How To Troubleshoot ION SNMP Trap

• Prisma SD-WAN
• ION devices
• SNMP Trap

1. Check the following points on SD-WAN GUI's configuration
   • Configuration differences between active ION and passive ION
   • Configuration of SNMP Trap
     • Server IP
     • Version
     • Security related: auth/encryption algorithms, phrase, etc

2. Verify selected source interface does have IP connectivity to External Monitoring Server.
3. Check SD-WAN Controller GUI's configuration has been pushed to ION.

• dump snmptrap config

4. Confirm ION is sending the Traps.
   • Enable debug-level debugging for facility "event" and module "evd_api".

     debug logging facility=event module=evd_api level=debug

   • Follow logs.

     debug logs follow event | grep trap

     ION will generate logs similar to the below one, in case an event happens.

     54:50.218 deb event_forw 2749   event      evd_api    COMMAND:snmptrap -s <SOURCE-IP>  -v 3 -u SD_WAN -l noAuthNoPriv <YOUR-SERVER-IP> '' .1.3.6.1.4.1.50114.10.1.0.102 .1.3.6.1.4.1.50114.10.1.1.3.1 s 1696414203643013608 .1.3.6.1.4.1.50114.10.1.1.3.3 s 10.28.0.14 .1.3.6.1.4.1.50114.10.1.1.3.4 s classic  .1.3.6.1.4.1.50114.10.1.1.4.2 s " BranchName "  .1.3.6.1.4.1.50114.10.1.1.5.1 s 1680621797229002608 .1.3.6.1.4.1.50114.10.1.1.5.2 s " BranchName " .1.3.6.1.4.1.50114.10.1.1.4.1 s 1680622042251020508
     

     • <SOURCE-IP> is the ION's interface IP address from where the Trap is being sent
     • <YOUR-SERVER-IP> is the External Monitoring System configured in GUI within SNMP Trap configuration on each ION.
   • Run a packet Capture to verify ION's sending traps on the expected interface.

     tcpdump <interface> args="port 162" show

     • <INTERFACE> is the source interface configured to send the Traps.
5.  Final important step is to disable debug-level logs once finished.

debug logging facility=event module=evd_api level=info