SNMP Informs with IPv6 Address over User Defined VRF
Snmpwalk is performed by using IPv6 address. SNMP trap server is configured on the Router with IPv6 address.
Topology
Shows the sample configuration of SNMP trap server.
Figure 49. SNMP trap server topology
R1
|
#configure terminal |
Enter configure mode. |
|
(config)#ip vrf snmp-vrf |
Creates a user-defined vrf called snmp-vrf |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
|
(config)#snmp-server view all .1 included vrf snmp-vrf |
Configure SNMP server view |
|
(config)#snmp-server view test1 1.3.6.1 included vrf snmp-vrf |
Configure SNMP server view |
|
(config)# snmp-server user newv3user auth sha AuthNewPass@123 priv aes PrivNewPass@123 vrf snmp-vrf |
Configure SNMP server user |
|
(config)#snmp-server community test group network-operator vrf snmp-vrf |
Configure SNMP server community |
|
(config)#snmp-server community test1 group network-admin vrf snmp-vrf |
Configure SNMP server community |
|
(config)# snmp-server host 8901:DB8:0:1::1 informs version 3 auth newv3user udp-port 60000 vrf snmp-vrf host-vrf snmp-vrf |
Configure SNMP informs server with IPV6 address from a user-defined VRF |
|
(config)#interface xe0.6 |
Navigate to the interface mode |
|
(config-if)#ipv6 address 8901:db8:0:1::2/64 |
Configure IPv6 address on the xe0.6 sub vlan interface |
|
(config-if)#exit |
Exit interface configure mode |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
|
(config)#exit |
Exit configure mode |
Validation
Below is the SNMP configuration in Router node:
#show running-config snmp
snmp-server view all .1 included vrf snmp-vrf
snmp-server view newview 1.3.6.1.2.1.6.13.1.1.127.0.0.1 excluded vrf snmp-vrf
snmp-server view test1 1.3.6.1 included vrf snmp-vrf
snmp-server user newv3user auth sha encrypt 0xd01d08043ea89bd3f77ccf8992973502 priv aes 0x7517e1def71063d7f77ccf8992973502 vrf snmp-vrf
snmp-server community newcom group network-operator vrf snmp-vrf
snmp-server community test group network-operator vrf snmp-vrf
snmp-server community test1 group network-admin vrf snmp-vrf
snmp-server host 172.18.19.22 traps version 2c newcom udp-port 162 vrf snmp-vrf
snmp-server host 172.18.19.20 informs version 3 auth newv3user udp-port 65535 vrf snmp-vrf
snmp-server host 8901:db8:0:1::1 informs version 3 auth newv3user udp-port 60000 vrf snmp-vrf
snmp-server enable snmp vrf snmp-vrf
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
snmp-server enable traps link include-interface-name
snmp-server enable traps vxlan
snmp-server enable traps pwdelete
snmp-server enable traps pw
snmp-server enable traps mpls
snmp-server enable traps mplsl3vpn
snmp-server enable traps snmp authentication
snmp-server enable traps ospf
snmp-server enable traps bgp
snmp-server enable traps ospf6
snmp-server enable traps vrrp
snmp-server enable traps rsvp
snmp-server enable traps rib
snmp-server enable traps isis
snmp-server enable traps pim
#show ipv6 interface xe0.6 brief
Interface IPv6-Address Admin-Status
xe0.6 8901:db8:0:1::2
fe80::5e07:58ff:fe51:caea [up/up]Perform snmpwalk as mentioned below with IPv6 address using SNMPv3
snmpwalk -v3 -u newv3user -a SHA -A AuthNewPass@123 -x AES -X PrivNewPass@123 -l authPriv 8901:DB8:0:1::2 .1.3.6.1.2.1.25.3.8.1.8 -m allPerform snmpwalk as mentioned below with IPv6 address using SNMPv2
snmpwalk -v2c -c newcom 8901:DB8:0:1::2 -t 5 -r 20 1.3.6.1.2.1.31 -Cp -Ct -m allPerform snmpwalk as mentioned below with IPv6 address using SNMPv1
snmpwalk -v1 -c newcom 8901:DB8:0:1::2 -t 5 -r 20 1.3.6.1.2.1.31 -Cp -Ct -m all
#show snmp trap
-------------------------------------------------
Trap type Description Enabled
---------------------------------------------------
link linkUp yes
link linkDown yes
link linkWithIfname yes
vxlan notification yes
mpls notification yes
mpls pw yes
mpls pw delete yes
mpls-l3vpn notification yes
ospf notification yes
ospf6 notification yes
isis notification yes
snmp authentication yes
mpls rsvp yes
pim notification yes
vrrp notification yes
rib notification yes
bgp notification yesAs mentioned above, perform link down and link up of any interface in Router node. Check that SNMP trap is sent.
SYSLOG MESSAGES OVER SNMP TRAPS
Topology
Shows the sample configuration of SNMP trap server.
