Configuring SNMP for gateway monitoring

The SNMP service, when configured for an agent, generates trap messages that are sent to a trap destination, if any specific events occur. This section describes how to configure the gateway as an SNMP agent and how to enable SNMP traps.

This page describes how to set up the gateway as an SNMP agent and how to configure SNMP traps on the gateway. See Configuring SNMP notifications for details about configuring notifications and sending traps to a syslog server.

Supported SNMP groups and traps

MIB-II defines variables for things such as interface statistics as well as other things pertaining to the system itself. The main goal of MIB-II is to provide general TCP/IP management info. The Blue Cedar Connect Gateway supports a subset of MIB-II (RFC-1213), specifically the following groups:

Group	Description
system	Defines a list of objects that pertain to system operation, such as system uptime, system contact, system location, and system name.
interfaces	Keeps track of the status of each interface on the managed device. This group monitors which interfaces are up or down, octets sent/received, errors, discards, and so on.
ip	Keeps track of many aspects of IP, including IP routing.
icmp	Tracks things such as ICMP errors, discards, and so on.
tcp	Tracks the TCP connection state, for example, closed, listen, synSent, and so on.
udp	Tracks UDP statistics, datagrams in and out.
snmp	Measures the performance of the underlying SNMP implementation, such as SNMP packets sent and received.

The gateway supports SNMPv2c notifications, also known as traps. Traps are asynchronous events sent by the gateway to an NMS (Network Management Server):

Link up/down (interfaces up/down)
Unauthorized access attempts to the SNMP daemon running on the VA
CPU Utilization (threshold setting)
Disk Utilization (threshold setting)
Memory Utilization (threshold setting)

Configuring the gateway as an SNMP agent

The gateway supports SNMPv2c unidirectional read-only access (get, get next, and get bulk requests), thus it is unnecessary to define community strings for read/write access.

Enable the SNMP engine, including the version:

BASH

% set system snmp engine enable true version v2c
% commit

Configure device parameters to identify the gateway.

Parameter	Configuration command
Contact. Primary contact for the gateway.	Syntax BASH `% set system snmp managed-device contact string` Example BASH `% set system snmp managed-device contact jsmith@acme.com`
Location. A string describing the location of the gateway. Could be a physical location or another identifier.	Syntax BASH `% set system snmp managed-device location string` Example BASH `% set system snmp managed-device location Marlborough,MA`
Authentication trap. Flag to indicate whether you want to receive "authentication failure" traps when a remote user tries to connect via SNMP to your Blue Cedar Connect Gateway with an invalid community string. Default: false	Example BASH `% set system snmp managed-device auth-trap-enable true % commit`
Hostname. Set the system name when the device is configured (independent of SNMP configuration). See Setting the gateway hostname.	Syntax BASH `% set system hostname string`

Create a local SNMP endpoint.

A default SNMP engine listens on the management interface, ethernet0. This command allows you to specify an IP address along with the preferred SNMP port number. The gateway supports at most one UDP listen and/or one TCP listen config.

Syntax

BASH

% set system snmp engine listen list-entry transport protocol port port-number

For example:

Example

BASH

% set system snmp engine listen NMS_Server transport udp port 161
% commit

Listen option

Description

transport

Protocol to use to receive/send SNMP messages.

Valid values: UDP, TCP

Default: UDP

port port

Port on which the engine listens.

Default: 161

Configure the community string. The community string is basically a clear text password. The default is "public" so it is important to change this.

Note: There is no limit to the number of community strings you may configure.

Syntax

BASH

% set system snmp community community-name text-name community-string

Example

BASH

% set system snmp community connect-gateway text-name bcgateway-public
% commit

Configuring SNMP traps on the gateway

Most network management servers (NMS) can query SNMP agents (such as the Blue Cedar Connect Gateway) and receive asynchronous notifications (that is, traps) from the agent (Gateway). The Inform Request is an SNMPv2c mechanism for sending a report and receiving a response—thus acknowledging the trap.

Inform Requests require the following parameters to be configured on the Blue Cedar Connect Gateway; follow these steps to set up a Target Entry (named "nms-acme" in these examples).

Parameter	Description
timeout	Number of seconds the gateway should wait for an acknowledgement from the NMS before resending a trap. Default 0. If this value is set to 0, then Inform Requests are not sent, and a trap is sent once with no guarantee of NMS receiving it. BASH `% set system snmp target nms-acme timeout 3`
retries	Maximum number of times the gateway attempts to resend a trap to the NMS. Default 0. If this value is set to 0, then Inform Requests are not sent, and a trap is sent once with no guarantee of NMS receiving it. BASH `% set system snmp target nms-acme retries 10`
security-name	Send the community string with generated traps to authenticate the gateway with the external NMS. BASH `% set system snmp target nms-acme target-params nms v2c security-name bcgateway-public`
target destination	Configure the target destination to send SNMP traps (Inform Requests), including: transport: transport protocol udp or tcp hostname: IPv4 address or hostname of the NMS port: port number on which the NMS listens for SNMP traps. Default: 162 BASH `% set system snmp target nms-acme transport udp address 12.34.56.78 port 10162 % commit`