host at address 192.168.1.15. This statement forwards all categories of traps.

  3. Define the specific subset of trap categories to be forwarded.

    For a list of categories, see Configuring SNMP Trap Groups.

    The following statement configures the standard MIB-II authentication failures on the agent (the device).

  4. At the top level of the configuration, apply the configuration group.

    If you use a configuration group, you must apply it for it to take effect.

  5. Commit the configuration.
  6. To verify the configuration, generate an authentication failure trap.

    This means that the SNMP agent received a request with an unknown community. Other traps types can also be spoofed as well.

    This feature enables you to trigger SNMP traps from routers and ensure that they are processed correctly within your existing network management infrastructure. This is also useful for testing and debugging SNMP behavior on the switch or NMS.

    Using the monitor traffic command, you can verify that the trap is sent to the network management system.

    user@host> request snmp spoof-trap authenticationFailure