SNMP Traps
Configure SNMP Traps
Traps are unsolicited messages sent from an SNMP agent to remote network management systems, or trap receivers. Enterprises use SNMP traps as part of a fault-monitoring solution in addition to system logging. In Junos OS, you must configure a trap-group if you wish to use SNMP traps.
You can create and name a group of one or more types of SNMP traps and define which systems receive the group of SNMP traps. The name of the trap group is embedded in SNMP trap notification packets as one variable binding (varbind) known as the community name.
To configure an SNMP trap:
Configure SNMP Trap Options
Using SNMP trap options, you can set the source address of every SNMP trap packet sent by the router to a single address regardless of the outgoing interface. In addition, you can set the agent address of the SNMPv1 traps. For more information about the contents of SNMPv1 traps, see RFC 1157.
You can associate SNMP with only master routing instance.
To configure SNMP trap options, see trap-options.
You must also configure a trap group for the trap options to take effect. For information about trap groups, see Configure SNMP Trap Groups.
This topic contains the following sections:
- Configure the Source Address for SNMP Traps
- Configure the Agent Address for SNMP Traps
- Add snmpTrapEnterprise Object Identifier to Standard SNMP Traps
Configure the Source Address for SNMP Traps
You can configure the source address of trap packets in many ways: lo0, a valid IPv4 address or IPv6 address configured on one of the router interfaces, a logical-system address, or the address of a routing-instance. The value lo0 indicates that the source address of the SNMP trap packets is set to the lowest loopback address configured on the interface lo0.
You can generate SNMP Traps only if the source address is a valid IPv4 or IPv6 address or is configured.
You can configure the source address of trap packets in one of the following formats:
A valid IPv4 address configured on one of the router interfaces
A valid IPv6 address configured on one of the router interfaces
lo0
; that is, the lowest loopback address configured on the interface lo0A logical-system name
A routing-instance name
A Valid IPv4 Address As the Source Address
To specify a valid IPv4 interface address as the source
address for SNMP traps on one of the router interfaces, include the source-address
statement at the [edit snmp trap-options]
hierarchy level:
[edit snmp trap-options] source-address address;
address
is a valid IPv4 address
configured on one of the router interfaces.
A Valid IPv6 Address As the Source Address
To specify a valid IPv6 interface address as the source
address for SNMP traps on one of the router interfaces, include the source-address
statement at the [edit snmp trap-options]
hierarchy level:
[edit snmp trap-options] source-address address;
address
is a valid IPv6 address
configured on one of the router interfaces.
The Lowest Loopback Address As the Source Address
To specify the source address of the SNMP traps so that
they use the lowest loopback address configured on the interface lo0
as the source address, include the source-address
statement
at the [edit snmp trap-options]
hierarchy level:
[edit snmp trap-options] source-address lo0;
To enable and configure the loopback address, include
the address
statement at the [edit interfaces lo0
unit 0 family inet]
hierarchy level:
[edit interfaces] lo0 { unit 0 { family inet { address ip-address; } } }
To configure the loopback address as the source address of trap packets:
[edit snmp] trap-options { source-address lo0; } trap-group "urgent-dispatcher" { version v2; categories link startup; targets { 192.168.10.22; 172.17.1.2; } } [edit interfaces] lo0 { unit 0 { family inet { address 10.0.0.1/32; address 127.0.0.1/32; } } }
In this example, the IP address 10.0.0.1 is the source address of every trap sent from this router.
Logical System Name as the Source Address
To specify a logical system name as the source address
of SNMP traps, include the logical-system logical-system-name
statement at the [edit snmp trap-options]
hierarchy
level.
For example, the following configuration sets logical system
name ls1
as the source address of SNMP traps:
[edit snmp] trap-options{ logical-system ls1; }
Routing Instance Name as the Source Address
To specify a routing instance name as the source address
of SNMP traps, include the routing-instance routing-instance-name
statement at the [edit snmp trap-options]
hierarchy
level.
For example, the following configuration sets the routing instance
name ri1
as the source address for SNMP traps:
[edit snmp] trap-options { routing-instance ri1; }
Configure the Agent Address for SNMP Traps
The agent address is only available in SNMPv1 trap packets
(see RFC 1157). By default, the router’s default local address
is not specified in the agent address field of the SNMPv1 trap. To
configure the agent address, include the agent-address
statement
at the [edit snmp trap-options]
hierarchy level. Currently,
the agent address can only be the address of the outgoing interface:
[edit snmp] trap-options { agent-address outgoing-interface; }
To configure the outgoing interface as the agent address:
[edit snmp] trap-options { agent-address outgoing-interface; } trap-group “ urgent-dispatcher” { version v1; categories link startup; targets { 192.168.10.22; 172.17.1.2; } }
In this example, each SNMPv1 trap packet sent has its agent address value set to the IP address of the outgoing interface.
