Device Configuration

For a device to send traps to specified managers, the most basic configuration are the trap targets. More advanced configuration includes the Trap Community String or traps over SNMPv3.

■

Destination IP address and port (see Basic SNMP Configuration Setup)

■

Trap Community String: The default Trap Community String is ‘trapuser’. There is only 1 for the entire device.

●

INI file: SNMPTRAPCOMMUNITYSTRING = <your community string here>.

●

SNMP: add a new community string to the snmpCommunityTable. To associate the traps to the new Community String change the snmpTargetParamsSecurityName in the snmpTargetParamsTable so it coincides with the snmpCommunitySecurityName object. If you wish, you can remove the older Trap Community String from snmpCommunityTable (however, it is not mandatory).

●

Web: SNMP Community Settings page (Setup menu > Administration tab > SNMP folder > SNMP Community Settings). Use the Apply button to apply your configuration. You can’t delete the Trap Community String, only modify its value.

●

CLI:

(config-system)# snmp trap
(snmp-trap)# community-string

■

SNMPv3 Settings: When using SNMPv3 settings it is important to note that by default the trap configuration remains such that the traps are sent out in SNMPv2c mode. To have traps sent out in SNMPv3, you can use either ini file or SNMP:

●

INI file: amongst the SNMPv3 users ensure that you also define a trap user (the value of 2 in the SNMPUsers_Group indicates the trap user). For example: you can have the SNMP users table defined with a read-write user, ‘rwmd5des’ with MD5 authentication and DES privacy, along with a trap user, ‘tmd5no’ with SHA authentication and DES privacy:

[ SNMPUsers ]
FORMAT SNMPUsers_Index = SNMPUsers_Username, SNMPUsers_AuthProtocol, SNMPUsers_PrivProtocol, SNMPUsers_AuthKey, SNMPUsers_PrivKey, SNMPUsers_Group;
SNMPUsers 1 = rwmd5des, 1, 1, myauthkey, myprivkey, 1;
SNMPUsers 2 = tshades, 2, 1, myauthkey, myprivkey, 2 
[ \SNMPUsers ]

●

If you define a trap user only, the device runs in SNMPv3 mode but will not be accessible as there are no defined read-write or even read-only users.

●

If you define non-default community strings (SNMPv2c), you need to access the device via SNMPv2c.

Along with this configuration, you also need to associate the trap targets (managers) with the user:

SNMPMANAGERTRAPUSER_x=tshades

where x is the target index and can be between 0 and 4.

Any targets that are defined in the ini file where this last parameter isn’t defined, receives SNMPv2c traps.

●

SNMP: change snmpTargetAddrParams object to the user of your choice adding the letters ‘usm’ as prefix (ensure it’s a trap user). For example, the ‘tshades’ user should be added as ‘usmtshades’.