The SNMP service will be configured according to the below topology.
My SNMP server is located on the controller side. I want to watch my branch3 with SNMP. Director provides to monitor the devices. Alright, Why should we need to use the SNMP server The answer is simple, Because of central management.
Only I must do a few clicks in my template. As my SNMP server is located at the controller side, the controller is selected as "reachability via".
After these processes, The Director pushes some configuration to the Branch device.
admin@Branch3-cli> show configuration | display set | match snmp set confdConfig logs snmpLog set confdConfig logs snmpLog enabled set confdConfig logs snmpLog file set confdConfig logs snmpLog file enabled set confdConfig logs snmpLog file name /var/log/versa/confd/snmp.log set snmp agent enabled set snmp agent ip 127.0.0.1 set snmp agent udp-port 161 set snmp agent extra-listen ::1 161 set snmp agent version v2c set snmp agent max-message-size 50000 set snmp system name Branch3 set snmp system location "istanbul, Turkey" set snmp community admin sec-name admin set snmp target v2_192.168.200.100 ip 192.168.200.100 set snmp target v2_192.168.200.100 udp-port 162 set snmp target v2_192.168.200.100 tag [ std_v2_inform std_v2_trap ] set snmp target v2_192.168.200.100 timeout 1500 set snmp target v2_192.168.200.100 retries 3 set snmp target v2_192.168.200.100 v2c sec-name admin set snmp notify std_v1_trap tag std_v1_trap set snmp notify std_v1_trap type trap set snmp notify std_v2_inform tag std_v2_inform set snmp notify std_v2_inform type inform set snmp notify std_v2_trap tag std_v2_trap set snmp notify std_v2_trap type trap set snmp notify std_v3_inform tag std_v3_inform set snmp notify std_v3_inform type inform set snmp notify std_v3_trap tag std_v3_trap set snmp notify std_v3_trap type trap set snmp target-source 10.0.0.8 set snmp vacm group access-v2c-public-internet member admin sec-model [ v2c ] set snmp vacm group access-v2c-public-internet access v2c no-auth-no-priv read-view internet set snmp vacm group access-v2c-public-internet access v2c no-auth-no-priv notify-view internet set snmp vacm view internet subtree 1.2 included set snmp vacm view internet subtree 1.3 included set snmp vacm view internet subtree 220.127.116.11 included set nacm rule-list snmp-ro group [ * ] set nacm rule-list snmp-ro rule deny-write access-operations create,update,delete set nacm rule-list snmp-ro rule deny-write action deny set nacm rule-list snmp-ro rule deny-write context snmp
Step by Step Snmp Configuration:
Community is a group of devices that SNMP monitors. a. On the branch template go to the Configuration tab -> Objects & Connectors -> Connector -> SNMP -> Click on Communities-> Click on (+) symbol to add a new community
Name for the community.
Security Name Secure name for the community.
Configuring SNMP Trap Profiles
SNMP traps are alert messages sent from one or more remote SNMP-enabled devices to a central device, the “SNMP manager.” A trap communicates the health and performance warnings to the SNMP manager. For information on how to configure the profile, refer to the below steps. a. On the branch template go to the tab -> Objects & Connectors -> Connector -> SNMP -> Click on Trap profile -> Click on (+) symbol to create new trap profile
Name Name of the trap profile.
Version Version of the trap profile: V1 V2C V3
Community string identifies a community of SNMP managers and monitored devices and serves as a password to authenticate the community members to each other.
IP address of the SNMP manager. In this case, it is 192.168.200.100
Port Port number assigned to the SNMP manager.
Trap Select if SNMP simply sends a message.
Inform Select if SNMP sends and gets an acknowledgment for the message sent
Configuring SNMP Agent
An agent interacts with SNMP and enables the flow of information between the monitored devices, the applications, and the monitoring device. For information on how to configure the profile, refer below steps to Configuring SNMP agent in the Versa VNF.
