Contents

Configuring SNMP on NetScaler SDX Appliances

Website Visitors:

You can configure a Simple Network Management Protocol (SNMP) agent on the NetScaler SDX appliance to generate asynchronous events, which are called traps. The traps are generated whenever there are abnormal conditions on the NetScaler SDX appliance. The traps are then sent to a remote device called a trap listener, which signals the abnormal condition on the NetScaler SDX appliance.

In addition to configuring an SNMP trap destination, downloading MIB files, and configuring one or more SNMP managers, you can configure the NetScaler appliance for SNMPv3 queries.

The following figure illustrates a network with a NetScaler SDX appliance that has SNMP enabled and configured. In the figure, each SNMP network management application uses SNMP to communicate with the SNMP agent on the NetScaler SDX appliance.

Figure 1. NetScaler SDX Appliance Supporting SNMP

https://www.mediafire.com/convkey/5a37/uq7iu94raheiabv7g.jpg

The SNMP agent on the SDX appliance generates traps that are compliant with SNMPv2 only. The supported traps can be viewed in the SDX MIB file. You can download this file from the Downloads page in the SDX user interface.

To add an SNMP trap destination

  1. On the configuration tab, in the navigation pane, expand System > SNMP, and then click SNMP Trap Destinations.

  2. In the SNMP Trap Destinations pane, click Add.

  3. In the Configure SNMP Trap Destination page, specify values for the following parameters:

    • Destination Server—IPv4 address of the trap listener to which to send the SNMP trap messages.

    • Port—UDP port at which the trap listener listens for trap messages. Must match the setting on the trap listener, or the listener drops the messages. Minimum value: 1. Default: 162.

    • Community—Password (string) sent with the trap messages, so that the trap listener can authenticate them. Can include letters, numbers, and hyphen (-), period (.) hash (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters.

      Note: You must specify the same community string on the trap listener device, or the listener drops the messages. Default: public.

  4. Click Add, and then click Close. The SNMP trap destination that you added appears in the SNMP Traps pane.

    To modify the values of the parameters of an SNMP trap destination, in the SNMP Trap Destinations pane, select the trap destination that you want to modify, and then click Modify. In the Modify SNMP Trap Destination dialog box, modify the parameters.

    To remove an SNMP trap, in the SNMP Trap Destinations pane, select the trap destination that you want to remove, and then click Delete. In the Confirm message box, click to remove the SNMP trap destination.

Downloading MIB Files

You must download the following file before you start monitoring a NetScaler SDX appliance.

SDX-MIB-smiv2.mib. This file is used by SNMPv2 managers and SNMPv2 trap listeners.

The file includes a NetScaler enterprise MIB that provides NetScaler SDX-specific events.

To download MIB files

  1. Log on to the Downloads page of the NetScaler SDX appliance user interface.
  2. Under SNMP Files, click SNMP v2 - MIB Object Definitions. You can open the file by using a MIB browser.

Adding an SNMP Manager Community

You must configure the NetScaler SDX appliance to allow the appropriate SNMP managers to query it. You must also provide the SNMP manager with the required appliance-specific information. For an IPv4 SNMP manager you can specify a host name instead of the manager’s IP address. If you do so, you must add a DNS name server that resolves the host name of the SNMP manager to its IP address.

You must configure at least one SNMP manager. If you do not configure an SNMP manager, the appliance does not accept or respond to SNMP queries from any IP address on the network. If you configure one or more SNMP managers, the appliance accepts and responds only to SNMP queries from those specific IP addresses.

To configure an SNMP manager

  1. On the Configuration tab, in the navigation pane, expand System, and then expand SNMP.
  2. Click Managers.
  3. In the details pane, click Add.
  4. In the Create SNMP Manager Communitypage, set the following parameters:
    • SNMP Manager—IPv4 address of the SNMP manager. Alternatively, instead of an IPv4 address, you can specify a host name that has been assigned to an SNMP manager. If you do so, you must add a DNS name server that resolves the host name of the SNMP manager to its IP address.
    • Community—The SNMP community string. Can consist of 1 to 31 characters that include uppercase and lowercase letters, numbers, and the hyphen (-), period (.) pound (#), at (@), equals (=), colon (:), and underscore (_) characters.
  5. Click Add, and then click Close.

Configuring the NetScaler SDX Appliance for SNMPv3 Queries

Simple Network Management Protocol Version 3 (SNMPv3) is based on the basic structure and architecture of SNMPv1 and SNMPv2. However, SNMPv3 enhances the basic architecture to incorporate administration and security capabilities, such as authentication, access control, data integrity check, data origin verification, message timeliness check, and data confidentiality.

The Citrix NetScaler SDX appliance supports the following entities that enable you to implement the security features of SNMPv3:

  • SNMP Views
  • SNMP Users

These entities function together to implement the SNMPv3 security features. Views are created to allow access to subtrees of the MIB.

Adding an SNMP Manager

You must configure the CloudBridge appliance to allow the appropriate SNMP managers to query it. You must also provide the SNMP manager with the required appliance-specific information. For an IPv4 SNMP manager you can specify a host name instead of the manager’s IP address. If you do so, you must add a DNS name server that resolves the host name of the SNMP manager to its IP address.