Add snmpTrapEnterprise Object Identifier to Standard SNMP Traps
The snmpTrapEnterprise object helps you identify the enterprise that has defined the trap. Typically, the snmpTrapEnterprise object appears as the last varbind in enterprise-specific SNMP version 2 traps. However, starting Release 10.0, Junos OS enables you to add the snmpTrapEnterprise object identifier to standard SNMP traps as well.
To add snmpTrapEnterprise to standard traps, include the enterprise-oid
statement at the [edit snmp trap-options]
hierarchy level. If the enterprise-oid
statement is not
included in the configuration, snmpTrapEnterprise is added only for
enterprise-specific traps.
[edit snmp] trap-options { enterprise-oid; }
Configure SNMP Trap Groups
You can create and name a group of one or more types of SNMP traps and then define which systems receive the group of SNMP traps. You must configure the trap group for sending the SNMP traps. To create an SNMP trap group, see trap-group.
For each trap group that you define, you must include
the target
statement to define at least one system as the
recipient of the SNMP traps in the trap group. Specify the IPv4 or
IPv6 address of each recipient, not its hostname.
Specify the types of traps the trap group can receive in the categories
statement. For information about the category to which the traps belong, see the
Standard SNMP Traps Supported by Junos OS and Enterprise-Specific SNMP Traps Supported by Junos OS topics.
Specify the routing instance used by the trap group
in the routing-instance
statement. All targets configured
in the trap group use this routing instance.
A trap group can receive the following categories:
authentication
—Authentication failureschassis
—Chassis or environment notificationschassis-cluster
—Clustering notificationsconfiguration
—Configuration notificationslink
—Link-related notifications (up-down transitions, DS-3 and DS-1 line status change, IPv6 interface state change, and Passive Monitoring PIC overload)Note:To send Passive Monitoring PIC overload interface traps, select the
link
trap category.otn-alarms
—OTN alarm trap subcategoriesremote-operations
—Remote operation notificationsrmon-alarm
—Alarm for RMON eventsrouting
—Routing protocol notificationsservices
—Services notifications such as circuit down or up, connection down or up, CPU exceeded, alarms, and status changes.sonet-alarms
—SONET/SDH alarmsNote:If you omit the SONET/SDH subcategories, all SONET/SDH trap alarm types are included in trap notifications.
loss-of-light
—Loss of light alarm notificationpll-lock
—PLL lock alarm notificationloss-of-frame
—Loss of frame alarm notificationloss-of-signal
—Loss of signal alarm notificationseverely-errored-frame
—Severely errored frame alarm notificationline-ais
—Line alarm indication signal (AIS) alarm notificationpath-ais
—Path AIS alarm notificationloss-of-pointer
—Loss of pointer alarm notificationber-defect
—SONET/SDH bit error rate alarm defect notificationber-fault
—SONET/SDH error rate alarm fault notificationline-remote-defect-indication
—Line remote defect indication alarm notificationpath-remote-defect-indication
—Path remote defect indication alarm notificationremote-error-indication
—Remote error indication alarm notificationunequipped
—Unequipped alarm notificationpath-mismatch
—Path mismatch alarm notificationloss-of-cell
—Loss of cell delineation alarm notificationvt-ais
—Virtual tributary (VT) AIS alarm notificationvt-loss-of-pointer
—VT loss of pointer alarm notificationvt-remote-defect-indication
—VT remote defect indication alarm notificationvt-unequipped
—VT unequipped alarm notificationvt-label-mismatch
—VT label mismatch error notificationvt-loss-of-cell
—VT loss of cell delineation notification
startup
—System warm and cold startstiming-events
—Timing events and defects notificationvrrp-events
—Virtual Router Redundancy Protocol (VRRP) events such as new-primary or authentication failures
If you include SONET/SDH subcategories, only those SONET/SDH trap alarm types are included in trap notifications.
