System SNMP Feature

Configure SNMP parameters, including SNMP device name and location, SNMP version, views, and communities, and trap groups.

Diagram

Classes

system_profiles (sdwan.feature_profiles)

Name	Type	Constraint	Mandatory	Default Value
snmp	Class	`[snmp]`	No

snmp (sdwan.feature_profiles.system_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[^&<>! "]{1,128}$`	No	`snmp`
description	String		No
communities	List	`[communities]`	No
contact_person	String	min: `1`, max: `255`	No
contact_person_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
groups	List	`[groups]`	No
location	String	min: `1`, max: `255`	No
location_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
shutdown	Boolean	`true`, `false`	No
shutdown_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
trap_target_servers	List	`[trap_target_servers]`	No
users	List	`[users]`	No
views	List	`[views]`	No

communities (sdwan.feature_profiles.system_profiles.snmp)

Name	Type	Constraint	Mandatory
authorization	Choice	`read-only`, `read-write`	No
authorization_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
name	String	Regex: `^[\S]+$`	Yes
user_label	String		Yes
view	String	min: `1`, max: `32`	No
view_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

groups (sdwan.feature_profiles.system_profiles.snmp)

Name	Type	Constraint	Mandatory
name	String	min: `1`, max: `32`	Yes
security_level	Choice	`no-auth-no-priv`, `auth-no-priv`, `auth-priv`	Yes
view	String	min: `1`, max: `32`	No
view_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

trap_target_servers (sdwan.feature_profiles.system_profiles.snmp)

Name	Type	Constraint	Mandatory
ip	IP		No
ip_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
port	Integer	min: `1`, max: `65535`	No
port_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
source_interface	String	Regex: `^(GigabitEthernet\|Loopback\|TenGigabitEthernet\|TwoGigabitEthernet\|FortyGigabitEthernet\|HundredGigE\|Vlan)(([1-9]\d\|\d)/){0,2}(0\|[1-9]\d)([:\|\.][1-9]\d)?`	No
source_interface_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
user	String	min: `1`, max: `32`	No
user_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
user_label	String		No
vpn_id	Integer	min: `0`, max: `65530`	No
vpn_id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

users (sdwan.feature_profiles.system_profiles.snmp)

Name	Type	Constraint	Mandatory
authentication_password	String	min: `1`, max: `128`	No
authentication_password_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
authentication_protocol	Choice	`sha`	No
authentication_protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
group	String	min: `1`, max: `32`	No
group_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
name	String	min: `1`, max: `32`	Yes
privacy_password	String	min: `1`, max: `128`	No
privacy_password_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
privacy_protocol	Choice	`aes-cfb-128`, `aes-256-cfb-128`	No
privacy_protocol_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

views (sdwan.feature_profiles.system_profiles.snmp)

Name	Type	Constraint	Mandatory	Default Value
name	String	min: `1`, max: `32`	Yes
oids	List	`[oids]`	No

oids (sdwan.feature_profiles.system_profiles.snmp.views)

Name	Type	Constraint	Mandatory
exclude	Boolean	`true`, `false`	No
exclude_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No
id	String	Regex: `^(([0-1](\.[1-3]?[0-9]))\|(2\.(0\|([1-9]\d))))(\.(0\|\\|([1-9]\d*))){0,126}$`	No
id_variable	String	Regex: `^[./\[\]a-zA-Z0-9_-]{1,64}$`	No

Examples

Example-1: This example shows configuration when customer is still using SNMPv2 with communities. Edges send traps to two SNMP servers inside a service VPN from source interface Loopback10.

sdwan:
  feature_profiles:
    system_profiles:
      - name: system1
        description: First system template
        snmp_templates:
          - name: FT-EDGE-SNMPV2-01
            description: SNMPv2 template
            contact_variable: snmp_contact
            location_variable: snmp_location
            shutdown_variable: snmp_shutdown
            trap_target_servers:
              - ip: 172.16.0.11
                udp_port: 514
                community_name: $CRYPT_CLUSTER$MVeouqBXy9Od6dAYMJ6eTQ==$z0Pl/8UAxXkt1lXOnayv8A==
                source_interface: Loopback10
                vpn_id: 10
              - ip: 172.16.0.12
                udp_port: 514
                community_name: $CRYPT_CLUSTER$MVeouqBXy9Od6dAYMJ6eTQ==$z0Pl/8UAxXkt1lXOnayv8A==
                source_interface: Loopback10
                vpn_id: 10
            communities:
              - name: $CRYPT_CLUSTER$QxiZDYbM/8ElLYQCgdvUOA==$7ojrXlNnk/0jZ+lnhVJlLQ==
                authorization_read_only: true
                view: VIEW_ALL
            views:
              - name: VIEW_ALL
                oids:
                  - id: "1.3"
                    exclude: false

Example-2: This example uses SNMPv3 with most secure option (authentication and privacy). It creates a SNMP group that is then used for SNMP user. SNMP traps are send to two SNMP servers using previously created SNMP user from source interface Loopback10..

sdwan:
  feature_profiles:
    system_profiles:
      - name: system1
        description: First system template
        snmp_templates:
          - name: FT-EDGE-SNMPV3-01
            description: SNMPv3 template
            contact_variable: snmp_contact
            groups:
              - name: GROUP_AUTH_PRIV
                security_level: auth-priv
                view: VIEW_ALL
            location_variable: snmp_location
            shutdown_variable: snmp_shutdown
            trap_target_servers:
              - ip: 172.16.0.11
                udp_port: 514
                community_name: $CRYPT_CLUSTER$MVeouqBXy9Od6dAYMJ6eTQ==$z0Pl/8UAxXkt1lXOnayv8A==
                source_interface: Loopback10
                user: user01
                vpn_id: 10
              - ip: 172.16.0.12
                udp_port: 514
                community_name: $CRYPT_CLUSTER$MVeouqBXy9Od6dAYMJ6eTQ==$z0Pl/8UAxXkt1lXOnayv8A==
                source_interface: Loopback10
                user: user01
                vpn_id: 10
            users:
              - name: user01
                group: GROUP_AUTH_PRIV
                authentication_protocol: sha
                authentication_password: $CRYPT_CLUSTER$GU+PR6WV3va2QY07wG6Z6w==$INccS/tPm4BdiwzuP6lUJw==
                privacy_protocol: aes-256-cfb-128
                privacy_password: $CRYPT_CLUSTER$GU+PR6WV3va2QY07wG6Z6w==$INccS/tPm4BdiwzuP6lUJw==
            communities:
              - name: $CRYPT_CLUSTER$QxiZDYbM/8ElLYQCgdvUOA==$7ojrXlNnk/0jZ+lnhVJlLQ==
                authorization_read_only: true
                view: VIEW_ALL
            views:
              - name: VIEW_ALL
                oids:
                  - id: "1.3"
                    exclude: false
              - name: VIEW_ALL2
                oids:
                  - id: "1.3"
                    exclude: false

Diagram​

Classes​

system_profiles (sdwan.feature_profiles)​

snmp (sdwan.feature_profiles.system_profiles)​

communities (sdwan.feature_profiles.system_profiles.snmp)​

groups (sdwan.feature_profiles.system_profiles.snmp)​

trap_target_servers (sdwan.feature_profiles.system_profiles.snmp)​

users (sdwan.feature_profiles.system_profiles.snmp)​

views (sdwan.feature_profiles.system_profiles.snmp)​

oids (sdwan.feature_profiles.system_profiles.snmp.views)​

Examples​