Courseiva
SystemCCNA 200-301

SNMP Traps Not Being Received at NMS

Presenting Symptom

The NMS is not receiving SNMP traps from a Cisco router, although the router is configured to send them.

Network Context

A small branch office with a Cisco 4321 ISR router (IOS XE 16.9) connects to the corporate NMS over a WAN link. The router is configured with SNMPv2c and sends traps to the NMS IP 10.1.1.100. The NMS is reachable via ping from the router.

Diagnostic Steps

1

Verify SNMP configuration on the router

show running-config | include snmp
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps
snmp-server host 10.1.1.100 version 2c public

Check that snmp-server enable traps and snmp-server host are present. If missing, traps won't be sent. Also verify community string matches NMS.

2

Check if traps are being generated

show snmp pending
There are no SNMP pending requests.

If pending requests exist, traps may be queued but not sent. If empty, traps are either sent or not generated.

3

Verify trap delivery with debug

debug snmp packets
SNMP: Packet sent via UDP to 10.1.1.100:162
SNMP: Response, reqid 12345, errstat 0, erridx 0

Look for 'Packet sent' lines. If no output when a trap should be sent (e.g., interface down), traps are not being generated or sent. If 'Packet sent' appears but NMS doesn't receive, check network path.

4

Check if SNMP traps are reaching the NMS

ping 10.1.1.100
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

If ping fails, there is a connectivity issue. If ping succeeds, the problem is likely at the NMS (e.g., SNMP service not listening, firewall blocking UDP 162).

Root Cause

The NMS is not listening on UDP port 162, or a firewall between the router and NMS is blocking SNMP traps (UDP port 162).

Resolution

1. On the NMS, ensure SNMP trap receiver service is running and listening on UDP 162. 2. Check firewall rules to allow UDP 162 from the router's IP to the NMS. 3. On the router, verify the snmp-server host command points to the correct NMS IP and community string.

Verification

On the router, generate a test trap (e.g., shut/no shut an interface) and run 'debug snmp packets' to see the trap sent. On the NMS, verify trap receipt in the SNMP trap log.

Prevention

1. Use SNMPv3 for secure and reliable trap delivery. 2. Implement SNMP trap monitoring with alerts for trap loss. 3. Document firewall rules and NMS configuration for SNMP traps.

CCNA Exam Relevance

CCNA 200-301 exam tests SNMP configuration and troubleshooting. Questions may present a scenario where traps are not received and ask for the most likely cause (e.g., wrong community string, NMS unreachable, SNMP not enabled). Candidates must know the 'snmp-server host' and 'snmp-server enable traps' commands.

Exam Tips

1.

Remember that SNMP traps use UDP port 162, and the NMS must be listening on that port.

2.

The 'snmp-server host' command requires the community string to match the NMS configuration.

3.

Use 'show snmp' to verify SNMP statistics and 'debug snmp packets' for real-time trap debugging.

Commands Used in This Scenario

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions