The Simple Network Management Protocol (SNMP) is an ideal method for monitoring and managing all types of mission critical devices which has higher SLA. SNMP traps makes it possible to use different tools to view, browse,and manipulate Brocade switch MIBs remotely as well as to set up an enterprise-level management mechanism as every Brocade SAN director supports SNMP.
Recipients for SNMP traps are restricted according to security levels and the levels can be changed according to the need. By default the security level is set to 0( No security). We can set different security levels for a switch using the snmpconfig --set seclevel command.
For this setup which I am using, the security level is set to be 0. This means that there is no authentication mechanism configured for sending traps.
let's see the configuration steps!
STEP 1:-
Login to switch as admin.
The first step is to check the switch status policy settings as the switch health status is based on Power supplies, Temperatures,Fans, WWN servers, Standby CP, Blades, Flash, Marginal ports, Faulty ports, Missing SFPs, and so on.
To view the current policy settings, issue the command as below,
STEP 2:-
The next step is to check the current SNMP attributes and server address configured on the switch. In case of new switches, you can ignore the step. New switches won't have anything configured.
To check the current SNMP settings for SNMPv1, issue snmpconfig command with a privileged account(especially admin account)
to check the SNMP V3 settings, use --show snmpv3 option.
"snmpConfig" is the Brocade switch CLI command used to manage the configuration of SNMPv1/v3 agent in the switch. CLI interface is interactive for all parameters except mibCapability, which can be configured both interactively and with command line options on switches and Directors running Fabric OS v6.4.0 and later.
Each event trap level is in relation with the event's severity level. When an event occurs and its severity level is equal to or below the set value, the SNMP event traps are forwarded to the trap recipients(SNMP servers).
Possible values for the event severity are the following:
0 none
1 critical
2 error
3 warning
4 informational
5 debug
Recipients for SNMP traps are restricted according to security levels and the levels can be changed according to the need. By default the security level is set to 0( No security). We can set different security levels for a switch using the snmpconfig --set seclevel command.
For this setup which I am using, the security level is set to be 0. This means that there is no authentication mechanism configured for sending traps.
let's see the configuration steps!
STEP 1:-
Login to switch as admin.
login as: admin
admin@192.168.6.5's password:
The first step is to check the switch status policy settings as the switch health status is based on Power supplies, Temperatures,Fans, WWN servers, Standby CP, Blades, Flash, Marginal ports, Faulty ports, Missing SFPs, and so on.
To view the current policy settings, issue the command as below,
switch01:FID128:admin> switchstatuspolicyshow
The current overall switch status policy parameters:
Down Marginal
----------------------------------
PowerSupplies 3 1
Temperatures 2 1
Fans 2 1
WWN 0 1
CP 0 1
Blade 0 1
CoreBlade 0 1
Flash 0 1
MarginalPorts 112 1
FaultyPorts 112 1
MissingSFPs 0 0
switchStatusPolicyShow is the Brocade CLI command, which displays current policy parameters that are configured on switch, which determines the overall switch status as Down or Marginal. If you want to change the policy settings, use switchstatuspolicyset command
The next step is to check the current SNMP attributes and server address configured on the switch. In case of new switches, you can ignore the step. New switches won't have anything configured.
To check the current SNMP settings for SNMPv1, issue snmpconfig command with a privileged account(especially admin account)
switch01:FID128:admin> snmpconfig --show snmpv1
SNMPv1 community and trap recipient configuration:
Community 1: Secret C0de (rw)
No trap recipient configured yet
Community 2: OrigEquipMfr (rw)
No trap recipient configured yet
Community 3: private (rw)
No trap recipient configured yet
Community 4: public (ro)
No trap recipient configured yet
Community 5: common (ro)
No trap recipient configured yet
Community 6: FibreChannel (ro)
No trap recipient configured yet
SNMPv1:Enabled
to check the SNMP V3 settings, use --show snmpv3 option.
