3.2.23. snmp

SNMP configuration.

vrouter running config# vrf <vrf> snmp

enabled

Enable or disable the SNMP engine.

vrouter running config# vrf <vrf> snmp
vrouter running snmp# enabled true|false
Default value
true

listen

Configuration of the transport endpoint on which the engine listens.

vrouter running config# vrf <vrf> snmp listen

protocols

The protocols used for connecting to the SNMP agent.

vrouter running config# vrf <vrf> snmp listen
vrouter running listen# protocols PROTOCOLS
PROTOCOLS values Description
udp UDP.
tcp TCP.
udp6 UDPv6.
tcp6 TCPv6.
Default value
udp

port

The TCP or UDP port on which the engine listens.

vrouter running config# vrf <vrf> snmp listen
vrouter running listen# port PORT
PORT A 16-bit port number used by a transport protocol such as TCP or UDP.
Default value
161

static-info

Most of the information reported by the SNMP agent is retrieved from the underlying system. However, certain MIB objects can be configured with a static value.

vrouter running config# vrf <vrf> snmp static-info

location

System location (sysLocation.0) object value.

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# location <string>

contact

System contact (sysContact.0) object value.

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# contact <string>

name

System name (sysName.0) object value.

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# name <string>

services

Value of the sysServices.0 object. For a host system, a good value is 72 (application + end-to-end layers).

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# services <uint8>

description

System description of the SNMP agent (sysDescr.0).

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# description <string>

object-id

System OID (sysObjectOID.0) object value.

vrouter running config# vrf <vrf> snmp static-info
vrouter running static-info# object-id OBJECT-ID
OBJECT-ID SNMP object identifier either as a label or numeric form.

view

A named ‘view’ - a subset of the overall OID tree.

vrouter running config# vrf <vrf> snmp view <string>

name (state only)

The name of the view.

vrouter> show state vrf <vrf> snmp view <string> name

subtree

A part of the OID tree to include or exclude from the view.

vrouter running config# vrf <vrf> snmp view <string>
vrouter running view <string># subtree <subtree> included true|false
<subtree> SNMP object identifier either as a label or numeric form.

included

Set to false to exclude this OID from the view.

included true|false
Default value
true

oid (state only)

The OID root to include or exclude from the view.

vrouter> show state vrf <vrf> snmp view <string> subtree <subtree> oid

community

An SNMPv1 or SNMPv2c community.

vrouter running config# vrf <vrf> snmp community <string>

authorization (mandatory)

The authorization level of the community.

vrouter running config# vrf <vrf> snmp community <string>
vrouter running community <string># authorization AUTHORIZATION
AUTHORIZATION values Description
read-only Read-only (GET and GETNEXT) access.
read-write Read-write (GET, GETNEXT and SET) access.

source

Restrict access to requests from the specified address or prefix.

vrouter running config# vrf <vrf> snmp community <string>
vrouter running community <string># source SOURCE
SOURCE values Description
<A.B.C.D> An IPv4 address.
<X:X::X:X> An IPv6 address.
<host-name> The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.
<A.B.C.D/M> An IPv4 prefix: address and CIDR mask.
<X:X::X:X/M> An IPv6 prefix: address and CIDR mask.

view

Restricts access for that community to the subtree rooted at the given view name. If not specified, the community has access to the whole OID tree.

vrouter running config# vrf <vrf> snmp community <string>
vrouter running community <string># view <leafref>

name (state only)

The name of the community.

vrouter> show state vrf <vrf> snmp community <string> name

access-control

SNMPv3 access control configuration.

vrouter running config# vrf <vrf> snmp access-control

user

An SNMPv3 user.

vrouter running config# vrf <vrf> snmp access-control user <string>

auth-password (mandatory)

The authentication password.

vrouter running config# vrf <vrf> snmp access-control user <string>
vrouter running user <string># auth-password <string>

auth-method

The authentication method.

vrouter running config# vrf <vrf> snmp access-control user <string>
vrouter running user <string># auth-method AUTH-METHOD
AUTH-METHOD values Description
md5 MD5.
sha SHA.
Default value
sha

priv-password

The privacy (encryption) password. If not specified, it is assumed to be the same as the authentication password.

vrouter running config# vrf <vrf> snmp access-control user <string>
vrouter running user <string># priv-password <string>

priv-protocol

The encryption protocol.

vrouter running config# vrf <vrf> snmp access-control user <string>
vrouter running user <string># priv-protocol PRIV-PROTOCOL
PRIV-PROTOCOL values Description
aes AES.
des DES.
Default value
aes

name (state only)

