Previous Table of Contents Next


7.5. Communicating Device and Link Status with Traps

One of the most useful aspects of SNMP traps is their ability to communicate significant events to a remote network manager. This example illustrates how vendors embellish traps to provide additional information for their customers. The internetwork for this case study consists of more than 20,000 workstations, over 500 servers, and over 350 bridges and routers. Without SNMP, managing such extensive systems would be extremely difficult. In the example shown in Figure 7-5, a remote Router D and another serial link are having difficulties. This example shows how SNMP alerts the network manager to the problems.


Figure 7-5.  Communicating device and link status information

Router D with IP address [XXX.YYY.250.1] has a power failure and then returns to normal operation. In Frame 1 of Trace 7.5a, it signals to the manager by sending a LinkUp trap. The SNMP standard (RFC 1157) requires that the trap include the name and value of the ifIndex instance for the affected interface. The router’s manufacturer, Cisco Systems, Inc., includes additional information to further identify the interface (see Trace 7.5b). For example, in Frame 1, the Enterprise = {1.3.6.1.4.1.9.1.1} identifies Cisco. The first three object values transmitted come from the ifTable under the Interfaces subtree {1.3.6.1.2.1.2}. These are the ifIndex (1 or 2); the ifDescription (Ethernet0 or Ethernet1); and the ifType (ethernet-csmacd). The last object value, taken from Cisco’s private MIB, further identifies what happened (the link is now up).

In Frame 210, a second problem occurs on the serial link between Router B and Router C. This failure triggers the transmission of LinkDown traps from the router. As before, the Enterprise field identifies a Cisco device as the source of the traps and further identifies the failed router port by its IP address: [XXX.YYY.2.3]. The four object values transmitted to the manager communicate the link description (serial0); the type of link (proprietary point-to-point serial); and the reason for the trap (down).

Thus, if failures occur on other segments or communication links, which could even be across the country from each other, SNMP traps can alert the manager that a problem exists. Further troubleshooting by using software utilities such as ICMP Echo (PING) messages, SNMP queries (such as the IP or ICMP groups), or test equipment (such as network analyzers) can then proceed.

Trace 7.5a. Link up and link down traps (summary)

  Sniffer Network Analyzer data 23-Mar at 13:08:58, file A:TRAP.ENC, Pg 1

  SUMMARY   Delta T   Destination   Source    Summary
    1                 Manager      Router D   SNMP Trap -v1 Link up
                                                ifIndex ..
                                                cisco.2.2.1.1.20.1
                                                (4 items)
    2       0.4585    Manager      Router D   SNMP Trap -v1 Link up
                                                ifIndex ..
                                                cisco.2.2.1.1.20.2
                                                (4 items)
    .
    .
    .
  210      27.6608    Manager      Router B   SNMP Trap Link down
                                                ifIndex ..
                                                cisco.2.2.1.1.20.1
                                                (4 items)

Trace 7.5b. Link up and link down traps (details)

  Sniffer Network Analyzer data 23-Mar at 13:08:58, file A:TRAP.ENC, Pg 1

  ------------------------------- Frame 1 -------------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1) -----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Trap
  SNMP: Enterprise = {1.3.6.1.4.1.9.1.1}
  SNMP: Network address = [XXX.YYY.12.250]
  SNMP: Generic trap = 3 (Link up)
  SNMP: Specific trap = 0
  SNMP: Time ticks = 797
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.1.1} (ifIndex.1)
  SNMP: Value = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.2.1} (ifDescr.1)
  SNMP: Value = Ethernet0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.3.1} (ifType.1)
  SNMP: Value = 6 (ethernet-csmacd)
  SNMP:
  SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.1} (cisco.2.2.1.1.20.1)
  SNMP: Value = up
  SNMP:

  ------------------------------- Frame 2 -------------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1) -----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Trap
  SNMP: Enterprise = {1.3.6.1.4.1.9.1.1}
  SNMP: Network address = [XXX.YYY.12.250]
  SNMP: Generic trap = 3 (Link up)
  SNMP: Specific trap = 0
  SNMP: Time ticks = 799
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.1.2} (ifIndex.2)
  SNMP: Value = 2
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.2.2} (ifDescr.2)
  SNMP: Value = Ethernet1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.3.2} (ifType.2)
  SNMP: Value = 6 (ethernet-csmacd)
  SNMP:
  SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.2} (cisco.2.2.1.1.20.2)
  SNMP: Value = up
  SNMP:

  ------------------------------- Frame 210 -------------------------------
  SNMP: ----- Simple Network Management Protocol (Version 1) -----
  SNMP:
  SNMP: Version = 0
  SNMP: Community = public
  SNMP: Command = Trap
  SNMP: Enterprise = {1.3.6.1.4.1.9.1.1}
  SNMP: Network address = [XXX.YYY.2.3]
  SNMP: Generic trap = 2 (Link down)
  SNMP: Specific trap = 0
  SNMP: Time ticks = 45039280
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.1.1} (ifIndex.1)
  SNMP: Value = 1
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.2.1} (ifDescr.1)
  SNMP: Value = Serial0
  SNMP:
  SNMP: Object = {1.3.6.1.2.1.2.2.1.3.1} (ifType.1)
  SNMP: Value = 22 (propPointToPointSerial)
  SNMP:
  SNMP: Object = {1.3.6.1.4.1.9.2.2.1.1.20.1} (cisco.2.2.1.1.20.1)
  SNMP: Value = down
  SNMP:

7.6 Proper Interpretation of Private Enterprise Traps

Some vendors define traps that have meaning only within their systems. In this example, Network General Corp.’s Distributed Sniffer System is monitoring traffic on one segment of an internetwork (see Figure 7-6). The Sniffer allows the network administrator to set thresholds for various traffic parameters and to transmit a trap to the Network Management console if any of these thresholds are exceeded. You’ll need a copy of the vendor’s MIB, such as the one from Network General Corp. shown in Definition 7-1, to properly interpret these enterprise-specific traps. This case study looks at several examples (see Trace 7.6).


Figure 7-6.  Using private enterprise traps


Previous Table of Contents Next