We will configure a user called 'v3admin' on both Netsight and within the snmp configuration on the switch to send/receive v3 traps using MD5/DES (with passwords AuthPass and PrivPAss)
1. Telnet to the switch
2. Create the user:
set snmp user v3admin authentication md5 AuthPass: privacy PrivPass
3. Create the group:
set snmp group v3adminGroup user v3admin security-model usm
4. create the group access:
set snmp access v3adminGroup security-model usm privacy exact read All write All notify All nonvolatile
5. create the notify line for trap (if it does not already exist):
set snmp notify TVTrapTag tag TVTrapTag
6. create the target params:
set snmp targetparams v3adminParam user v3admin security-model usm message-processing v3 privacy nonvolatile
7. create the target address:
set snmp targetaddr v3adminAddr x.x.x.x param v3adminParam taglist TVTrapTag
Next, we will test to ensure that the trap is sent by the switch and received by Netsight:
where x.x.x.x is the IP address of the Netsight/Extreme Management Center server.
8. ssh to the netsight machine.
9. run the command (and leave it running):
tcpdump -i eth0 port 162 and host z.z.z.z
where z.z.z.z is the IP of the switch.
10. Launch MibTools: Right mouse on device and select Mib Tools.
11. Within Mib Tools, enter the IP address in the IP field. Select Use SNMPv1 in the protocol field, and change the community string to an invalid string that does not exist. Then press the Query button. For example:
11. You should see the trap in the tcpdump output from our Mib Tool test. For example:
# tcpdump -i eth0 port 162 and host 10.58.107.7
14:13:32.188996 IP 10.58.107.7.43755 > NetSight60.ets.enterasys.com.snmp-trap:
F=ap U=keith [!scoped PDU]62_26_f9_c1_4d_0b_b0_bb_7a_a6_be_87_0a_c5_c2_74_0d_6f_
If the trap is not shown in the tcpdump output, review the targetaddr and target-params line within the SNMP configuration on the switch we configured in steps 6 and 7 above.
12. Once the trap is sent from the switch and seen on Netsight via tcpdump, we can now configure Netsight to parse the trap
13. Create profile for the ‘v3admin’ user we created on the switch. To create the profile, select the Tools menu and then Authorization/Device Access
14. Select the Profiles/Credentials tab
15. Select the SNMP Credential tab and then select 'Add Credential'
16. Enter the SNMP credentials for v3admin user we created on the switch in step #1.
Using the example in this document, the user would be v3admin, md5 would be AuthPass, and DES would be PrivPass. For example:
17. Click 'OK'
18. Select the Profiles/Credentials tab and then 'Add profile'.
19. Enter in the profile information, using the v3admin SNMP credentials and AuthPriv for each entry. For example:
20. Click the 'OK' button. And then 'Close'
21. Within Netsight Console, right mouse on the device in the device tree, and select the Trap Receiver Configuration menu option:
22. Click on the snmptrapd tab.
23. Click the 'GetEngine id' button.
24. Click on 'Credential' column and select the profile for this device create in step number 1.
25. Click the 'Add to File' button'
26. Click the 'Save button'.
Note the createUser line highlighted in the about screenshot. This line will contain the user, engineID and passwords for the SNMP v3 authentication when performing steps 22 through 26.
27. ssh to the Netsight server machine, and run the following two commands:
The configuration is now complete. You can then Repeat the Mib Tools test above to generate an invalid authorization trap to confirm the switch sends the trap to Netsight, and Netsight displays it in the trap window.