Traps are generated when a condition has been met on the SNMP agent. These conditions are defined in the Management Information Base (MIB) provided by the vendor. The administrator then defines thresholds, or limits to the conditions, that are to generate a trap. Conditions range from preset thresholds to a restart. After the condition has been met the SNMP agent then forms an SNMP packet that specifies the following:
SNMP Version: v1 or v2
Community: Community name of the SNMP agent (defined on the agent)
PDU TYPE: SNMPvX Trap (4)
Enterprise: Corporation or organization that originated the trap, such as .1.3.6.1.4.1.x
Agent Address: IP address of the SNMP agent
Generic Trap Type: Cold Start, Link Up, Enterprise, etc.
Specific Trap Type: When Generic is set to Enterprise a specific trap ID s identified
Timestamp: The value of object sysUpTime when the event occurred
Object x Value x: OID of the trap and the current value
The above packet is sent to the SNMP trap host, or manager, through UDP port 162.
Packet Format:
Table 2-8. Generic Traps
Generic Trap Name and Number
Definition
coldStart (0)
Indicates that the agent has rebooted. All management variables will be reset; specifically, Counters and Gauges will be reset to zero (0). One nice thing about the coldStart trap is that it can be used to determine when new hardware is added to the network. When a device is powered on, it sends this trap to its trap destination. If the trap destination is set correctly (i.e., to the IP address of your NMS) the NMS can receive the trap and determine whether it needs to manage the device.
warmStart (1)
Indicates that the agent has reinitialized itself. None of the management variables will be reset.
linkDown (2)
Sent when an interface on a device goes down. The first variable binding identifies which interface went down.
linkUp (3)
Sent when an interface on a device comes back up. The first variable binding identifies which interface came back up.
authenticationFailure (4)
Indicates that someone has tried to query your agent with an incorrect community string; useful in determining if someone is trying to gain unauthorized access to one of your devices.
egpNeighborLoss (5)
Indicates that an Exterior Gateway Protocol (EGP) neighbor has gone down.
enterpriseSpecific (6)
Indicates that the trap is enterprise-specific. SNMP vendors and users define their own traps under the private-enterprise branch of the SMI object tree. To process this trap properly, the NMS has to decode the specific trap number that is part of the SNMP message.