SNMP Simple Network Management Protocol

  Networking, SNMP

SNMP Basics 82/84 Free Video Training Course

Also ref: Configure SNMPv3 on Cisco Devices

Overview and Definitions

  • Ports:
    • 161 UDP: Server to Resource (Router, Server, Switch, etc.) communication
    • 162 UDP: Resource to Server (For Traps – Triggers that automatically announce issues)
      • Trap examples
        • interface is off
        • something is broken
      • Traps require that a polling server is defined.  They need a place to send the information.
  • OID: Object Identifiers
    • Numeric string of values as defined by ISO
      • Example: 1.2.1.6.41.8.13.7.52.2.0
        • last .0 acts like a stop bit?
      • Many of these are standardized, but many are also private
    • Each digit stands for section in the path to that object.
    • Example: 1.3.6.1.2.1

  • MIBs: Management Information Base
    • Like DNS for OIDs.
    • It is a collection of OIDs and describes them for a device
      • type of data format it is in
      • Valid ranges
      • Description of each OID value
    • Helps you determine what you are looking for.
    • You can usually download the MIBs for different vendors.
    • MIB is NOT required to retrieve data.
      • If you know the OID or can calculate it some how, the MIB is not necessary

SNMP Versions

  • Version 1
    • Obsolete
    • RFC 1157
    • Polls entire tree, not just specific OID(s)
    • Used a ‘community string’ which was basically the password
      • Read Only
        • Used to retrieve information
      • Read Write
        • Can use to set configurations
        • Not commonly used.
    • No encryption. Community string sent in clear text.
      • easily seen with wireshark.
  • Version 2c
    • Most Common
    • RFC 1901 – 1908
    • Polls single values so more efficient
    • Used same clear text community string
  • Version 3
    • RFC 2273 – 2275
    • Not fully supported on all devices
    • Secure!
      • Authentication
      • Encryption
    • Slightly more complex to setup due to authentication and encryption.

Configure the router (SNMPv2c)

Set the community string: <password> <ro/rw>

R1(config)#snmp-server community cisco ro

Set a description for the device: <Text string>

R1(config)#snmp-server location Switch Closet

Set a contact: <Text string>

R1(config)#snmp-server contact Thomas (555) 846-2330

Apply an access list: <community string> <access list>

  • This was not well defined
R1(config)#snmp-server community cisco 101

Enable traps

  • Enable the trap: <trap_name>
  • Set the host you want to send the trap to <server_ip> version <v#> <community_string>
R1(config)#snmp-server enable traps ...
R1(config)#snmp-server host 10.0.0.10 version 2c cisco

Show Commands

R1#show snmp
Chassis: FTX1219W1E9
Location: My Office
0 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
0 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
0 Get-next PDUs
0 Set-request PDUs
0 Input queue packet drops (Maximum queue size 1000)
0 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
0 Response PDUs
0 Trap PDUs
SNMP Dispatcher:
queue 0/75 (current/max), 0 dropped
SNMP Engine:
queue 0/1000 (current/max), 0 dropped

SNMP logging: disabled

Show community

R1#show snmp community
Community name: ILMI
Community Index: cisco0
Community SecurityName: ILMI
storage-type: read-only  active


Community name: cisco
Community Index: cisco1
Community SecurityName: cisco
storage-type: nonvolatile        active

 

LEAVE A COMMENT