Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure SNMP Trap and Inform Notifications

Paragon Insights supports inform and trap notifications that devices send in the network for fault management. The SNMP manager (Paragon Insights) and the SNMP agents (devices) send traps and informs as notifications about change of state in network. Paragon Insights performs trigger evaluations on the traps and informs. Paragon Insights processes traps and informs from the configured device only if a playbook containing an SNMP-notification rule is running for the specified device. In all other cases, the SNMP Manager drops the trap or inform message.

The following sections describe relevant terms, configuration of traps and informs through CLI, port configuration, and accessing status of SNMP traps through CLI.

Note:

You can configure SNMP trap notifications in SNMPv2c and SNMPv3. You can configure SNMP inform messages only when you use SNMPv3 protocol.

Tasks You Can Perform

Before you delve into SNMP trap and inform configurations, the following glossary can familiarize you with important concepts in SNMPv3 protocol.

The authoritative agent

In SNMPv3 transactions between two entities (agent and manager), Paragon Insights verifies the source device of notifications through authentication and privacy.Authentication identifies and verifies the source of an SNMPv3 message. The privacy feature prevents packet analyzers from snooping the content of messages by encrypting the notification messages. The entity that controls the notification flow is known as an authoritative agent. In SNMPv3, the non-authoritative entity must know the <Engine ID> of the authoritative agent for a successful communication.
Traps or trap messages

A trap is an unacknowledged notification sent to the SNMP manager. In trap messages, SNMP agent is the authoritative agent. The administrator must configure the SNMP v3 <user> (distinct from the local IAM users) and <Context Engine ID> on the device that sends out the trap messages. For traps, the <Context Engine ID> is the Engine ID that uniquely identifies the SNMP agent.
Informs or inform messages

An inform is also a notification sent from an SNMP agent to the SNMP manager. In inform messages, SNMP manager is the authoritative agent. You configure the device that needs to send inform messages with the details of the remote authoritative agent, SNMP manager (Paragon Insights). The administrator must configure the <user> found in the remote SNMP manager.
Engine ID

<Engine ID> is a hexadecimal generated for a given agent that uniquely identifies the SNMP agent and needs to be unique across a given administrative domain. It also must be persistent across reboots or upgrades.
Security Engine ID

It is a security parameter in the SNMP communication between the agent and the manager. <Security Engine ID> is usually the <Engine ID> of the authoritative agent involved. A trap message has two parts: a header and a trap Protocol Data Unit (PDU). The header contains the <Security Engine ID> and a <username> set in the trap configuration. When an agent sends a trap, the parameters in the trap header are checked against the details in the USM table. The trap is further processed only when the parameters in the header matches with details in the USM table.

In inform notifications, the <Security Engine ID> is Paragon Insight’s Engine ID.
Context Engine ID

<Context Engine ID> is part of a trap PDU. It uniquely identifies a device which has sent the original trap message. <Context Engine ID> and <Security Engine ID> are identical is most cases.

USM Table

SNMP managers receiving the traps needs to maintain the USM table (User-based Security Model) which has <Security Engine ID> and <username> as the key to verify the source of the trap messages.

The following sections detail how to:

Find the Engine ID

Depending on if you configure devices to send trap or inform notifications, you need to first find the <Engine ID> of either the SNMP agent. You can refer to the sample commands below to find the engine id in Junos devices.

Note:

The CLI command to find <Engine ID> varies from vendor-to-vendor.

To find the <Engine ID> of SNMP agents (devices) that are Junos-based platforms, enter the following command in CLI.

You will receive a HEX output as the device <Engine ID>.

Configure Trap Notifications

You can configure a device to send trap notifications using SNMPv2c and SNMPv3.

The source IP address needs to be unique across all the devices as it uniquely identifies the device. You can configure source IP address only for devices.

Note:

In Paragon Insights, the SNMPv2c and SNMPv3 ingest and trap configurations share the same workflow.

To configure SNMP trap notifications at the device level:

  1. Click the Configuration > Device option in the left navigation bar.
  2. Select a device by clicking on the checkbox and click the edit device button (pencil icon).

    The Edit Device-Name window appears.

  3. Click on Protocol > SNMP.
  4. Enter the necessary values in the text boxes and select the appropriate options for the device.

    The following table describes the attributes in the Edit Device-Name window:

    Attributes

    Description

    Protocols > SNMP

    Version

    Select either v2c or v3 from the list.

    Get Community (Only for SNMPv2c)

    Enter an SNMP Community string for SNMPv2c ingest.

    In SNMPv2c, the Community string is used to verify the authenticity of the ingest (request-response) message issued by the SNMP agent (devices such as routers, switches, servers, and so on).

    Port

    Port number required for SNMP ingest (request-response) messages. The standard port number is 161.

    Timeout

    Enter the timeout period in seconds for SNMP notifications. You can enter a value between 0 and 65535.

    Timeout denotes the number of seconds after which the SNMP agent stops re-transmitting notification.

    Retry Count

    Enter a retry count between 0 and 255.