R1
|
#configure terminal |
Enter configure mode. |
|
(config)# snmpserver enable traps syslog |
Enable sending syslog messages over SNMP |
|
(config)# logging snmp-traps 7 |
Configure severity to select syslog messages sent over the SNMP |
|
(config)# logging remote facility local4 |
Configure facility to select syslog messages sent over SNMP |
|
(config)#snmp-server community test group network-operator vrf snmp-vrf |
Configure SNMP server community |
|
(config)# snmp-server host 8901:DB8:0:1::1 informs version 3 auth newv3user udp-port 60000 vrf snmp-vrf host-vrf snmp-vrf |
Configure SNMP informs server with IPv4 address from a user-defined VRF |
|
(config)#interface xe0.6 |
Navigate to the interface mode |
|
(config-if)#ipv6 address 172.18.19.21/64 |
Configure IPv6 address on the xe0.6 sub vlan interface |
|
(config-if)#exit |
Exit interface configure mode |
|
(config)#commit |
Commit the candidate configuration to the running configuration |
|
(config)#exit |
Exit configure mode |
Validation
Following is the SNMP configuration in Router node:
#show running-config snmp
snmp-server view all .1 included vrf snmp-vrf
snmp-server community test group network-operator vrf snmp-vrf
snmp-server host 172.18.19.20 informs version 2c test udp-port 5555 vrf snmp-vrf host-vrf snmp-vrf
snmp-server enable snmp vrf snmp-vrf
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
snmp-server enable traps link include-interface-name
snmp-server enable traps vxlan
snmp-server enable traps pwdelete
snmp-server enable traps pw
snmp-server enable traps mpls
snmp-server enable traps mplsl3vpn
snmp-server enable traps snmp authentication
snmp-server enable traps ospf
snmp-server enable traps bgp
snmp-server enable traps ospf6
snmp-server enable traps vrrp
snmp-server enable traps rsvp
snmp-server enable traps rib
snmp-server enable traps isis
snmp-server enable traps pim
snmp-server enable traps syslog
#show ipv6 interface xe0.6 brief
Interface IP-Address Admin-Status Link-Status
xe0.6 172.18.19.21 up up
Perform a config-sync check from node and listen to the SNMP traps on the host via tcpdump:
S9600-28DX-1-5B#debug cml enable all
S9600-28DX-1-5B#cml config-sync check
2025 Feb 14 05:24:32 : S9600-28DX-1-5B : CMLSH : INFO : [CML_5]: Checking DB, this may take some time, please wait...
# tcpdump -i any -n port 5555
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
04:35:50.714406 IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP
User Datagram Protocol, length 268
04:35:50.714461 ethertype IPv4, IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
04:35:50.714461 IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
04:35:50.812648 ethertype IPv4, IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
04:35:50.812648 IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
04:35:50.813292 ethertype IPv4, IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
04:35:50.813292 IP 172.18.19.21.37155 > 172.18.19.20.5555: UDP, length 268
SNMP Traps Through different VRFs
From OcNOS 6.6.0 release onwards, SNMP traps can sent out through different VRFs.
The following example demonstrates that SNMP is configured in the management VRF, but traps can be sent from both the management and user_vrf1 VRFs. However, SNMP walk/get operations can only be performed on the management VRF.
|
#configure terminal |
Enter configure mode. |
|
(config)#ip vrf user_vrf1 |
Creates a user-defined vrf called user_vrf1 |
|
(config)#snmp-server view all .1 included vrf management |
Configure SNMP server view |
|
(config)#snmp-server enable snmp vrf management |
Enable SNMP on management VRF |
|
(config)#snmp-server community RegularTest group network-operator vrf management |
Configure SNMP community |
|
(config)#snmp-server location vrf management "Ottawa" |
Configure location information |
|
(config)#snmp-server contact vrf management "test@ipinfusion.com +1 819 776 6066" |
Configure contact information |
|
(config)#snmp-server host 172.29.7.144 traps version 2c RegularTest udp-port 3062 vrf management host-vrf management |
Configure SNMP host on management VRF |
|
(config)#snmp-server host 172.29.8.144 traps version 2c RegularTest udp-port 3062 vrf management host-vrf user_vrf1 |
Configure SNMP host on user-defined vrf user_vrf1 |
Similarly, SNMP service can be enabled on any one VRF, while the SNMP host can be configured on another VRF. SNMP traps/informs can be sent from the VRF configured for the host, but SNMP walk/get operations can only be performed on the VRF where the SNMP service is enabled. This applies to combinations of user-defined VRFs, the default VRF, and the management VRF.
Validation
#show running-config snmp
snmp-server view all .1 included vrf management
snmp-server community RegularTest group network-operator vrf management
snmp-server host 172.29.7.144 traps version 2c RegularTest udp-port 3062 vrf management host-vrf management
snmp-server host 172.29.8.144 traps version 2c RegularTest udp-port 3062 vrf management host-vrf user_vrf1
snmp-server location vrf management "Ottawa"
snmp-server contact vrf management "test@ipinfusion.com +1 819 776 6066"
snmp-server enable snmp vrf management
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
#show snmp host
---------------------------------------------------------------------------------------------------------------
Host Port Version Level Type SecName VRF
---------------------------------------------------------------------------------------------------------------
172.29.7.144 3062 2c noauth trap RegularTest management
172.29.8.144 3062 2c noauth trap RegularTest user_vrf1