SNMP traps and NMS

• February 11, 2010
• Technology  
• CCIE  
• SNMP Traps  

I was just playing around with some switching labs.

As i was doing this, i ran into configuring SNMP, sending traps when mac-addresses was added/removed, and all sorts of other things. I could (as in the lab) just set the IP address of the NMS (Network Management System), but i wanted to actually make sure that these were being picked up correctly by an NMS.

I scoured the net, trying to find some sort of application (that was free, as i only wanted it for this purpose). I downloaded 4 for my Windows 7 workstation, but none of them actually worked.

I then looked at putting something up on my Gnu/Linux box. And low and behold, it was available :). I just needed a few tweaks to get it up and running.

My Gnu/Linux box is running Debian, so i will only show what i did to get it running on this platform.

Install the software:

I installed these two packages (you might only need one, i havent checked):

apt-get install snmp
apt-get install snmpd

It runs through the installation steps.

I then did a:

snmptrapd --install

To get the trap “deamon” up and running.

So, at this point we got the tools we need up and running. However, per default it wont accept any “unauthorized” traps. We need to modify this (and bear in mind that i have no concerns regarding security whatsoever 🙂 )

pico /etc/snmp/snmptrapd.conf

Add this line to the end of the file:

disableAuthorization yes

Lets kill the process and restart it:

killall -9 snmptrapd

And now lets restart it:

snmptrapd -Ls 7

Now you can watch the SNMP traps being sent to your NMS by watching the syslog:

tail -f /var/log/syslog

Example:

Feb 11 18:17:18 nms snmptrapd[8987]: 2010-02-11 18:17:18 10.0.0.60(via UDP: [10.0.0.60]:51927) TRAP, SNMP v1, community public ^ISNMPv2-SMI::enterprises.9.9.41.2 Enterprise Specific Trap (1) Uptime: 10:19:17.29 ^ISNMPv2-SMI::enterprises.9.9.41.1.2.3.1.2.5 = STRING: "LINK"^ISNMPv2-SMI::enterprises.9.9.41.1.2.3.1.3.5 = INTEGER: 4^ISNMPv2-SMI::enterprises.9.9.41.1.2.3.1.4.5 = STRING: "UPDOWN"^ISNMPv2-SMI::enterprises.9.9.41.1.2.3.1.5.5 = STRING: "Interface FastEthernet0/23, changed state to down"^ISNMPv2-SMI::enterprises.9.9.41.1.2.3.1.6.5 = Timeticks: (3715729) 10:19:17.29

As you can see, the event that occured was that the f0/23 interface on my switch changed state to down.

Hope this was some use for someone. At least save you the trouble of finding a tool to receive SNMP traps.