The version
statement allows you to specify the SNMP
version of the traps sent to targets of the trap group. If you specify v1
only, SNMPv1 traps are sent. If you specify v2
only, SNMPv2 traps are sent. If you specify all
, both
an SNMPv1 and an SNMPv2 trap are sent for every trap condition. For
more information about the version
statement, see version (SNMP).
Configure SNMP Trap Options and Groups on a Device Running Junos OS
Some carriers have more than one trap receiver that forwards traps to a central NMS. This allows more than one path for SNMP traps from a router to the central NMS through different trap receivers. You can configure a device running Junos OS to send the same copy of each SNMP trap to every trap receiver configured in the trap group.
The source address in the IP header of each SNMP trap packet is set to the address of the outgoing interface by default. When a trap receiver forwards the packet to the central NMS, the source address is preserved. The central NMS, looking only at the source address of each SNMP trap packet, assumes that each SNMP trap came from a different source.
In reality, the SNMP traps came from the same router, but each left the router through a different outgoing interface.
The statements discussed in the following sections are provided to allow the NMS to recognise the duplicate traps and distinguish SNMPv1 traps based on the outgoing interface.
To configure SNMP trap options and trap groups, include
the trap-options
and trap-group
statements at
the [edit snmp]
hierarchy level:
[edit snmp] trap-options { agent-address outgoing-interface; source-address address; } trap-group group-name { categories { category; } destination-port port-number; targets { address; } version (all | v1 | v2); }
Example: Configure SNMP Trap Groups
Set up a trap notification list named urgent-dispatcher
for link and startup traps. This list is used to identify the network
management hosts (1.2.3.4
and fe80::1:2:3:4
)
to which traps generated by the local router should be sent. The name
specified for a trap group is used as the SNMP community string when
the agent sends traps to the listed targets.
[edit] snmp { trap-group "urgent-dispatcher" { version v2; categories link startup; targets { 1.2.3.4; fe80::1:2:3:4; } } }
Manage Traps
The following provide details on managing SNMP notifications:
-
Generate Traps Based on SysLog Events:
Event policies can include an action that raises traps for events based on system log messages. This feature enables notification of an SNMP trap-based application when an important system log message occurs. You can convert any system log message, for which there is no corresponding trap, into a trap. If you are using network management system traps rather than system log messages to monitor your network, you can use this feature to ensure that you are notified of all the major events.
To configure a policy that raises a trap on receipt of an event, include the following statements at the
[edit event-options policy policy-name]
hierarchy level:The following example shows the sample configuration for raising a trap for the event
ui_mgd_terminate
:[edit event-options policy p1] events ui_mgd_terminate; then { raise-trap; }
-
Filter Traps Based on the Trap Category:
SNMP traps are categorized into many categories. The Junos OS provides a configuration option,
categories
at the[edit snmp trap-group trap-group]
hierarchy level, that enables you to specify categories of traps that you want to receive on a particular host. You can use this option when you want to monitor only specific modules of the Junos OS.The following example shows a sample configuration for receiving only
link
,vrrp-events
,services
, andotn-alarms
traps:[edit snmp] trap-group jnpr { categories { link; vrrp-events; services; otn-alarms; } targets { 192.168.69.179; } }
-
Filter Traps Based on the Object Identifier:
The Junos OS also provides a more advanced filter option that enables you to filter out specific traps based on their object identifiers. You can use the
notify-filter
option to filter out a specific trap or a group of traps.The following example shows the sample configuration for excluding Juniper Networks enterprise-specific configuration management traps (note that the SNMPv3 configuration also supports filtering of SNMPv1 and SNMPv2 traps as is shown in the following example):
[edit snmp] v3 { vacm { security-to-group { security-model v2c { security-name sn_v2c_trap { group gr_v2c_trap; } } } access { group gr_v2c_trap { default-context-prefix { security-model v2c { security-level none { read-view all; notify-view all; } } } } } } target-address TA_v2c_trap { address 10.209.196.166; port 9001; tag-list tg1; target-parameters TP_v2c_trap; } target-parameters TP_v2c_trap { parameters { message-processing-model v2c; security-model v2c; security-level none; security-name sn_v2c_trap; } notify-filter nf1; } notify v2c_notify { type trap; tag tg1; } notify-filter nf1 { oid .1.3.6.1.4.1.2636.4.5 exclude; oid .1 include; } snmp-community index1 { community-name "$9$tDLl01h7Nbw2axN"; ## SECRET-DATA security-name sn_v2c_trap; tag tg1; } view all { oid .1 include; } }