Add or Change Trap Destination screen

When you click Add or Change on the Configure Trap Destinations screen, the Add Trap Destination or Change Trap Destination screen appears. These screens are similar, except that:

• On the Add Trap Destination screen, the data-entry fields are initially blank.
• On the Change Trap Destination screen, the fields are populated with information for the trap you selected on the Configure Trap Destinations screen.

This topic covers:

How to add or change a trap destination

Problems when you add or change traps

SNMP version-dependent information

Add or change a trap destination

To add a new trap destination, or to change information regarding an existing trap:

1. On the main menu under the SNMP section, click Configure Trap Destinations.
2. Choose the action that you want to do next:
3. To add a new trap destination, Click Add. The Add Trap Destination screen appears. All the fields are blank.
4. To change a trap destination, select the trap destination you want to modify. Click Change. The Change Trap Destination screen appears, prepopulated with trap information. When the appropriate screen appears, enter or modify the information as described below.

To enable a trap destination, select Enable Trap Destination. Click Enable Trap.

• Check the box to send traps or informs (acknowledged traps) to this destination.

• Clear the checkbox to not send traps or informs to this destination, although this configuration data will be kept in the file.

5. IP address: Enter the IP address for the workstation that has the network management software (NMS)  that is to receive the trap notifications. This field is required for all versions of SNMP.
6. SNMP version: Select the radio button for the version of SNMP that the corporate NMS is running. Fill out the required information for each version:

• SNMP version 1: Enter a text string to provide security for SNMP messages. You can use any characters except: ` \ & , ' " (single back-quote, backslash, ampersand, comma, single quote, double quote).
• SNMP version 2c: Enter a notification type and community name as follows:
• Notification type: Select either trap or inform (acknowledged trap). See SNMP v2c and v3 inform operation for details.
• Community name: Enter a text string to provide security for SNMP messages. You can use any characters except: ` \ & , ' " (for example: company-SNMP).
• SNMP version 3: Enter a notification type, user name, and a security model, plus any pass phrases required by the security model.
• Notification type: Select either trap or inform (acknowledged trap). See SNMP v2c and v3 inform operation for details.
• User name: Enter a text string that indicates the user that is authorized to send traps to the destination. The name can contain any characters except: ` \ & , ' " (for example: Jane Doe).
• Security model: Select the level of security to use when sending v3 traps:

• None: no additional information is needed. Traps are sent in plain text without a digital signature.

• Authentication: an authentication password must be given. SNMP v3 uses this pass phrase to digitally "sign" v3 traps using MD5 protocol (associate them with the user).

• Privacy: both an authentication password and a privacy password must be given in order to provide user-specific authentication and encryption. Traps are signed as above and also encrypted using Data Encryption Standard (DES) protocol.

• Authentication password: Enter a text string at least 8 characters long to provide user-specific authentication by means of a digital signature. The pass phrase can contain any characters except: ` \ & , ' " (for example: hon3yb38r).Privacy password: Enter a text string at least 8 characters long to provide user-specific authentication and trap encryption. The pass phrase can contain any characters except: ` \ & , ' " (for example: k33p58f3).

7. When you finish, click Add or Change.
8. If all information was entered and processed correctly, the Configure Trap Destinations screen appears, showing the new or modified entry.
9. If information was incomplete, an error message appears. See Problems adding or changing traps for resolution procedures.

Problems adding or changing traps

The Add or Change Trap Destinations screens display an error message if insufficient information is entered. To solve this:

1. Review the error message to determine the missing information.
2. Click Back on your browser to return to the previous screen.
3. Enter the required information, then click Add or Change again.

SNMP version-dependent information

The Avaya media server supports SNMP Version 1 (v1), Version 2c (v2c), and Version 3 (v3). Version-specific operation is covered in the following sections:

SNMP v2c and v3 inform operation

SNMP v3 user-based security model

SNMP v2c and v3 inform operation

In SNMP v2c and v3, the media server can be configured to send informs. Informs are acknowledged traps, which means that the receiver of the trap is expected to respond with an SNMP message acknowledging receipt.

The destination port for an incoming inform/trap on the media corporate Ethernet interface of the server is 162. The source port for this transaction is a random UDP port on this interface. If a firewall exists between the media server and the inform destination, then the firewall must be configured either to allow traffic on all user-based UDP ports, or to allow sessions in which a temporary hole is punched through the firewall (the recipient of the trap needs to get the acknowledgement back through the firewall). For the acknowledgement, the source port on the media server is 162 and the destination port is a random UDP port (the inverse of the what the inform had since the direction the packet is going is reversed).

For each destination, the media server's G3 alarm agent buffers alarms to be sent as informs; it does not send the next one until the current inform has been acknowledged. If a request is not acknowledged, the G3 alarm agent attempts the request again. This design may affect the timeliness in which alarms are reported. Also, alarms will be lost if the buffer fills up. To manage this, you can:

• Use traps instead of informs.
• Ensure that there is appropriate connectivity for the informs and their acknowledgements.

SNMP v3 user-based security model

SNMP v3 uses a user-based security model. If traps are sent using SNMP v3 with authentication and encryption, the trap receiver must be configured with the same user name and passwords to authenticate and to decrypt the message. If the user and the password information do not match, authentication or decryption fails and the trap is discarded.

Also, in the authentication and privacy security models, SNMP v3 traps are sent using the v3 inform mechanism, but without retries the media server makes only one attempt to send the trap). The v3 inform mechanism first obtains the necessary synchronization information by sending a query packet to the trap receiver. This query packet requires a response that has firewall implications. If a firewall exists between the media server and the trap destination, it must be configured to let the response through. If the firewall blocks the response, the inform will not succeed and an error message will be written to the Linux syslog.