Building network automation solutions

9 module online course

Start now!

Category: SNMP

Model-Driven Telemetry Isn’t as New as Some People Think

During the Campus Evolution with Cat9K presentation (I hope I got it right - the whole event was an absolute overload) the presenter mentioned the benefits of brand-new model-driven telemetry, which immediately caused me to put my academic hat on and state that we had model-driven telemetry for at least 30 years.

Don’t believe me? Have you ever looked at an SNMP MIB description? Did it look like random prose to you or did it seem to have some internal structure?

read more see 8 comments

SNMP over XML over HTTP?

The snmp-server host command in Cisco IOS has an interesting option: you can specify an URL as the destination host, for example: snmp-server host http://1.2.3.4/xxx traps snmpv2c public. However, I was not able to make it work; the router would accept the configuration command, but the outbound HTTP session never starts. Has anyone managed to get this to work? Any ideas what else is required?
see 5 comments

Add vendor-specific MIBs to Wireshark

When I was testing EEM SNMP integration, I wanted to decode the SNMP traps sent by the router with Wireshark. Wireshark performed wonderfully, but could not decode the Cisco-specific object IDs used in the traps. I knew I had to download Cisco-specific MIB files and install them in Wireshark, but doing that proved a bit harder than expected … and the Wireshark and NetSNMP documentation was not too helpful.

EEM-SNMP integration is described in the Embedded Event Manager (EEM) workshop. You can attend an online version of the workshop; we can also organize a dedicated event for your networking team.

You can find the final results of my struggles in the “Add MIB files to Wireshark SNMP decoder” article in the CT3 wiki.

Send a SNMP trap from an EEM applet

The engineer who wanted to detect specific DoS attack (WAN link overload) with EEM applet asked for something more in his original question: he wanted to receive a SNMP trap on the NMS when the DoS attack is detected. Implementing this requirement with an EEM applet is simple; you just need to add the trap keyword to the event manager applet configuration command.


EEM-SNMP integration is described in the Embedded Event Manager (EEM) workshop. You can attend an online version of the workshop; we can also organize a dedicated event for your networking team.

read more see 1 comments

Trigger EEM applet with SNMP

Anderson sent me an interestion question:

I'd like to use the snmpset command to get my router to execute an EEM script. Are there OIDs that are associated with EEM scripts that could help me achieve this?

Although EEM has associated MIB, it has a single read-write variable: the size of the history table. It's thus not possible to use EEM MIB to trigger EEM events. However, EEM 2.4 added support for SNMP notification events, which you can use to trigger EEM applets based on incoming SNMP traps/informs.

You can therefore use the event snmp-notification command on a router and the snmptrap command on a Linux host to remotely trigger EEM applets.

Read more in the Trigger EEM applets with SNMP Informs article in the CT3 wiki.

This article is part of You've asked for it series.

Quick tip: limit SNMP traps sent to a SNMP server

If you use multiple SNMP servers in your network, you might want to limit the traps each server receives. Configuring this functionality is easy: just list the traps you want a server to receive at the end of the snmp-server host configuration command.

When you specify the list of SNMP trap types a server should receive, a trap is sent to the server only if it’s listed in the snmp-server host command and enabled with the snmp-server enable traps command.

see 2 comments

Quick tip: Enable SNMP traps

IOS can generate numerous SNMP traps, but you have to enable most of them manually. Configuring a server that receives SNMP traps with the snmp-server host address community traps is not enough; you have to enable individual trap categories with the snmp-server enable traps group [ trap ] command.

In older releases, the standard SNMP traps (for example, link up/down traps) are enabled by default and cannot be disabled with the snmp-server enable traps command. Newer IOS releases have added the snmp-server enable traps snmp [ authentication | coldstart | linkdown | linkup | warmstart ] global configuration command. These releases require you to enable standard SNMP traps manually; otherwise the router will not generate them.

If you want to see the whole list, configure snmp-server enable traps and execute show running | include snmp-server enable. IOS 12.4T network management reference guide also includes a comprehensive list of all options.

see 2 comments
Sidebar