Monitoring SNMP Secure Packet Mirroring Traps

Purpose

Display configuration information about SNMP traps and trap destinations. The PacketMirror trap category is displayed only when the mirror enable command has been configured. The Secure Trap Logging status is displayed only when the mirror enable command has been issued and secure audit logs have been configured. Text in bold indicates secure packet mirroring trap configuration information.

Action

To display secure packet mirroring traps:

host1# show snmp trap
Enabled Categories: CliSecurity,  PacketMirror , Sonet
SNMP authentication failure trap is disabled
Trap Source: FastEthernet 6/0, Trap Source Address:192.168.120.78
Trap Proxy: enabled
Secure Trap Logging is enabled
Global Trap Severity Level: 6 - informational
Address          Security String                   Ver  Port   Trap Categories
---------------  --------------------------------  ---  -----  ----------------
10.1.1.1         host1                             v1     162  Cli
10.12.12.12      secureHost                        v3     162  CliOspf PacketMirror Sonet
192.168.57.162   host2                             v3     162  Sonet
Address         TrapSeverityFilter  Ping    Maximum    Queue    Queue Full
                                   TimeOut QueueSize DrainRate discrd methd
--------------- ------------------ ------- --------- --------- -------------
10.1.1.1        5 - notice         1       32        0         dropLastIn
10.12.12.12     2 - critical       1       32        0         dropLastIn
192.168.57.162  2 - critical       1       32        0         dropLastIn

Meaning

Table 72 lists the show snmp trap command output fields.

Table 72: show snmp trap Output Fields

Field Name

Field Description

Enabled Categories

Trap categories that are enabled on the router

SNMP authentication failure trap

Enabled or disabled

Trap Source

Interface whose IP address is used as the source address for all SNMP traps

Trap Source Address

IP address used as the source address for all SNMP traps

Trap Proxy

Enabled or disabled

Secure Trap Logging

Enabled or disabled

Global Trap Severity Level

Global severity level filter; if a trap does not meet this severity level, it is discarded

Address

IP address of the trap recipient

Security String

Name of the SNMP community

Ver

SNMP version (v1 or v2) of the SNMP trap packet

Port

UDP port on which the trap recipient accepts traps

Trap Categories

Types of traps that the trap recipient can receive

TrapSeverityFilter

Severity level filter for this SNMP host

Ping TimeOut

Configured ping timeout in minutes

Maximum QueueSize

Maximum number of traps to be kept in the trap queue

Queue DrainRate

Maximum number of traps per second to be sent to the host

Queue Full discrd methd

Method used to discard traps when the queue is full:

dropFirstIn

Oldest trap in the queue is dropped

dropLastIn

Most recent trap is dropped

Note: Secure packet-mirroring trap configuration information appears in the Enabled Categories and Trap Categories fields only if the mirror-enable command is enabled.

Related Documentation