    Retry count is the number of times an SNMP agent attempt to retransmit notifications.

    V3 Username

    Enter a username for SNMPv3 ingest (request-response), trap, and inform notifications.

    V3 Context Name

    (Optional) Enter a context name for SNMPv3 trap and inform notifications.

    Context in SNMP denotes a collection of information (objects) related to management domain in management information base (MIB). Multiple instances of the MIB objects are used by different devices in the network. The devices are identified using the SNMP context name and the context engine ID.

    V3 Authentication

    This field appears if you selected v3 in SNMP Version field.

    Select an authentication protocol from the list.

    Select None from the list if you want to set SNMPv3 authentication to None.

    V3 Privacy

    This field appears if you selected v3 in SNMP Version field.

    Select a privacy protocol from the list.

    Select None from the list menu if you want to set SNMPv3 privacy to None.

    V3 Context Engine

    This field appears if you selected v3 in SNMP Version field.

    The Engine ID must be set to engine-id of the SNMP agent.

    V3 Auth Passphrase

    This field appears if you selected v3 in SNMP Version field.

    Enter a passphrase for SNMPv3 authentication.

    SNMPv3 Privacy Passphrase

    This field appears if you selected v3 in SNMP Version field

    Enter a passphrase to encrypt the ingest message.

    Device ID Details

    SNMP Source IPs

    Enter one or more IP address of source device. If a device has multiple IP addresses, separate them with a comma.

    The source IP address is used to identify the sender (SNMP agent) of trap and inform notifications.

    If you configured virtual IP address for SNMP trap receiver during installation, you can enter the virtual IP address here.
  5. Click OK to save the configuration.

    A confirmation window confirms that the edit operation was successful.

In device groups, you can configure port number for traps and inform notifications. You can also configure log levels for SNMP notification.

  1. Click the Configuration > Device Groups option in the left-navigation bar.

  2. Select a device group and click on the edit button (pencil icon).

    The Edit Device Group page appears.

  3. Click Advanced > Ports to configure notification ports for traps and informs.

  4. Click Advanced > Logging > Service Logging Overrides to configure SNMP logs.

    The following table describes the attributes in the Add a Device Group window:

    Table 1: Table 2: Add Device Group Page Details

    Attributes

    Description

    Name

    Name of the device group. (Required)

    Description

    Description for the device group.

    Devices

    Add devices to the device group from the list. (Required)

    In Paragon Insights, you can add more than 50 devices per device group. However, the actual scale of the number of devices you can add depends on the available system resources.

    For example, let's say that you want to create a device group of 120 devices. In releases earlier than Release 4.0.0, we recommend that you create three device groups of 50, 50, and 20 devices respectively. With Paragon Insights, you just create one device group.

    Logging Configuration

    SNMP Notification

    Paragon Insights supports collecting log data for SNMP notification. You can collect different severity levels of logs for the snmp-notification service in a device group.

    Use these fields to configure which log levels to collect:

    Global Setting Log Level

    From the list, select the level of the log messages that you want to collect for every running Paragon Insights service for the device group. The level is set to None by default.
    Services Logging Overrides

    Select the log level from the list for any specific service that you want to configure differently from the Global Setting log level. The log level that you select for a specific service takes precedence over the Global Setting log configuration.

    Ports

    SNMP Notification Ports

    Enter port number(s) separated by comma, if you want to configure multiple ports. Paragon Insights listens on these ports for trap and inform notifications.

  5. Click Save to commit the configuration or click Save and Deploy to deploy the configuration in Paragon Insights.

Configure Inform Notifications

To enable devices to send inform notifications, you must configure SNMPv3 USM user(s).

To create USM users in Paragon Insights:

  1. Go to Configuration > Data Ingest > Settings.
  2. Select the SNMP Notification tab on the Ingest Settings page.
  3. Click the Usm Users section.
  4. Click the plus (+) icon to add a USM user.
  5. In the Add USM User page, enter the username, and enable or disable the authentication and the privacy protocols by using the toggle button. .

    If you disable Authentication and Privacy, the protocol and the passphrase fields do not appear.

    Note:

    If you disable the Authentication protocol, the Privacy protocol cannot be enabled.
  6. Click Save to only save the configuration, or click Save and Deploy to deploy the configuration in Insights.

After adding USM users, you can configure the following details in the Edit Device-Name page in Device Configuration and Edit Device Group page in Device Group Configuration.

Table 2: Table 3: SNMP Configuration for Informs in Device Groups

Attributes

Description

SNMP

Version

You can set this field in Edit Device-Name page under Protocols > SNMP caret.

Select v3 from the menu.

Port (Devices only)

You can set this field in Edit Device-Name page under Protocols > SNMP caret.

Port number required for SNMP inform notifications. The standard port number for trap and inform notifications is 162.

Notification Ports (Device Groups only)

You can set this field in Edit Device Group page under Advanced > Ports > SNMP Notification Ports field.

Enter notification ports separated by comma.

Paragon Insights listens on the notification ports for traps and inform messages from device groups.

