Search

VERSA SNMP SERVICE CONFIGURATION

The SNMP service will be configured according to the below topology.

My SNMP server is located on the controller side. I want to watch my branch3 with SNMP. Director provides to monitor the devices. Alright, Why should we need to use the SNMP server The answer is simple, Because of central management.

Only I must do a few clicks in my template. As my SNMP server is located at the controller side, the controller is selected as "reachability via".


After these processes, The Director pushes some configuration to the Branch device.


admin@Branch3-cli> show configuration | display set | match snmp
set confdConfig logs snmpLog
set confdConfig logs snmpLog enabled
set confdConfig logs snmpLog file
set confdConfig logs snmpLog file enabled
set confdConfig logs snmpLog file name /var/log/versa/confd/snmp.log
set snmp agent enabled
set snmp agent ip 127.0.0.1
set snmp agent udp-port 161
set snmp agent extra-listen ::1 161
set snmp agent version v2c
set snmp agent max-message-size 50000
set snmp system name Branch3
set snmp system location "istanbul, Turkey"
set snmp community admin sec-name admin
set snmp target v2_192.168.200.100 ip 192.168.200.100
set snmp target v2_192.168.200.100 udp-port 162
set snmp target v2_192.168.200.100 tag [ std_v2_inform std_v2_trap ]
set snmp target v2_192.168.200.100 timeout 1500
set snmp target v2_192.168.200.100 retries 3
set snmp target v2_192.168.200.100 v2c sec-name admin
set snmp notify std_v1_trap tag std_v1_trap
set snmp notify std_v1_trap type trap
set snmp notify std_v2_inform tag std_v2_inform
set snmp notify std_v2_inform type inform
set snmp notify std_v2_trap tag std_v2_trap
set snmp notify std_v2_trap type trap
set snmp notify std_v3_inform tag std_v3_inform
set snmp notify std_v3_inform type inform
set snmp notify std_v3_trap tag std_v3_trap
set snmp notify std_v3_trap type trap
set snmp target-source 10.0.0.8
set snmp vacm group access-v2c-public-internet member admin sec-model [ v2c ]
set snmp vacm group access-v2c-public-internet access v2c no-auth-no-priv read-view internet
set snmp vacm group access-v2c-public-internet access v2c no-auth-no-priv notify-view internet
set snmp vacm view internet subtree 1.2 included
set snmp vacm view internet subtree 1.3 included
set snmp vacm view internet subtree 1.3.6.1 included
set nacm rule-list snmp-ro group [ * ]
set nacm rule-list snmp-ro rule deny-write access-operations create,update,delete
set nacm rule-list snmp-ro rule deny-write action deny
set nacm rule-list snmp-ro rule deny-write context snmp


Step by Step Snmp Configuration:

Configuring Communities

Community is a group of devices that SNMP monitors. a. On the branch template go to the Configuration tab -> Objects & Connectors -> Connector -> SNMP -> Click on Communities-> Click on (+) symbol to add a new community


Field Description

Name for the community.

Security Name Secure name for the community.


Configuring SNMP Trap Profiles

SNMP traps are alert messages sent from one or more remote SNMP-enabled devices to a central device, the “SNMP manager.” A trap communicates the health and performance warnings to the SNMP manager. For information on how to configure the profile, refer to the below steps. a. On the branch template go to the tab -> Objects & Connectors -> Connector -> SNMP -> Click on Trap profile -> Click on (+) symbol to create new trap profile



Field Description

Name Name of the trap profile.

Version Version of the trap profile: V1 V2C V3

Community Name

Community string identifies a community of SNMP managers and monitored devices and serves as a password to authenticate the community members to each other.

Target Address

IP address of the SNMP manager. In this case, it is 192.168.200.100

Port Port number assigned to the SNMP manager.

Trap Select if SNMP simply sends a message.

Inform Select if SNMP sends and gets an acknowledgment for the message sent


Configuring SNMP Agent

An agent interacts with SNMP and enables the flow of information between the monitored devices, the applications, and the monitoring device. For information on how to configure the profile, refer below steps to Configuring SNMP agent in the Versa VNF.