switch01:FID128:admin> snmpconfig --show snmpv3
SNMP Informs = 0 (OFF)
SNMPv3 USM configuration:
User 1 (rw): snmpadmin1
Auth Protocol: noAuth
Priv Protocol: noPriv
User 2 (rw): snmpadmin2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 3 (rw): snmpadmin3
Auth Protocol: noAuth
Priv Protocol: noPriv
User 4 (ro): snmpuser1
Auth Protocol: noAuth
Priv Protocol: noPriv
User 5 (ro): snmpuser2
Auth Protocol: noAuth
Priv Protocol: noPriv
User 6 (ro): snmpuser3
Auth Protocol: noAuth
Priv Protocol: noPriv
SNMPv3 Trap configuration:
Trap Entry 1: 192.168.1.10
Trap Port: 162
Trap User: snmpadmin1
Trap recipient Severity level: 4
Trap Entry 2: No trap recipient configured yet
Trap Entry 3: No trap recipient configured yet
Trap Entry 4: No trap recipient configured yet
Trap Entry 5: No trap recipient configured yet
Trap Entry 6: No trap recipient configured yet
"snmpConfig" is the Brocade switch CLI command used to manage the configuration of SNMPv1/v3 agent in the switch. CLI interface is interactive for all parameters except mibCapability, which can be configured both interactively and with command line options on switches and Directors running Fabric OS v6.4.0 and later.
Each event trap level is in relation with the event's severity level. When an event occurs and its severity level is equal to or below the set value, the SNMP event traps are forwarded to the trap recipients(SNMP servers).
Possible values for the event severity are the following:
0 none
1 critical
2 error
3 warning
4 informational
5 debug
STEP 3:-
Once we have verified the settings on the switch, it's time to do the SNMP configuration. We will be using same "snmpconfig" command but the parameters will vary according to the need.
To set SNMPv1, follow the steps mentioned as below. The CLI session is interactive for all step and you have to key in the SNMP server IP address, port number, trap severity and community string. If you have a community string other than "public", type the string and press enter to continue.
switch01:FID128:admin> snmpconfig --set snmpv1
SNMP community and trap recipient configuration:
[....]
Community (ro): [public]
Trap Recipient's IP address : [0.0.0.0] 192.168.1.110
Trap recipient Severity level : (0..5) [0] 3
Trap recipient Port : (0..65535) [162]
[....]
Committing configuration.....done.
note:- output is truncated
To set SNMPv3, follow the process. you will get an interactive session for SNMPv3 as well, but the fields will change to accommodate the v3 attributes. You will need to type the correct attributes as and when it is asked. if your user name is different than snmpadmin1, you have to type the user name and press enter to continue.
switch01:FID128:admin> snmpconfig --set snmpv3
SNMP Informs Enabled (true, t, false, f): [false]
SNMPv3 user configuration(snmp user not configured in FOS user database will have physical AD and admin role as the default):
User (rw): [snmpadmin1]
Auth Protocol [MD5(1)/SHA(2)/noAuth(3)]: (1..3) [3]
Priv Protocol [DES(1)/noPriv(2)/3DES(3)/AES128(4)/AES192(5)/AES256(6)]): (2..2) [2]
[....]
SNMPv3 trap recipient configuration:
Trap Recipient's IP address : [0.0.0.0] 192.168.1.10
UserIndex: (1..6) [1]
Trap recipient Severity level : (0..5) [0] 4
Trap recipient Port : (0..65535) [162]
Trap Recipient's IP address : [0.0.0.0]
Trap Recipient's IP address : [0.0.0.0]
Trap Recipient's IP address : [0.0.0.0]
Trap Recipient's IP address : [0.0.0.0]
Trap Recipient's IP address : [0.0.0.0]
Committing configuration.....done.
note:- output is truncated
Helpful...thank you 😊
ReplyDeleteHow to change community?
ReplyDeleteIs this is a disruptive action or Switch will reboot or not to do this configuration (snmpconfig --set snmpv3). Please update
ReplyDeleteThis action is non-disruptive. you can set the values and test without impacting the production workload.
Delete