在Cisco cEdge路由器上配置SNMPv3陷阱
简介
本文档介绍在cEdge路由器上使用vManage功能模板启用简单网络管理协议(SNMP)第3版陷阱的配置。
先决条件
要求
Cisco 建议您了解以下主题:
- Cisco SDWAN解决方案
- 基本了解SNMP
使用的组件
本文档中的信息基于以下软件和硬件版本:
- 运行16.12.3的思科云服务路由器1000V(CSR1000v)路由器
- 运行19.2.2的vManage版本。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
配置
配置
在vManage上:
步骤1.要创建SNMP功能模板,请导航至CONFIGURATION > TEMPLATES > Feature Template > SNMP。
输入模板名称和说明,后跟SNMP no-shutdown,如下图所示。
步骤2.选择SNMP版本。在本例中为第3版。
步骤3.创建SNMP陷阱组并填入陷阱模块,如下图所示。
步骤4.创建SNMP陷阱目标服务器。
此处使用mgmt-intf虚拟路由转发(VRF)来获取SNMP陷阱。
interface GigabitEthernet1
vrf forwarding Mgmt-intf
ip dhcp client default-router distance 1
ip address dhcp
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
end
步骤5.创建SNMP视图并添加SNMP对象标识符(OID)。
步骤6.创建SNMP组,并将之前创建的SNMP视图附加到组。
步骤7.添加SNMPv3用户,如本图所示。
步骤8.将SNMP功能模板附加到设备模板的附加模板部分:
步骤9.将设备模板连接到相应设备。
验证
在cEdge上:
启用以下调试:
debug snmp packets
debug snmp detail生成SNMP陷阱:test snmp trap config
cEdge#test snmp trap config
Generating CONFIG-MAN-MIB Trap
cEdge#
Aug 19 14:26:03.124: SNMP: Queuing packet to 10.48.35.219
Aug 19 14:26:03.124: SNMP: V2 Trap, reqid 5563, errstat 0, erridx 0
sysUpTime.0 = 233535801
snmpTrapOID.0 = ciscoConfigManEvent
ccmHistoryEventCommandSource.2 = 1
ccmHistoryEventConfigSource.2 = 2
ccmHistoryEventConfigDestination.2 = 2
ccmHistoryEventTerminalUser.2 = test
Aug 19 14:26:03.374: SNMP: Packet sent via UDP to 10.48.35.219这里注意到,SNMP陷阱已发送到服务器10.48.35.219。
数据包捕获:
有时,您可能会注意到“CheckMIBView:OID不在MIB视图中。” 调试中出错。
验证上述SNMP视图配置并向其添加OID(例如:1.3.6.1.4.1)。
故障排除
debug snmp detail
debug snmp packets
cEdge#test snmp trap config
Generating CONFIG-MAN-MIB Trap
SPOKE-8#CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
CheckMIBView: OID is in MIB view.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
SrCheckNotificationFilter: OID is included.
Aug 19 14:30:16.527: SNMP: Queuing packet to 10.48.35.219Sr_send_trap: trap sent to 10.48.35.219:161:Mgmt-intf
Aug 19 14:30:16.527: SNMP: V2 Trap, reqid 5564, errstat 0, erridx 0
sysUpTime.0 = 233561141
snmpTrapOID.0 = ciscoConfigManEvent
ccmHistoryEventCommandSource.2 = 1
ccmHistoryEventConfigSource.2 = 2
ccmHistoryEventConfigDestination.2 = 2
ccmHistoryEventTerminalUser.2 = test
SrV2GenerateNotification:Function has reached clean up routine.
Aug 19 14:30:16.777: SNMP: Packet sent via UDP to 10.48.35.219
cEdge#sh snmp | i sent
Logging to 10.48.35.219.161, 0/10, 3316 sent, 2039 dropped.
cEdge#sh snmp user
User name: SNMP_V3_USER_VMANAGE
Engine ID: 766D616E6167652D0A151515
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: SNMP-GRP-VMANAGE
cEdge#show snmp group
groupname: ILMI security model:v1
contextname:
storage-type: permanent readview : *ilmi writeview: *ilmi notifyview:
row status: active groupname: ILMI security model:v2c contextname:
storage-type: permanent readview : *ilmi writeview: *ilmi notifyview:
row status: active groupname: SNMP-GRP-VMANAGE security model:v3 priv contextname:
storage-type: nonvolatile readview : SNMP-VIEW_VMANAGE writeview:
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F row status: active groupname: SNMP_V3_USER_VMANAGE security model:v3 priv contextname:
storage-type: nonvolatile readview :
writeview:
notifyview: *tv.FFFFFFFF.FFFFFFFF.FFFFFFFF.F row status: active
相关信息
- Cisco IOS和IOS-XE的嵌入式数据包捕获配置示例
- 使用 SNMP 陷阱
- SNMP对象导航器
- 技术支持和文档 - Cisco Systems
反馈