How Do I Mask SNMP Traps?

How Do I Mask a Trap or a Type of Traps on a Switch?

You can use commands to enable a switch to generate traps. If a trap is disabled, the switch does not generate the trap or send the trap to the NMS.

By default, some trap modules are enabled, while some are disabled. You can run the display snmp-agent trap all command to check the status of all trap modules. An example is as follows:

<HUAWEI> display snmp-agent trap all
------------------------------------------------------------------------------  
Feature name: INFO                                                              
Trap number : 2                                                                 
------------------------------------------------------------------------------  
Trap name                       Default switch status   Current switch status   
hwICLogFileAging                on                      on                      
hwICLogBufferLose               on                      on                      
------------------------------------------------------------------------------  
---- More ----

Item	Description
Feature name	Name of a feature that generates traps.
Trap number	Number of traps generated by the feature.
Trap name	Name of a trap.
Default switch status	Default status of the trap: on: The switch sends the trap to the NMS. off: The switch does not send the trap to the NMS.
Current switch status	Current status of the trap: on: The switch sends the trap to the NMS. off: The switch does not send the trap to the NMS. The status of a trap can be configured using the snmp-agent trap enable feature-name command.

To disable a trap or the trap function of a module, perform the following operations:

Search for a trap based on certain keywords in the Alarm Handling of S series switches. For example, if you want to mask traps related to optical modules, you can find the following traps in the Alarm Handling:
ENTITYTRAP_1.3.6.1.4.1.2011.5.25.219.2.4.5 hwOpticalInvalid 136xxx

These traps include the following keywords:
- ENTITYTRAP: indicates the name of a feature that generates traps.
- hwOpticalInvalid: indicates the trap name.
Run the snmp-agent trap enable or snmp-agent trap enable feature-name feature-name trap-name trap-name command to enable or disable the trap function.
Parameter

Description

feature-name

Specifies the name of a feature that generates traps.

trap-name

Specifies the name of a trap.

The following command is an example for masking traps related to optical modules:
```
undo snmp-agent trap enable feature-name ENTITYTRAP trap-name hwOpticalInvalid
```

Parameter	Description
feature-name	Specifies the name of a feature that generates traps.
trap-name	Specifies the name of a trap.

How Do I Send Specific Traps to a Specified Host?

In this scenario, the switch can still generate traps locally. In addition, the switch filters traps and sends only traps meeting specific rules to the NMS.

On the live network, customers sometimes need to send specific traps to specified hosts. For example, a customer deploys a dedicated NMS to monitor the link status (Up or Down) of network devices and does not want to receive other traps. To meet this requirement, you can run the snmp-agent notify-filter-profile command on the switch to configure a trap filter profile. This type of requirements generally involves two scenarios:

Scenario 1: Only some traps need to be reported.
Scenario 2: Except some traps, other traps need to be reported.

Configuration example for scenario 1: The customer wants to report link Up and Down traps to the NMS that uses IP address 10.8.8.8 and does not want to report other traps to the NMS.

Locate the two traps in the MIB reference in the product documentation, as described in the following tables.

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.6.3.1.1.5.4	linkUp	ifIndex ifAdminStatus ifOperStatus ifDesc	A linkUp trap indicates that the SNMP entity, acting as an agent, has detected that one of the communication links in the ifOperStatus object has changed from Down to another state (not notPresent). The new state is indicated by the value of ifOperStatus.	This object is implemented as defined in the corresponding MIB file.

OID	Object Name	Bound Variable	Description	Implemented Specifications
1.3.6.1.6.3.1.1.5.3	linkDown	ifIndex ifAdminStatus ifOperStatus ifDesc	A linkDown trap indicates that the SNMP entity, acting as an agent, has detected that one of the communication links in the ifOperStatus object has changed to Down from another state (not notPresent). The original state is indicated by the value of ifOperStatus.	This object is implemented as defined in the corresponding MIB file.

Run the snmp-agent notify-filter-profile command to configure a trap filter profile that includes linkUp and linkDown trap objects. The following example assumes that the name of the trap filter profile is profile_a.
```
snmp-agent notify-filter-profile included profile_a linkUp
snmp-agent notify-filter-profile included profile_a linkDown
```

When you use included to filter a specific trap, the trap object and all bound variables of the trap must be included. Otherwise, trap filtering fails. Therefore, you need to include all the bound variables of the linkUp and linkDown traps. The detailed configuration is as follows:

snmp-agent notify-filter-profile included profile_a ifIndex                     
snmp-agent notify-filter-profile included profile_a ifDesc                     
snmp-agent notify-filter-profile included profile_a ifAdminStatus               
snmp-agent notify-filter-profile included profile_a ifOperStatus

Trap packets of SNMPv2c and SNMPv3 also contain the sysUpTime and snmpTrapOID objects. Therefore, you need to add the two objects to the trap filter profile. The detailed configuration is as follows:
```
snmp-agent notify-filter-profile included profile_a sysUpTime              
snmp-agent notify-filter-profile included profile_a snmpTrapOID 
```

Configure the IP address of the trap host and bind the trap filter profile.

snmp-agent target-host trap address udp-domain 10.8.8.8 params securityname cipher @%@%m%eiQi2Kz+-/Z:!gz24-a4IY@%@% v2c notify-filter-profile profile_a

Configuration example for scenario 2: The customer wants to report traps except linkUp and linkDown to the NMS.

In this scenario, pay attention to the following points:

When using exclude to filter out a type of traps, you need to configure the trap filter profile to include the iso object. Otherwise, all traps cannot be reported.
When exclude is used to filter out a specified trap, only the OID of the trap or the OID of a single bound variable for the trap needs to be configured.

The detailed configuration is as follows:

Run the snmp-agent notify-filter-profile command to configure a trap filter profile to exclude the linkUp and linkDown trap objects and include all the other objects. The following example assumes that the name of the trap filter profile is profile_a.
```
snmp-agent notify-filter-profile exclude profile_a linkUp
snmp-agent notify-filter-profile exclude profile_a linkDown
snmp-agent notify-filter-profile include profile_a iso
```

Configure the IP address of the trap host and bind the trap filter profile.

snmp-agent target-host trap address udp-domain 8.8.8.8 params securityname cipher @%@%m%eiQi2Kz+-/Z:!gz24-a4IY@%@% v2c notify-filter-profile profile_a