Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

Netsight: How to configure a D, C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch

« Go Back

Information

 
TitleNetsight: How to configure a D, C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch
Objective
How to configure a C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch
Environment
  • Netsight v6.x
  • Netsight v7.x
  • C-Series switches
  • S-Series switches
  • D-Series switches
Procedure
We will configure a user called 'v3admin' on both Netsight and within the snmp configuration on the switch to send/receive v3 traps using MD5/DES (with passwords AuthPass and PrivPAss)
 
1.  Telnet to the switch
2.  Create the user:
set snmp user v3admin authentication md5 AuthPass: privacy PrivPass
 
3.  Create the group:
set snmp group v3adminGroup user v3admin security-model usm

4.  create the group access:
set snmp access v3adminGroup security-model usm privacy exact read All write All notify All nonvolatile
 
5.  create the notify line for trap (if it does not already exist):
set snmp notify TVTrapTag tag TVTrapTag

6.  create the target params:
set snmp targetparams v3adminParam user v3admin security-model usm message-processing v3 privacy nonvolatile

7.  create the target address:
set snmp targetaddr v3adminAddr x.x.x.x param v3adminParam taglist TVTrapTag

where x.x.x.x is the IP address of the Netsight/Extreme Management Center server.

Next, we will test to ensure that the trap is sent by the switch and received by Netsight:
 
8.  ssh to the netsight machine.
9.  run the command (and leave it running):
tcpdump -i eth0 port 162 and host z.z.z.z
 
where z.z.z.z is the IP of the switch.
 
10.  Launch MibTools:  Right mouse on device and select Mib Tools.
User-added image

11.  Within Mib Tools, enter the IP address in the IP field.  Select  Use SNMPv1 in the protocol field, and change the community string to an invalid string that does not exist. Then press the Query button. For example:
User-added image
 
    
11.  You should see the trap in the tcpdump output from our Mib Tool test.   For example:
 
# tcpdump -i eth0 port 162 and host 10.58.107.7

14:13:32.188996 IP 10.58.107.7.43755 > NetSight60.ets.enterasys.com.snmp-trap:
F=ap U=keith [!scoped PDU]62_26_f9_c1_4d_0b_b0_bb_7a_a6_be_87_0a_c5_c2_74_0d_6f_
1e_57_f5_50_d6_8d_f7_89_97_12_04_a3_ea_03_55_95_2e_b3_15_9c_56_50_a7_13_a7_cb_97
_45_34_a0_c7_e2_5b_9b_93_78_09_d6_e0_11_aa_b7_1c_59_2c_cb_94_4d_4b_1d_79_de_83_b
d_b1_8e_11_06_56_d8_c0_35_f0_ea_b1_72_ca_2e_a9_92_37_04_4b_80_f9_d8_9f_64_59_86_
3e_25_57_50_0e_d9_4f_aa_1e_76_33_ea_7d_29_34_aa_0d_14_7d_97_d1_14_1f_cd_15_7a_e4
_9c_91_1a_c2_60_9c_0d_56_1e_61_1f_77_ae_8a_ea_c9_54_3b_b0_4d_78_fc_02_7b_59_ae_b
4_ca_42_ba_fe_bc_42_6e_2d_ae_0d_da_78_11_7b_25_00

If the trap is not shown in the tcpdump output, review the targetaddr and target-params line within the SNMP configuration on the switch we configured in steps 6 and 7 above.

12.  Once the trap is sent from the switch and seen on Netsight via tcpdump, we can now configure Netsight to parse the trap

13.   Create profile for the ‘v3admin’ user we created on the switch.  To create the profile, select the Tools menu and then Authorization/Device Access
User-added image

14.  Select the Profiles/Credentials tab
User-added image
15.  Select the SNMP Credential tab and then select 'Add Credential'
User-added image

16.  Enter the SNMP credentials  for v3admin user we created on the switch in step #1.
Using the example in this document, the user would be v3admin, md5 would be AuthPass, and DES would be PrivPass.  For example:
User-added image

17.  Click 'OK'
18.  Select the Profiles/Credentials tab and then 'Add profile'.
User-added image

19.  Enter in the profile information, using the v3admin SNMP credentials and AuthPriv for each entry.  For example:
User-added image

20.  Click the 'OK' button. And then 'Close'
21.  Within Netsight Console, right mouse on the device in the device tree, and select the Trap Receiver Configuration menu option: 
User-added image 

22.  Click on the snmptrapd tab.
23.  Click the 'GetEngine id' button.  
24.  Click on 'Credential' column and select the profile for this device create in step number 1.
25.  Click the 'Add to File' button'
26.  Click the 'Save button'.
User-added image 
Note the createUser line highlighted in the about screenshot.  This line will contain the user, engineID and passwords for the SNMP v3 authentication when performing steps 22 through 26.

27.  ssh to the Netsight server machine, and run the following two commands:
 
/etc/init.d/nssnmptrapd stop
/etc/init.d/nssnmptrapd start



The configuration is now complete.  You can then Repeat the Mib Tools test above to generate an invalid  authorization trap to confirm the switch sends the trap to Netsight, and Netsight displays it in the trap window.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255