The name of the user (securityName).

vrouter> show state vrf <vrf> snmp access-control user <string> name

group

An SNMPv3 group.

vrouter running config# vrf <vrf> snmp access-control group <string>

user

Name of a user to add to this group.

vrouter running config# vrf <vrf> snmp access-control group <string>
vrouter running group <string># user <leafref>

security-level (mandatory)

The security level enforced on this group.

vrouter running config# vrf <vrf> snmp access-control group <string>
vrouter running group <string># security-level SECURITY-LEVEL
SECURITY-LEVEL values Description
auth Authentication is required.
priv Authentication and encryption are required.

view

Restricts access for that group to the subtree rooted at the given view name. If not specified, the group has access to the whole OID tree.

vrouter running config# vrf <vrf> snmp access-control group <string>
vrouter running group <string># view <leafref>

authorization

The authorization level of this group.

vrouter running config# vrf <vrf> snmp access-control group <string>
vrouter running group <string># authorization AUTHORIZATION
AUTHORIZATION values Description
read-only Read-only (GET and GETNEXT) access.
read-write Read-write (GET, GETNEXT and SET) access.
Default value
read-only

name (state only)

The name of the group.

vrouter> show state vrf <vrf> snmp access-control group <string> name

traps

Active monitoring and automatic notifications configuration.

vrouter running config# vrf <vrf> snmp traps

destination

Notification receiver that should be sent SNMPv1 TRAPs, SNMPv2c TRAP2s, or SNMPv2 INFORM notifications.

vrouter running config# vrf <vrf> snmp traps
vrouter running traps# destination <destination> port PORT protocol PROTOCOL \
... notification-type NOTIFICATION-TYPE community <leafref>
<destination> values Description
<A.B.C.D> An IPv4 address.
<X:X::X:X> An IPv6 address.
<host-name> The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

port

The port number of the host where to send the traps.

port PORT
PORT A 16-bit port number used by a transport protocol such as TCP or UDP.
Default value
162

protocol

The protocol used to connect to the destination host.

protocol PROTOCOL
PROTOCOL values Description
udp UDP.
tcp TCP.
udp6 UDPv6.
tcp6 TCPv6.
Default value
udp

notification-type (mandatory)

The type of notifications that is to be sent to the specified host.

notification-type NOTIFICATION-TYPE
NOTIFICATION-TYPE values Description
TRAP Send SNMPv1 TRAPs to the specified host.
TRAP2 Send SNMPv2c TRAP2s to the specified host.
INFORM Send SNMPv2 INFORM notifications to the specified host.

community (mandatory)

The community string to use when sending traps to this destination.

community <leafref>

host (state only)

The address of the receiver.

vrouter> show state vrf <vrf> snmp traps destination <destination> host

authfail-check

Monitor authentication failures.

vrouter running config# vrf <vrf> snmp traps
vrouter running traps# authfail-check enabled true|false

enabled

Enable or disable authentication failures monitoring.

enabled true|false
Default value
true

process-check

Monitor the important processes of the system, triggering a notification when one of them is not alive.

vrouter running config# vrf <vrf> snmp traps
vrouter running traps# process-check frequency FREQUENCY enabled true|false

frequency

Check for network interfaces being taken up or down every <frequency> period.

frequency FREQUENCY
FREQUENCY Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks).
Default value
2s

enabled

Enable or disable process monitoring.

enabled true|false
Default value
true

disk-space-check

Enables monitoring of all disks found on the system, using the specified (percentage) threshold.

vrouter running config# vrf <vrf> snmp traps
vrouter running traps# disk-space-check threshold <uint8> frequency FREQUENCY \
... enabled true|false

threshold (mandatory)

The minimum free disk space in percentage of the total space.

threshold <uint8>

frequency

Check for free disk space every <frequency> period.

frequency FREQUENCY
FREQUENCY Value in seconds or optionnally suffixed by one of s (for seconds), m (for minutes), h (for hours), d (for days) or w (for weeks).
Default value
5m

enabled

Enable or disable disk space monitoring.

enabled true|false
Default value
true

load-check

Enables monitoring of the load average and trigger notifications if it goes above the specified thresholds.

vrouter running config# vrf <vrf> snmp traps
vrouter running traps# load-check threshold <uint16> enabled true|false

threshold (mandatory)

The maximum system load average.

threshold <uint16>

enabled

Enable or disable system load monitoring.

enabled true|false
Default value
true