- CTS system
- This is a summary of configuration needed to succesfully configure CTS system and CTS SNMP trap service to send alerts to a Linux server running net-snmp.
As of CTS version 1.6, the settings required to configure SNMP protocol in CTS are configured via CUCM Administration.
These settings include SNMP v2c/3 monitoring and system traps
In order to configure CTS system to send SNMP notifications (traps) in case specific events/errors occur in the system peripherals, is necessary to enable an specific OID:
ctpPeripheralErrorNotifyEnable = 1.3.6.1.4.1.9.9.643.1.1.1.0
This OID will cause CTS to send or not notifications
You will need snmpwalk and snmpset utilities which you can obtain from here:
Windows:
http://www.elifulkerson.com/articles/net-snmp-windows-binary-unofficial.php
Linux systems:
http://www.net-snmp.org/download.html
- If using SNMP v2c:
Please replace readwrite with the ReadWrite community string defined in CallManager
For left, right and presentation codecs:
snmpset -m ALL -v2c -c readwrite_cts2 172.28.28.63 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1 snmpset -m ALL -v2c -c readwrite_cts3 172.28.28.63 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1snmpset -m ALL -v2c -c readwrite_cts4 172.28.28.63 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1
Use _cts4 for presentation codec (Note: that IP address is the same, we just added _cts2,3 or 4 to the string)
- If using SNMP v3:
snmpwalk -v 3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0
SNMPv2-SMI::enterprises.9.9.643.1.1.1.0 = INTEGER: 2
(Just change -A for the password configured in CUCM admin and change 172.16.181.57 for the CTS IP address)
Value 2, means that we are not going to send notifications (FALSE)
That's for the center codec
For left, right and presentation codecs:
snmpwalk -v 3 -n cts2 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0
snmpwalk -v 3 -n cts3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0
snmpwalk -v 3 -n cts4 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0
In case value is not correct:
For center, left, right and presentation codecs:
snmpset -v 3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1
snmpset -n cts2 -v 3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1
snmpset -n cts3 -v 3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1
snmpset -n cts4 -v 3 -u admin -l authnoPriv -a MD5 -A C1sco123 -m ALL 172.16.181.57 1.3.6.1.4.1.9.9.643.1.1.1.0 i 1
Save SNMP change in each codec:
utils snmp save
- Trap server
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-TELEPRESENCE-CALL-MIB.my
- Obtain CTS server fixed content Engine OID (E)
TBOS 1.2 uses fixed context engine ID of 0x8000DEECAFE8111BEEFADE which is the one we are going to use to capture TRAPS
A) You can obtain CTS security engine OID (e) by logging in via CTS GUI and check SNMP settings
B) You can get root access and verify the following:
Look at the last line in /snmp/snmpd.conf.
So by entering the following command, we can obtain the security engine ID (e)
cat /snmp/snmpd.conf
Last line:
0x80001f88030019aa043e58
0x80001f8803001d4526e27a
SNMP client side (trap handler)
Reference:
http://www.net-snmp.org/wiki/index.php?title=TUT:Configuring_snmptrapd_to_receive_SNMPv3_notifications&printable=yes
1) Verify the system SNMP configuration path:
[root@asteriskvnt snmp]# net-snmp-config --snmpconfpath
/usr/local/etc/snmp:/usr/local/share/snmp:/usr/local/lib/snmp:/root/.snmp:/var/net-snmp
2) Edit snmptrapd.conf file (the path can be different)
vi /usr/local/etc/snmp/snmptrapd.conf
[root@asteriskvnt snmp]# cat snmptrapd.conf and add the fixed context engine (msgAuthoritativeEngineID)
the other security settings should match what is configured in CUCM
createUser -e 0x8000DEECAFE8111BEEFADE trapuser MD5 "C1sco123" DES
authuser log trapuser
- Testing Traps
Client
1) Start the SNMPtrapd daemon
snmptrapd -f -C -c /usr/local/etc/snmp/snmptrapd.conf -Le
[root@asteriskvnt snmp]# snmptrapd -f -C -c /usr/local/etc/snmp/snmptrapd.conf -Le
NET-SNMP version 5.5.rc1
2) Open a new window in same server to test the traps (use same engine ID in snmptrapd.conf)
snmptrap -v 3 -u trapuser -l authnoPriv -a MD5 -A C1sco123 -e 0x80001f88030019aa043e58 localhost 0 linkUp.0
For CTS:
Restart SNMP Service from CLI or generate trap
utils service restart SNMP_Srvr
check if trap is received from SNMP trap client
tcpdump -s 0 -i eth0 host 172.16.181.57 -vv
3) In client side you will see:
[root@asteriskvnt ~]# snmptrapd -f -C -c /usr/local/etc/snmp/snmptrapd.conf -Lo
NET-SNMP version 5.5.rc1
2009-09-11 18:50:10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (43347) 0:07:13.47 SNMPv2-MIB::snmpTrapOID.0 = OID: NET-SNMP-AGENT-MIB::nsNotifyShutdown SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpNotificationPrefix
2009-09-11 18:50:19
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (89) 0:00:00.89 SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-MIB::coldStart SNMPv2-MIB::snmpTrapEnterprise.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
Troubleshooting
On either the server or the client side, enter:
tcpdump -s 0 -i eth0 host 172.16.181.57 -vv
tcpdump -s 0 -i eth0 udp port 162 -vvvv
In case you dont have root access of codec, use new utils network capture command (available in CTS 1.6) to examine any incoming packets.
On the server side, verify local traps are handled
snmptrap -v 3 -u trapuser -l authnoPriv -a MD5 -A C1sco123 -e 8000DEECAFE8111BEEFADE
to see whether a field has been update or not.
Also on the server side,
ps -aef | grep snmp
to make sure SNMP daemon is alive.
No comments:
Post a Comment