SNMP Traps with SPAN

Monitor SNMP Traps without changing router configuration

How to setup up SNMP Trap SPAN Port

How to use the SNMP Trap Monitor with port SPAN (mirror) ?
How to use the SNMP Trap Monitor with Network TAPs ?
How to use the SNMP Trap Monitor in classic mode ?

About the feature

You can plug in Unbrowse SNMP into a SPAN port or a network tap and immediately begin monitoring. This allow a network administrator to non-intrusively observe fault conditons in a network. Unbrowse SNMP can also operate in "classic mode", like other trap monitors in the market today. This page gives instructions on setting up Unbrowse SNMP to operate in trap monitor mode.

This feature requires pretty much the same mechanisms as a Sniffer or Network Protocol Analyzer.  The key is to find a location in your management network where there is maximum visibility of SNMP traffic. This is usually a switch or router into which your primary fault management application such as CiscoWorks DFM or HP Openview Network Node Manager is plugged into. For small network without a dedicated application, you can use Unbrowse SNMP as the primary trap receiver or plug into into any appropriate place in the network.

Pre-requisites

You need the following 
  • The Winpcap library available for free from here. Unbrowse SNMP can also work without the Winpcap library, it uses Windows Raw Sockets framework as a default provider. However, we strongly recommend the Winpcap library for its superior packet filtering and support for Windows XP SP2 and above.
  • Physical access to the network carrying the management traffic
  • An empty port in a switch capable of being put into a SPAN or Mirror mod
  • An alternative to SPAN ports are network TAPs. You can purchase a network TAP from a vendor such as VSS Monitoring or NetOptics. Even for normal network management purposes we recommend you to purchase a network tap and install it at key management points in your network.

Using Unbrowse SNMP Trap Monitor in port SPAN mode

  • Download and install the Winpcap packet capture library on the machine running Unbrowse SNMP.
  • Locate the router/switch into which the primary fault management system (eg, CiscoWorks DFM or HP Openview Network Node Manager)  is plugged in. Alternately, you can find any switch in your management network which carries SNMP Trap traffic. 
  • Find an empty ethernet port on that switch and connect Unbrowse SNMP into that port. If your vendor has  full duplex connections you may leave the transmit direction disconnected.
  • Set up a local SPAN session by mirroring the port into Unbrowse SNMP. The instructions for setting up a SPAN session varies from vendor to vendor. See here for instruction on how to setup a SPAN session on Cisco Catalyst switches.
  • You are now all set.
  • Just start the Trap Console and watch the traps.

Using Unbrowse SNMP Trap Monitor with Network TAPs

  • Download and install the Winpcap packet capture library on the machine running Unbrowse SNMP.
  • Make sure your network tap is located in a strategic location in your network. This can be near or directly attached to the subnet containing your main network management systems. 
  • Plug Unbrowse SNMP into an empty port on the TAP. If your tap has full duplex ethernet interface, you may leave the transmit side disconnected.
  • You are now all set.
  • Just start the Trap Console and watch the traps.

Using Unbrowse SNMP Trap Monitor in classic mode

  • If Winpcap is installed, Unbrowse will use it otherwise it will fall back to Windows Raw Sockets. 
  • Add the IP Address of Unbrowse SNMP into all the routers from which you want to receive traps.
  • You are now all set.
  • Just start the Trap Console and watch the traps.

[sitemap]
Copyright (c) 2006-08, Unleash Networks, All rights reserved