Context Engine ID (Devices only)

You can set this field in Edit Device-Name page under Protocols > SNMP caret.

This field appears if you selected v3 in Version field.

The Engine ID must be set to engine-id of the SNMP agent.

Source IP Address (Devices only)

You can set this field in Edit Device-Name page under Device Details ID > SNMP Source IPs caret.

This field appears if you selected v3 in SNMP Version field.

Enter the source IP address of the device. This field is optional.

If you use NAT or an SNMP Proxy, the virtual IP address you configure for the SNMP Proxy must be set as the source IP address.

Configure Port for Inform Notifications

By default, Paragon Insights listens for traps and informs in the standard SNMP trap port 162. If needed, you can change this port either at the global level (which is applicable to all device groups) or at the device group level applicable to a specific device group.

Port configured under ingest will apply to all device groups. Trap and Inform messages received through any other port are discarded.

To configure port number at the ingest level:

  1. Go to Configuration > Data Ingest > Settings in the left-nav bar.
  2. Select the SNMP Notification tab on the Ingest Settings page.
  3. In the Port section, enter the port number.
  4. Click Save to only save the configuration and Save and Deploy to deploy the configuration in Paragon Insights.

Port configured under device group will apply to only a specific device group. Traps and informs received through any other port are discarded. To configure port numbers at the device group level, see Table 1.

Configure a Rule for SNMP Notification

Once the device is configured to send traps or inform notification, you must configure a rule on the device with SNMP trap so that, Paragon Insights can process traps from the device. In device groups, you can apply a playbook instance that has the snmp-notification rule. When you configure SNMP notification in any rule, you must select the MIB name you want to monitor. Go to the Juniper MIB Explorer to browse MIB files for Junos OS devices and the Cisco MIB Locator to browse MIB files for Cisco devices.

The following example shows how you can configure a rule with SNMP notification to send alerts if an interface comes up for the chassis.interfaces/ topic.

Note:

It is assumed that you have configured the device or device group for SNMP trap notification. See Configure Trap Notifications to configure SNMP trap notifications in devices or device groups.

To configure a rule under topic chassis.interfaces/:

  1. Go to Configuration > Rules.
  2. Click the Add Rules button in the Rules page.

    Enter the rule name in the topic/rule-name format in the Rule field and description in the Description field. For example, chassis.interfaces/linkup.

  3. Click Add Sensor button in Sensors tab.
  4. Enter a name in the Sensor Name field and select SNMP Notification from the list in Sensor Type.
  5. Enter notification name in MIB-Name::Notification Name format.

    For example, IF-MIB::linkDown.

  6. Click Add Field button in the Fields tab.

    The fields for the SNMP Notification rule can be derived by any of the following methods:

    • Variables (varbinds) for the given trap name.

      The variables of the trap name can be defined as fields. The following steps use the example IfAdminStatus as varbind and IF-MIB:linkDown as the snmp-notification.

      1. Enter IfAdminStatus in the Field Name.

      2. Select Integer as Field Type.

        The Field Type you enter in the GUI must be same as the type defined in the MIB File.

      3. Select Sensor as Ingest Type (field source).

        The Ingest Type (field source) must be set to sensor.

      4. Select the sensor name from the list under Sensor.

        The sensor name is the name you entered for the snmp-notification sensor.

      5. Enter IfAdminStatus as sensor path.

        The Path must be set the to the variable (varbind) name defined in the MIB file.

      To add a second field for IfOperStatus as variable (varbind) for a given snmp-notification, follow the steps described above but change the field name and the sensor path to IfOperStatus.

    • Notification name as a field name.

      The SNMP notification name itself can be defined as field name to know which SNMP notification type is received. Some examples of SNMP Notification types are coldStart, warmStart, authenticationFailed, linkUp, and linkDown.

      The following steps use the example IfAdminStatus as varbind and IF-MIB:linkDown as the snmp-notification.

      1. Enter desired-name in the Field Name.

      2. Enter string as Field Type.

        The field type must be set to string.

      3. Select Sensor as Ingest Type (field source).

        The Ingest Type (field source) must be set to sensor.

      4. Select the sensor name from the list under Sensor.

        The sensor name is the name you entered for the snmp-notification sensor.

      5. Enter _notification_name as sensor path.

        The Path must be set to ’_notification_name’. _notification_name is a special path defined in Paragon Insights to get the notification name from the sensor data.

  7. Click Save to commit the rule or Save & Deploy to deploy the rule in Paragon Insights.

    You can see the new topic name and rule in the list of existing rules.

    You can also configure triggers or functions based on the fields you add. See how to create a rule in GUI as explained in Paragon Insights Rules and Playbooks.

You must include this rule in a playbook and apply the playbook's instance in a device or a device group.

To check the new SNMP notifications sent by device groups, log into Paragon Insights server as a root user and type the following command.

You can track new entries of SNMP trap notifications. The notifications are sent to the Paragon Insights server for the fields (for example, IfAdminStatus) you configured.

Related Documentation