Reset Search



Netsight: How to configure a D, C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch

« Go Back


TitleNetsight: How to configure a D, C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch
How to configure a C or S Series switch to send a SNMP v3 trap to Netsight, and have Netsight correctly log the trap for that switch
  • Netsight v6.x
  • Netsight v7.x
  • C-Series switches
  • S-Series switches
  • D-Series switches
We will configure a user called 'v3admin' on both Netsight and within the snmp configuration on the switch to send/receive v3 traps using MD5/DES (with passwords AuthPass and PrivPAss)
1.  Telnet to the switch
2.  Create the user:
set snmp user v3admin authentication md5 AuthPass: privacy PrivPass
3.  Create the group:
set snmp group v3adminGroup user v3admin security-model usm

4.  create the group access:
set snmp access v3adminGroup security-model usm privacy exact read All write All notify All nonvolatile
5.  create the notify line for trap (if it does not already exist):
set snmp notify TVTrapTag tag TVTrapTag

6.  create the target params:
set snmp targetparams v3adminParam user v3admin security-model usm message-processing v3 privacy nonvolatile

7.  create the target address:
set snmp targetaddr v3adminAddr x.x.x.x param v3adminParam taglist TVTrapTag

where x.x.x.x is the IP address of the Netsight/Extreme Management Center server.

Next, we will test to ensure that the trap is sent by the switch and received by Netsight:
8.  ssh to the netsight machine.
9.  run the command (and leave it running):
tcpdump -i eth0 port 162 and host z.z.z.z
where z.z.z.z is the IP of the switch.
10.  Launch MibTools:  Right mouse on device and select Mib Tools.
User-added image

11.  Within Mib Tools, enter the IP address in the IP field.  Select  Use SNMPv1 in the protocol field, and change the community string to an invalid string that does not exist. Then press the Query button. For example:
User-added image
11.  You should see the trap in the tcpdump output from our Mib Tool test.   For example:
# tcpdump -i eth0 port 162 and host

14:13:32.188996 IP >
F=ap U=keith [!scoped PDU]62_26_f9_c1_4d_0b_b0_bb_7a_a6_be_87_0a_c5_c2_74_0d_6f_

If the trap is not shown in the tcpdump output, review the targetaddr and target-params line within the SNMP configuration on the switch we configured in steps 6 and 7 above.

12.  Once the trap is sent from the switch and seen on Netsight via tcpdump, we can now configure Netsight to parse the trap

13.   Create profile for the ‘v3admin’ user we created on the switch.  To create the profile, select the Tools menu and then Authorization/Device Access
User-added image

14.  Select the Profiles/Credentials tab
User-added image
15.  Select the SNMP Credential tab and then select 'Add Credential'
User-added image

16.  Enter the SNMP credentials  for v3admin user we created on the switch in step #1.
Using the example in this document, the user would be v3admin, md5 would be AuthPass, and DES would be PrivPass.  For example:
User-added image

17.  Click 'OK'
18.  Select the Profiles/Credentials tab and then 'Add profile'.
User-added image

19.  Enter in the profile information, using the v3admin SNMP credentials and AuthPriv for each entry.  For example:
User-added image

20.  Click the 'OK' button. And then 'Close'
21.  Within Netsight Console, right mouse on the device in the device tree, and select the Trap Receiver Configuration menu option: 
User-added image 

22.  Click on the snmptrapd tab.
23.  Click the 'GetEngine id' button.  
24.  Click on 'Credential' column and select the profile for this device create in step number 1.
25.  Click the 'Add to File' button'
26.  Click the 'Save button'.
User-added image 
Note the createUser line highlighted in the about screenshot.  This line will contain the user, engineID and passwords for the SNMP v3 authentication when performing steps 22 through 26.

27.  ssh to the Netsight server machine, and run the following two commands:
/etc/init.d/nssnmptrapd stop
/etc/init.d/nssnmptrapd start

The configuration is now complete.  You can then Repeat the Mib Tools test above to generate an invalid  authorization trap to confirm the switch sends the trap to Netsight, and Netsight displays it in the trap window.
Additional notes



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255