On Branch template go to Objects & Connectors -> Connectors -> SNMP -> Agent -> click (+) symbol to edit configure the follow field



Then click on edit SNMP target source and enter the IP address of the local tvi interface and click OK This IP is used as source IP for reaching the SNMP server. As in this case, the SNMP server is reachable using Provider-Control-VR the IP address 10.0.0.8 is that of the tvi interface on the CPE.




Configuring VACM (View-based Access Control Model)

SNMPv2c/v3 uses a view-based access control model (VACM), which allows you to configure the access privileges granted to a group. All-access control within VACM operates on groups, which are collections of users defined by USM.

The security model is configured for: a. Views b. Groups

Configuring VACM Views

a. In the Director view, go to Configuration > Templates > Device Templates. Select an organization in the left navigation panel and a template from the dashboard. b. Then navigate to Configuration > Objects & Connectors > Connectors > SNMP > VACM. c. Click (+) to add a view


Configuring VACM Groups

a. In the Director view, go to Configuration > Templates > Device Templates. Select an organization in the left navigation panel and a template from the dashboard. b. Then navigate to Configuration > Objects & Connectors > Connectors > SNMP > VACM. Click the Group tab. c. Click (+) to add a group.



Click on (+) to add member e. Click (+)to add a security model. NOTE: Make sure the VACM Groups "Members Name" is the same as community "Security Name" (sec-name) configured in step 1a.



Field Description

Name Name of the VACM group.


Field Description

Name Name of the member.

Click the Access tab


Field Description

Security Model Name of the security model.

Security Level

Type of security: § Auth No Priv § Auth Priv § No Auth No Priv

Write View Object on which to grant write view.

Read View Object on which to grant read view.

Notify View Object on which to grant notify view.


Configure VNF Manager

For the SNMP server to be able to poll the FlexVNF and receive the SNMP traps, we need to add the SNMP server as VNF Manager settings. We also need to select an Interface using which the Branch will be able to reach the SNMP server. In this case, SNMP server (10.31.0.0/16 is reachable for staging-hopkinslab312-swb from tvi-0/3.0 interface)


Adding to PRTG Monitoring Server:

I have installed the PRTG server for test. You can download the Free PRTG version for this. DOWNLOAD

After installation, I added the device to PRTG and then I added a few sensors for interface bandwidth.





Check SNMP logs:


[admin@Branch3: ~] $ sudo tail -f /var/log/versa/confd/snmp.log
[sudo] password for admin:

<INFO> 28-Feb-2021::04:02:12.046 Branch3 confd[1391]: snmp get-request reqid=26778 192.168.200.100:51222 (Counter64 ifHCInOctets.13.)(Counter64 ifHCOutOctets.13.)(OCTET STRING ifDescr.13.)(TimeTicks sysUpTime)
<INFO> 28-Feb-2021::04:02:12.125 Branch3 confd[1391]: snmp get-response reqid=26778 192.168.200.100:51222 (Counter64 ifHCInOctets.13.=2789577)(Counter64 ifHCOutOctets.13.=1165223)(OCTET STRING ifDescr.13.=vni-0/1)(TimeTicks sysUpTime=450563)
<INFO> 28-Feb-2021::04:02:17.030 Branch3 confd[1391]: snmp get-request reqid=26779 192.168.200.100:51224 (Counter64 ifHCInOctets.5.)(Counter64 ifHCOutOctets.5.)(OCTET STRING ifDescr.5.)(TimeTicks sysUpTime)
<INFO> 28-Feb-2021::04:02:21.828 Branch3 confd[1391]: snmp get-response reqid=26779 192.168.200.100:51224 (Counter64 ifHCInOctets.5.=6510743)(Counter64 ifHCOutOctets.5.=12769216)(OCTET STRING ifDescr.5.=vni-0/0)(TimeTicks sysUpTime=451533)
<INFO> 28-Feb-2021::04:03:12.042 Branch3 confd[1391]: snmp get-request reqid=26780 192.168.200.100:51297 (Counter64 ifHCInOctets.13.)(Counter64 ifHCOutOctets.13.)(OCTET STRING ifDescr.13.)(TimeTicks sysUpTime)


Thanks for Reading!



1,128 views0 comments