Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX

By submitting your information, you agree that devx.com may send you DevX offers via email, phone and text message, as well as email offers about other products and services that DevX believes may be of interest to you. DevX will process your information in accordance with the Quinstreet Privacy Policy.


Build a Custom Cisco Configuration Repository : Page 5

You don't have to spend a fortune on CiscoWorks to store and compare your Cisco router configurations. With a little work and some help from Subversion, you can roll your own.




Application Security Testing: An Integral Part of DevOps

Configuring SNMP
You can configure a Cisco router to send SNMP traps when certain events happen. A SNMP trap, simply put, is a message triggered by a system event, such as "Hey! A link just went down!" Typically, some sort of network management software that understands SNMP traps (such as IBM Tivoli Netview or Nagios) correlates these messages with the events. The Net-SNMP package also has a program that understands how to deal with SNMP events.

First, start up the SNMP trap daemon, by running snmptrapd from the Net-SNMP package. Run snmptrapd as the root user. You'll also need to verify that any devices that might block SNMP traffic between the router and the SNMP host, such as firewalls, have been configured to allow this traffic through.

Next, you'll need to log onto your router and configure it for SNMP traps. As a bare minimum, you need to run SNMP, and you need to send traps to the SNMP host.

SomeRouter(config)# snmp-server host <your snmp host> <your community string> SomeRouter(config)# snmp-server enable traps config

SNMP will more or less randomly decide which interface to source the SNMP packets from, but you can simplify maintenance if you configure the device to use one specific port. The example below uses the FastEthernet0/0 port; however, you can use whatever port you like. It's important that your snmp-conf.pl script is configured to use this IP address as the identifier of the router.

SomeRouter(config)# snmp-server trap-source FastEthernet 0/0

Now you can test the configuration. On the SNMP host, run a tail—f command on the System log. Under Solaris, it's in /var/adm, on most Linux-like systems, it's under /var/log. On the router, type config t, and then exit. The result should look something like this:

Jul 18 22:42:32 netflowc snmptrapd[20718]: [ID 702911 daemon.warning] Enterprise Specific Trap (.1) Uptime: 111 days, 6:49:44.81, . = INTEGER: 1, . = INTEGER: 2, . = INTEGER: 3 Jul 18 22:42:32 netflowc snmptrapd[20718]: [ID 702911 daemon.warning] []: Trap , . = Wrong Type (should be Timeticks): INTEGER: 961498481, . = OID: ., . = INTEGER: 1, . = INTEGER: 2, . = INTEGER: 3

Now that you know SNMP is working, you need to configure SNMPTT. First, create a snmptt.conf file. You need to tell SNMPTT how to deal with the configuration traps, so add the following lines to snmptt.conf:

EVENT ciscoConfigManEvent . "Status Events" Normal FORMAT Notification of a configuration management event as $* EXEC /usr/local/bin/snmp-conf.pl -t $ar -a $1 -b $2 -c $3 -o /tmp/routers | /usr/local/bin/router-commit.sh SDESC Notification of a configuration management event as recorded in ccmHistoryEventTable. EDESC

You'll need to download the script snmp-conf.pl and put it in /usr/local/bin, then run the command chmod 755 /usr/local/bin/snmp-conf.pl to make it executable. After doing that, you'll need to configure your router information in the script. Finally, create another helper script to manage the SVN updates. Paste the following code into a script, and then run chmod 755 /usr/local/bin/router-commit.sh.

#!/bin/sh # set SVN for your environment SVN=/usr/local/bin/svn NOW=`date` cd /tmp/routers; $SVN update cd /tmp/routers; $SVN commit --message "Auto-triggered update on: $NOW" cd /tmp/; $SVN co http://<yourhost>/depot/routers

Finally, you'll need to configure Net-SNMP's snmptrapd by adding the following line to the snmptrapd.conf file.

traphandle default /usr/local/sbin/snmptthandler

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date