Configure SNMPv3 Trap on Cisco cEdge Router

Introduction

This document describes the configuration to enable Simple Network Management Protocol (SNMP) version 3 traps using a vManage feature template on a cEdge router.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• Cisco SDWAN solution
• Basic understanding of SNMP

Components Used

The information in this document is based on these software and hardware versions:

• Cisco Cloud Services Router 1000V  (CSR1000v) router running 16.12.3 
• vManage version running 19.2.2.
  
  

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Note: cEdges in general do not need trap-groups. In vManage versions 20.x and later cEdge and vEdge templates are separate, dependency of having a trap-group is no more present. 

Configure

Configurations

On vManage:

Step 1. In order to create an SNMP feature template, navigate to CONFIGURATION > TEMPLATES > Feature Template > SNMP.

Enter a template name and description followed with SNMP no-shutdown, as shown in this image.

Step 2. Select the SNMP version. In this case - version 3.

Step 3. Create SNMP Trap Group and fill in trap modules, as shown in this image.

Step 4. Create an SNMP trap target server.

Here mgmt-intf Virtual Routing Forwarding (VRF) for sourcing SNMP traps is used.

interface GigabitEthernet1
vrf forwarding Mgmt-intf
ip dhcp client default-router distance 1
ip address dhcp
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
end

Step 5. Create SNMP View and add SNMP Object Identifier (OID).

Step 6. Create SNMP Group and attach previously created SNMP view to it.

Step 7. Add SNMPv3 user, as shown in this image.

Step 8. Attach the SNMP feature template in the additional template section of device template:

Step 9. Attach the device template to the respective device.

Verify

On cEdge:

Enable these debugs:

debug snmp packets
debug snmp detail

Generate SNMP trap: test snmp trap config

cEdge#test snmp trap config
Generating CONFIG-MAN-MIB Trap
cEdge#
Aug 19 14:26:03.124: SNMP: Queuing packet to 10.48.35.219
Aug 19 14:26:03.124: SNMP: V2 Trap, reqid 5563, errstat 0, erridx 0
sysUpTime.0 = 233535801
snmpTrapOID.0 = ciscoConfigManEvent
ccmHistoryEventCommandSource.2 = 1
ccmHistoryEventConfigSource.2 = 2
ccmHistoryEventConfigDestination.2 = 2
ccmHistoryEventTerminalUser.2 = test
Aug 19 14:26:03.374: SNMP: Packet sent via UDP to 10.48.35.219

Here it is noticed that the SNMP trap is sent to the server 10.48.35.219.

Packet capture:

Sometimes, you may notice "CheckMIBView: OID not in MIB view." error in debugs.

Verify the SNMP view configuration above and add OID to it  (for example: 1.3.6.1.4.1).

Troubleshoot

debug snmp detail 
debug snmp packets

cEdge#test snmp trap config
Generating CONFIG-MAN-MIB Trap
SPOKE-8#CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.

Aug 19 14:30:16.527: SNMP: Queuing packet to 10.48.35.219Sr_send_trap: trap sent to 10.48.35.219:161:Mgmt-intf

Aug 19 14:30:16.527: SNMP: V2 Trap, reqid 5564, errstat 0, erridx 0
sysUpTime.0 = 233561141
snmpTrapOID.0 = ciscoConfigManEvent
ccmHistoryEventCommandSource.2 = 1
ccmHistoryEventConfigSource.2 = 2
ccmHistoryEventConfigDestination.2 = 2
ccmHistoryEventTerminalUser.2 = test
SrV2GenerateNotification:Function has reached clean up routine.

Aug 19 14:30:16.777: SNMP: Packet sent via UDP to 10.48.35.219



cEdge#sh snmp | i sent
Logging to 10.48.35.219.161, 0/10, 3316 sent, 2039 dropped.


cEdge#sh snmp user

User name: SNMP_V3_USER_VMANAGE
Engine ID: 766D616E6167652D0A151515
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: SNMP-GRP-VMANAGE


cEdge#show snmp group
groupname: ILMI security model:v1
contextname: <no context specified> storage-type: permanent
readview : *ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active

groupname: ILMI security model:v2c
contextname: <no context specified> storage-type: permanent
readview : *ilmi writeview: *ilmi
notifyview: <no notifyview specified>
row status: active

groupname: SNMP-GRP-VMANAGE security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : SNMP-VIEW_VMANAGE writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active

groupname: SNMP_V3_USER_VMANAGE security model:v3 priv
contextname: <no context specified> storage-type: nonvolatile
readview : <no readview specified> writeview: <no writeview specified>
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F
row status: active

Related Information

• Embedded Packet Capture for Cisco IOS and IOS-XE Configuration Example
• Use SNMP Traps
• SNMP Object Navigator
• Technical Support & Documentation - Cisco Systems