SNMPv1 Traps not being sent from switch

Customer configured SNMP V1 however traps are not being sent from the switch. 


 

Troubleshooting steps:

1) Can customer ping the recipient IP from the switch?
>ping x.x.x.x 

2) Confirm with customer if there is a fire wall blocking the trap port 162. If blocked, customer needs to open port 162

3) Gather supportsave, check "SNMPv1 Entries" in supportshow
>CLI command "snmpconfig --show snmpv1"

ACL issue
4) Check if customer has Access Control list configured, check "AccessControl List" in supportshow. 
>CLI command "snmpconfig --show accesscontrol"


*** In the below example there is a host configured in the Access Control List that does not match the trap recipient IP configured in SNMP V1 community 1. If no ACL is configured traps would be sent to the recipient IP. Must add the trap recipient IP in the Access Control List in order for traps to be sent to the recipient configured. ACL can also be removed.

Check configuration for SNMP V1:

> snmpconfig --show snmpv1

SNMPv1 community and trap recipient configuration:
  Community 1: Test_Config (rw)
    Trap recipient: 10.xxx.xxx.xxx
    Trap port: 162
    Trap recipient Severity level: 0
  Community 2: OrigEquipMfr (rw)
    No trap recipient configured yet
  Community 3: private (rw)
    No trap recipient configured yet
  Community 4: public (ro)
    No trap recipient configured yet
  Community 5: common (ro)
    No trap recipient configured yet
  Community 6: FibreChannel (ro)
    No trap recipient configured yet


> snmpconfig --show accesscontrol

SNMP access list configuration:
Entry 0:  Access host subnet area 10.xxx.xxx.xxx (rw) (does not match recipient IP)
Entry 1:  No access host configured yet
Entry 2:  No access host configured yet
Entry 3:  No access host configured yet
Entry 4:  No access host configured yet
Entry 5:  No access host configured yet

To resolve issue add trap recipient IP to ACL.

> snmpconfig --set accesscontrol

SNMP access list configuration:
Access host subnet area : [10.xxx.xxx.xxx]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0] 10.xxx.xxx.xx
Read/Write? (true, t, false, f): [true] t
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Committing configuration.....done.

Confirm trap recipient IP is configured in ACL
> snmpconfig --show accesscontrol

SNMP access list configuration:
Entry 0:  Access host subnet area 10.xxx.xxx.xxx (rw)
Entry 1:  Access host subnet area 10.xxx.xxx.xxx (rw)
Entry 2:  No access host configured yet
Entry 3:  No access host configured yet
Entry 4:  No access host configured yet
Entry 5:  No access host configured yet

**Additionally if ACL's are not necessary or incorrect customer can remove any configured IPs. Below shows removing an incorrect IP in the ACL. Enter 0.0.0.0 for any pre-configured hosts. Follow same steps for any IPs that should be removed.

>snmpconfig --set accesscontrol

SNMP access list configuration:
Access host subnet area : [10.xxx.xxx.xxx] 0.0.0.0
Read/Write? (true, t, false, f): [true]
Access host subnet area : [10.241.213.181]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]
Access host subnet area : [0.0.0.0]
Read/Write? (true, t, false, f): [true]

Committing configuration.....done.


> snmpconfig --show accesscontrol

SNMP access list configuration:
Entry 0:  No access host configured yet
Entry 1:  Access host subnet area 10.xxx.xxx.xxx (rw)
Entry 2:  No access host configured yet
Entry 3:  No access host configured yet
Entry 4:  No access host configured yet
Entry 5:  No access host configured yet