Unknown alert received... Trap Type 1.3.6.1.2.1.10.166.3.6.1 in Spectrum
search cancel

Unknown alert received... Trap Type 1.3.6.1.2.1.10.166.3.6.1 in Spectrum

book

Article ID: 117675

calendar_today

Updated On:

Products

Spectrum

Issue/Introduction

Unknown alert received from device xxxxx fo type GnSNMPDev. Device Time 9+02:21:15 Trap Type 1.3.6.1.2.1.10.166.3.6.1
Trap var bind data:
OID 1.3.6.1.2.1.1.3.0 Value yyyyyyy
OID 1.3.6.1.2.1.10.166.3.2.2.1.34.57178.169.32322235926.32322235916 Value :z.

This OID and trap is in the MPLS-TE-STD-MIB from mib2 which is part of the Spectrum default traps as
mplsTunnelDown : 13.6.1.2.1.10.166.3.0.2.

Why are we getting an unknown alert message for a mapped trap?

Environment

Release: Any
Component: SPCAEM

Resolution

A grep on the oid of the unknown alert, on 10.2.0 shows as follows:

/Spectrum/SS/CsVendor
> grep -r 1.3.6.1.2.1.10.166.3. .
./Mpls/MplsTeApp/AlertMap:1.3.6.1.2.1.10.166.3.0.2     0x04520304 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\
./Mpls/MplsTeApp/AlertMap:                                        1.3.6.1.2.1.10.166.3.2.2.1.35(3,0)
./Mpls/MplsTeApp/AlertMap:1.3.6.1.2.1.10.166.3.0.4     0x04520305 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\
./Mpls/MplsTeApp/AlertMap:                                        1.3.6.1.2.1.10.166.3.2.2.1.35(3,0)
./Mpls/MplsTeApp/AlertMap:1.3.6.1.2.1.10.166.3.0.3     0x04520306 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\
./Mpls/MplsTeApp/AlertMap:                                        1.3.6.1.2.1.10.166.3.2.2.1.35(3,0)
./Mpls/MplsTeApp/AlertMap:1.3.6.1.2.1.10.166.3.0.1     0x04520307 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\
./Mpls/MplsTeApp/AlertMap:                                        1.3.6.1.2.1.10.166.3.2.2.1.35(3,0)

but on 10.3 it is different

/Spectrum/SS/CsVendor 
$ grep -r 1.3.6.1.2.1.10.166.3. . 
./Mpls/RFC3812App/AlertMap:1.3.6.1.2.1.10.166.3.0.2 0x04520304 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\ 
./Mpls/RFC3812App/AlertMap:1.3.6.1.2.1.10.166.3.0.4 0x04520305 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\ 
./Mpls/RFC3812App/AlertMap:1.3.6.1.2.1.10.166.3.0.3 0x04520306 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\ 
./Mpls/RFC3812App/AlertMap:1.3.6.1.2.1.10.166.3.0.1 0x04520307 1.3.6.1.2.1.10.166.3.2.2.1.34(1,2)\ 

Neither of these matches the oid of the trap that came in, where the penultimate digit is 6 instead of 0.

To resolve this, copy the trap mappings above over to the $SPECROOT/custom/Events/AlertMap and update the trap oid to use the 1.3.6.1.2.1.10.166.3.6.1 as seen in the unknown alert.

Powered by Wolken Software