Integrating Dell Networking W-AirWave 7.7 with Centralized NMS Event Correlation Overview This document describes the AirWave alert/trap workflow when integrating with a centralized NMS Event Correlation System.
Figure 1 AMP Setup> NMS > Add NMS Server Page Illustration Configuring Alerts/Traps in AirWave 1. Navigate to Systems > Triggers, as shown in Figure 2. 2. Select one of the built-in Alerts/Traps. 3. Click Add.
Figure 2 Configuring a Client Count Trigger Configure properties for the Alert/Trap l Thresholds for the alert (quantity and time) l Severity of alert l Distribution options l Notification Method l n Sender n Recipient n NMS – sends SNMP traps Alert Suppression Integrating W-AirWave with Centralized NMS Event Correlation | NMS Integration 3
Viewing Alerts in Various Destinations As seen on the System > Alerts page of the AirWave console: Figure 3 System > Alerts Page Illustration As seen in email from the recipient’s perspective: Figure 4 Email recipient of an alert As seen by the NMS server via a tcpdump of the actual alerts: Client Count 10:32:52.964243 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto 17, length: 284) tipi.c orp.airwave.com.38979 > airwave-openvie.
l 4 = Minor l 5 = Major l 6 = Critical 12028.4.15.1.103 contains several fields separated by colons l Object Type {Client, AirWave, Device/AP, Group) l Object Name and URL (the URL is optional, if it exist then it will be separated by a dash (-)} l Trap Description and Evaluation Elements 12028.4.15.1.104 contains device IP Address l Group Traps will contain AirWave’s IP address. Acknowledging Alerts AirWave alerts must be manually acknowledged from the System > Alert page.
awampApName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The AP Name" ::= { awamp 101 } awampGroupName OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "The Group Name" ::= { awamp 102 } awampAPEthMAC OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IEEE Unique Identifier" ::= { awamp 103 } awampAPIP OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "IP Address of the AP (Eth0)" ::=
::= { awamp 109 } awampHPOVSYSID OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Hp OpenView Object Id" ::= { awamp 110 } awampHPOVMAC1 OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "First Radio MAC on AP" ::= { awamp 111 } awampHPOVIP1 OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "First Radio IP AP" ::= { awamp 112 } awampHPOVMAC2 OBJECT-TYPE SYNTAX MacAddress MAX-ACCESS read-only STATUS current DESCRIPTION "S
MAX-ACCESS read-only STATUS current DESCRIPTION "Level 1-6" ::= { awampEventObject 102 } awampEventDescription OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Concatenated String produced from AMP." ::= { awampEventObject 103 } awampEventAPIPOld OBJECT-TYPE SYNTAX IpAddress MAX-ACCESS read-only STATUS current DESCRIPTION "Old IP of the AP when AMP changes and sends trap to HPOV.
awampEventRogueLANManufacturer OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Manufacturer of LAN of detected Rogue AP." ::= { awampEventObject 111 } awampEventRogueRadioManufacturer OBJECT-TYPE SYNTAX DisplayString MAX-ACCESS read-only STATUS current DESCRIPTION "Manufacturer of radio detected Rogue AP.
----- STATUS current DESCRIPTION "SSID to which the client is connected on rogue ap." ::= { awampEventObject 119 } ******************************************************************** * Fault Traps generated by the AMP * (1.3.6.1.4.12028.4.15.0.
awampAPIP } STATUS current DESCRIPTION "This trap is sent when there is too much BW being used on an AP for a period of time." ::= { awampEventPrefix 6 } toomuchBWClient NOTIFICATION-TYPE OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription } STATUS current DESCRIPTION "This trap is sent when there is too much BW being used by a Client for a period of time.
DESCRIPTION "This trap is sent when the AMP discovers a Rogue AP.
STATUS current DESCRIPTION "This trap is sent when a client experiences too man authentication failures." ::= { awampEventPrefix 18 } authIssueAP NOTIFICATION-TYPE OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription, awampAPIP } STATUS current DESCRIPTION "This trap is sent when an AP experiences too many authentication failures.
DESCRIPTION "This trap is sent when a QOS counter trigger fires." ::= { awampEventPrefix 24 } deviceResources NOTIFICATION-TYPE OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription } STATUS current DESCRIPTION "This trap is sent when a Device Resources trigger fires." ::= { awampEventPrefix 25 } diskUsage NOTIFICATION-TYPE OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription } STATUS current DESCRIPTION "This trap is sent when a Disk Usage trigger fires.
STATUS current DESCRIPTION "This trap is sent when a Device Event trigger fires.
awampEventDescription, awampAPIP } STATUS current DESCRIPTION "This trap is sent when a watched VPN username associates to a controller." ::= { awampEventPrefix 36 } toomuchBWVPNUser NOTIFICATION-TYPE OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription, awampAPIP } STATUS current DESCRIPTION "This trap is sent when a new VPN user connects to a controller.
awampEventDescription, awampAPIP } STATUS current DESCRIPTION "This is an internal trap designed for AML running on the NNM. It allows the AML to dynamically accept severity codes from the AMP. Because HP OpenView statically defines these in trapd.conf per trap, we are creating an internal for each severity level to work around issue.
OBJECTS { awampEventID, awampEventSeverityCode, awampEventDescription, awampAPIP } STATUS current DESCRIPTION "This is an internal trap designed for AML running on the NNM. It allows the AML to dynamically accept severity codes from the AMP. Because HP OpenView statically defines these in trapd.conf per trap, we are creating an internal for each severity level to work around issue.
and authenticated on the AMP. Also sent upon change to IP, Name, Firmware, Group Association." ::= { awampEventPrefix 200 } --- conformance information -awampConformance OBJECT IDENTIFIER ::= { awamp 2 } awampCompliances OBJECT IDENTIFIER ::= { awampConformance 1 } awampGroups OBJECT IDENTIFIER ::= { awampConformance 2 } -- compliance statements awampCompliance MODULE-COMPLIANCE STATUS current DESCRIPTION "The compliance statement for the AirWave AMP.
awampEventRogueClientMac, awampEventRogueName } STATUS current DESCRIPTION "The group of objects providing AMP events.
Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless ® Networks , the registered Aruba the Mobile Edge Company logo, and Aruba Mobility Management System®. Dell™, the DELL™ logo, and PowerConnect™ are trademarks of Dell Inc. All rights reserved. Specifications in this manual are subject to change without notice. Originated in the USA. All other trademarks are the property of their respective owners.