Highlighted
Expert
Expert

vRO 8.0.1 snmp , receiving a trap

Jump to solution

Hello,

can anyone check what i am doing wrong ? I want to test if my newly installed vro can receive snmp traps. Steps i have taken:

1. Install vro 8.0.1

2. Auth via vc sso

3.Added a device (192.168.1.97) - my laptop

4.Ran workflow - Wait for a trap on all devices , wait for a trap on a snmp device(pointing to my laptop , port 4000).

When reunning wait for a trap o nall devices i am assuming that is awaiting for a trap on port 4000 as this is the default, when running via a snamp device i have sent snmp device port 4000, public.

i run from my laptop:

C:\SnmpTrapGen>SnmpTrapGen.exe -r:192.168.1.150 -t:10 -c:"public" -to:.1.3.6.1.2.1.1.4.0 -p:4000 -v:2c

SnmpTrapGen v1.1 - Copyright (C) 2009 SnmpSoft Company

[ More useful network tools on http://www.snmpsoft.com ]

OK

The workflow is still waiting.

I have also ran a python script directly from the vRO 8.0.1 appliance itself

root@vro [ ~ ]# cat sendsnmptolocalvro4000.py

from pysnmp.hlapi import *

from pysnmp import debug

debug.setLogger(debug.Debug('msgproc'))

next(sendNotification(SnmpEngine(),

     CommunityData('public'),

     UdpTransportTarget(('192.168.1.150', 4000)),

     ContextData(),

     'trap',

     # sequence of custom OID-value pairs

     [ObjectType(ObjectIdentity('1.3.6.1.2.1.1.1.0'), OctetString('my string')),

      ObjectType(ObjectIdentity('1.3.6.1.2.1.1.3.0'), Integer32(42))]))

Also nothing happens. The workflow is not being interrupted in anyway, indicating that he has received the trap.

I have set up a trap receiver on other node in the network and those 2 script are sending it ok. from vRO appliance the python script can trigger the trap on my windows machine running snmpb.

Any idea if i have missed anything ? I checked 2 books, few tutorials and i think i am doing exactly what others but its just not working. Firewall is not the case since the python is even running locally from the vRO + its flat home network , no fw/gw.

y1.png

y2.png

I can send snmp trap from vRO to my laptop snmpb

y3.png

I have also configured vcenter vc01.greg.labs to send snmp traps to the VRO + my laptop with snmpb

y4.png

VC alarm is triggered when VM is created. IT sents 1 trap to my laptop +1 trap to vRO. And VRO is not handling it .

y5.png

vRO trap host configured with port 4000 and is listening

Trap Host (Online)

port4000
display nameTrap Host (online)
@fullType

SNMP:TrapHost

Edit: I have also deployed vRO 7.6, same config, everything 1:1 as in 8.0.1 case , and here it worked all as expected, waiting for traps on 4000 port, and i have generated one from my laptop using snmptrapgen and workflow has triggered (listen for snmp trap on all devices). So is there something i should know about 8.0.1 ? Some extra steps in order to configure it ? Are we supposed to use 8.0.1 ?

--- @blog https://grzegorzkulikowski.info
0 Kudos
1 Solution

Accepted Solutions
2 Replies
Highlighted
Contributor
Contributor

As the post that states, you first have open the port on the appliance firewall and tell the vRO pod to listen on that port.

This is done by executing the following commands on the vRO appliance as root.

# Create a variable for the SNMP port (444-32767)

SNMP_PORT=4000

# Create a kubernetes NodePort service for that SNMP port over UDP

kubectl -n prelude expose deployment vco-app --type=NodePort --name=vro-snmp-$SNMP_PORT --port=$SNMP_PORT --target-port=$SNMP_PORT --protocol=UDP

# Add the port as nodePort to the service

kubectl -n prelude patch svc vro-snmp-$SNMP_PORT --type='json' -p '[{"op":"replace","path":"/spec/ports/0/nodePort","value":'$SNMP_PORT'}]'

# Patch the service so the source IP address can reach the vRO pod

kubectl -n prelude patch svc vro-snmp-$SNMP_PORT -p '{"spec":{"externalTrafficPolicy":"Local"}}'

# Create firewall rules for that port over UDP

iptables -A INPUT -p udp -m udp --dport $SNMP_PORT -j ACCEPT

The port number is limited by kubernetes and has to be lower than 32767, in your case 4000 is ok.

You will have to execute these commands after each run of deploy.sh to keep the port open.