On Branch template go to Objects & Connectors -> Connectors -> SNMP -> Agent -> click (+) symbol to edit configure the follow field
Then click on edit SNMP target source and enter the IP address of the local tvi interface and click OK This IP is used as source IP for reaching the SNMP server. As in this case, the SNMP server is reachable using Provider-Control-VR the IP address 10.0.0.8 is that of the tvi interface on the CPE.
Configuring VACM (View-based Access Control Model)
SNMPv2c/v3 uses a view-based access control model (VACM), which allows you to configure the access privileges granted to a group. All-access control within VACM operates on groups, which are collections of users defined by USM.
The security model is configured for: a. Views b. Groups
Configuring VACM Views
a. In the Director view, go to Configuration > Templates > Device Templates. Select an organization in the left navigation panel and a template from the dashboard. b. Then navigate to Configuration > Objects & Connectors > Connectors > SNMP > VACM. c. Click (+) to add a view
Configuring VACM Groups
a. In the Director view, go to Configuration > Templates > Device Templates. Select an organization in the left navigation panel and a template from the dashboard. b. Then navigate to Configuration > Objects & Connectors > Connectors > SNMP > VACM. Click the Group tab. c. Click (+) to add a group.
Click on (+) to add member e. Click (+)to add a security model. NOTE: Make sure the VACM Groups "Members Name" is the same as community "Security Name" (sec-name) configured in step 1a.
Name Name of the VACM group.
Name Name of the member.
Click the Access tab
Security Model Name of the security model.
Type of security: § Auth No Priv § Auth Priv § No Auth No Priv
Write View Object on which to grant write view.
Read View Object on which to grant read view.
Notify View Object on which to grant notify view.
Configure VNF Manager
For the SNMP server to be able to poll the FlexVNF and receive the SNMP traps, we need to add the SNMP server as VNF Manager settings. We also need to select an Interface using which the Branch will be able to reach the SNMP server. In this case, SNMP server (10.31.0.0/16 is reachable for staging-hopkinslab312-swb from tvi-0/3.0 interface)
Adding to PRTG Monitoring Server:
I have installed the PRTG server for test. You can download the Free PRTG version for this. DOWNLOAD
After installation, I added the device to PRTG and then I added a few sensors for interface bandwidth.
Check SNMP logs:
[admin@Branch3: ~] $ sudo tail -f /var/log/versa/confd/snmp.log [sudo] password for admin:
<INFO> 28-Feb-2021::04:02:12.046 Branch3 confd: snmp get-request reqid=26778 192.168.200.100:51222 (Counter64 ifHCInOctets.13.)(Counter64 ifHCOutOctets.13.)(OCTET STRING ifDescr.13.)(TimeTicks sysUpTime) <INFO> 28-Feb-2021::04:02:12.125 Branch3 confd: snmp get-response reqid=26778 192.168.200.100:51222 (Counter64 ifHCInOctets.13.=2789577)(Counter64 ifHCOutOctets.13.=1165223)(OCTET STRING ifDescr.13.=vni-0/1)(TimeTicks sysUpTime=450563) <INFO> 28-Feb-2021::04:02:17.030 Branch3 confd: snmp get-request reqid=26779 192.168.200.100:51224 (Counter64 ifHCInOctets.5.)(Counter64 ifHCOutOctets.5.)(OCTET STRING ifDescr.5.)(TimeTicks sysUpTime) <INFO> 28-Feb-2021::04:02:21.828 Branch3 confd: snmp get-response reqid=26779 192.168.200.100:51224 (Counter64 ifHCInOctets.5.=6510743)(Counter64 ifHCOutOctets.5.=12769216)(OCTET STRING ifDescr.5.=vni-0/0)(TimeTicks sysUpTime=451533) <INFO> 28-Feb-2021::04:03:12.042 Branch3 confd: snmp get-request reqid=26780 192.168.200.100:51297 (Counter64 ifHCInOctets.13.)(Counter64 ifHCOutOctets.13.)(OCTET STRING ifDescr.13.)(TimeTicks sysUpTime)
Thanks for Reading!