You must configure at least one SNMP manager. If you do not configure an SNMP manager, the appliance does not accept or respond to SNMP queries from any IP address on the network. If you configure one or more SNMP managers, the appliance accepts and responds only to SNMP queries from those specific IP addresses.

To configure an SNMP manager

  1. Navigate to the System > Configuration page.
  2. On the Configuration tab, in the navigation pane, expand System, and then expand SNMP.
  3. Click Managers.
  4. In the details pane, click Add.
  5. In the Add SNMP Manager Community dialog box, set the following parameters:
    • SNMP Manager—IPv4 address of the SNMP manager. Alternatively, instead of an IPv4 address, you can specify a host name that has been assigned to an SNMP manager. If you do so, you must add a DNS name server that resolves the host name of the SNMP manager to its IP address.
    • Community—The SNMP community string. Can consist of 1 to 31 characters that include uppercase and lowercase letters, numbers, and the hyphen (-), period (.) pound (#), at (@), equals (=), colon (:), and underscore (_) characters.
  6. Click Add, and then click Close.

Configuring an SNMP View

SNMP views restrict user access to specific portions of the MIB. SNMP views are used to implement access control.

To configure a view

  1. On the Configuration tab, in the navigation pane, expand System, and then expand SNMP.
  2. Click Views.
  3. In the details pane, click Add.
  4. In the Add SNMP View dialog box, set the following parameters:
    • Name—Name for the SNMPv3 view. Can consist of 1 to 31 characters that include uppercase and lowercase letters, numbers, and the hyphen (-), period (.) pound (#), at (@), equals (=), colon (:), and underscore (_) characters. You should choose a name that helps identify the SNMPv3 view.
    • Subtree—A particular branch (subtree) of the MIB tree, which you want to associate with this SNMPv3 view. You must specify the subtree as an SNMP OID.
    • Type—Include or exclude the subtree, specified by the subtree parameter, in or from this view. This setting can be useful when you have included a subtree, such as A, in an SNMPv3 view and you want to exclude a specific subtree of A, such as B, from the SNMPv3 view.

Configuring an SNMP User

After you have created an SNMP view, add SNMP users. SNMP users have access to the MIBs that are required for querying the SNMP managers.

To configure a user

  1. On the Configuration tab, in the navigation pane, expand System, and then expand SNMP.
  2. Click Users.
  3. In the details pane, click Add.
  4. In the Create SNMP Userpage, set the following parameters:
    • Name—Name for the SNMPv3 user. Can consist of 1 to 31 characters that include uppercase and lowercase letters, numbers, and the hyphen (-), period (.) pound (#), at (@), equals (=), colon (:), and underscore (_) characters.
    • Security Level—Security level required for communication between the appliance and the SNMPv3 users. Select from one of the following options:
      • noAuthNoPriv—Require neither authentication nor encryption.
      • authNoPriv—Require authentication but no encryption.
      • authPriv—Require authentication and encryption.
    • Authentication Protocol—Authentication algorithm used by the appliance and the SNMPv3 user for authenticating the communication between them. You must specify the same authentication algorithm when you configure the SNMPv3 user in the SNMP manager.
    • Authentication Password—Pass phrase to be used by the authentication algorithm. Can consist of 1 to 31 characters that include uppercase and lowercase letters, numbers, and the hyphen (-), period (.) pound (#), space ( ), at (@), equals (=), colon (:), and underscore (_) characters.
    • Privacy Protocol—Encryption algorithm used by the appliance and the SNMPv3 user for encrypting the communication between them. You must specify the same encryption algorithm when you configure the SNMPv3 user in the SNMP manager.
    • View Name—Name of the configured SNMPv3 view that you want to bind to this SNMPv3 user. An SNMPv3 user can access the subtrees that are bound to this SNMPv3 view as type INCLUDED, but cannot access the ones that are type EXCLUDED.

Configuring an SNMP Alarm

The appliance provides a predefined set of condition entities called SNMP alarms. When the condition set for an SNMP alarm is met, the appliance generates SNMP trap messages that are sent to the configured trap listeners. For example, when the deviceAdded alarm is enabled, a trap message is generated and sent to the trap listener whenever a device (instance) is provisioned on the appliance. You can assign a severity level to an SNMP alarm. When you do so, the corresponding trap messages are assigned that severity level.

Following are the severity levels defined on the appliance, in decreasing order of severity:

  • Critical
  • Major
  • Minor
  • Warning
  • Informational (default)

For example, if you set a Warning severity level for the SNMP alarm named deviceAdded, the trap messages generated when a device is added are assigned with the Warning severity level.

You can also configure an SNMP alarm to log the corresponding trap messages generated whenever the condition on that alarm is met.

To modify a predefined SNMP alarm, click System > SNMP > Alarms.

via Configuring SNMP on NetScaler SDX Appliances.

Want to learn more on Citrix Automations and solutions???

Subscribe to get our latest content by email.

If you like our content, please support us by sponsoring on GitHub below: